Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
Memory usage is extremely high need PLEASE help!! Memory usage is extremely high need PLEASE help!!
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
Thread Tools
Old 01-23-2008, 05:09 PM   #1 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 11
OS: windows xp sp2 home


Memory usage is extremely high need PLEASE help!!
my pc's cpu usage is constantly 100% and program are taking up more memory than they should. Please help... here's my highjackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:31 PM, on 1/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clarkson.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pandasoftware.com/redirec...pdate&lang=eng
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [StickIt] C:\Program Files\StickIt\StickIt3.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C1B4DF9-D950-4222-A552-A0A4A3D6C89D}: NameServer = 24.92.226.11,24.92.226.12
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8189 bytes



Here is my startuplist log:

StartupList report, 1/23/2008, 8:31:30 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Justin.YOUR-0CDC4F5844\Start Menu\Programs\StartUp]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ehTray = C:\WINDOWS\ehome\ehtray.exe
hpWirelessAssistant = C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
nwiz = nwiz.exe /installquiet /nodetect
High Definition Audio Property Page Shortcut = CHDAudPropShortcut.exe
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
QPService = "C:\Program Files\HP\QuickPlay\QPService.exe"
HP Software Update = C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
(Default) =
ISUSPM Startup = "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
ISUSScheduler = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
RecGuard = C:\Windows\SMINST\RecGuard.exe
Reminder = C:\Windows\CREATOR\Remind_XP.exe
APVXDWIN = "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
!AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
HPDJ Taskbar Utility = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

updateMgr = C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
StickIt = C:\Program Files\StickIt\StickIt3.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[StickIt]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\AutoCADScriptFile\shell\open\command

(Default) = "C:\WINDOWS\system32\notepad.exe" "%1"

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job

--------------------------------------------------

Enumerating Download Program Files:

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/downlo...22/wmv9VCM.CAB

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.macromedia.com/get.../ultrashim.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoftware.com/actives...ree/asinst.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavlsp.dll
Protocol #2: C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavlsp.dll
Protocol #3: C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavlsp.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\mswsock.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\rsvpsp.dll
Protocol #8: C:\WINDOWS\system32\rsvpsp.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll
Protocol #24: C:\WINDOWS\system32\mswsock.dll
Protocol #25: C:\WINDOWS\system32\mswsock.dll
Protocol #26: C:\WINDOWS\system32\mswsock.dll
Protocol #27: C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavlsp.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 17,298 bytes
Report generated in 0.094 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Last edited by skoahiggs11 : 01-23-2008 at 05:37 PM.
skoahiggs11 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 01-27-2008, 03:48 PM   #2 (permalink)
Analyst, Security Team
 
Katana's Avatar
 
Join Date: Nov 2007
Location: Manchester, UK
Posts: 676
OS: W2K SP4 + XP SP2 + Vista


Re: Memory usage is extremely high need PLEASE help!!
Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

I apologize for the delay in responding, but as you can probably see the forums are quite busy
and sometimes a post manages to slip by us.
Unfortunately there are far more people needing help than there are helpers.


Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
__________________
Katana is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 01-27-2008, 09:24 PM   #3 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 11
OS: windows xp sp2 home


Re: Memory usage is extremely high need PLEASE help!!
A new problem has occurred, my panda anti virus and avg scanner both have errors and have stopped working... thank you for your help.. here is the combofix log:

ComboFix 08-01-23.1C - Justin 2008-01-28 0:11:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.634 [GMT -5:00]
Running from: C:\Documents and Settings\Justin.YOUR-0CDC4F5844\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Justin\Application Data\macromedia\Flash Player\#SharedObjects\J7AF2NLJ\www.broadcaster.com
C:\Documents and Settings\Justin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Justin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-28 )))))))))))))))))))))))))))))))
.

2008-01-28 00:08 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-01-28 00:08 . 2008-01-15 03:11 209 --a------ C:\Boot.bak
2008-01-28 00:06 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-27 21:13 . 2008-01-27 21:27 <DIR> d-------- C:\Program Files\Prevx2
2008-01-26 20:30 . 2008-01-26 20:31 48 --a------ C:\plug_in.ini
2008-01-26 15:14 . 2008-01-26 15:14 <DIR> d-------- C:\Program Files\ITSupremum Inc
2008-01-24 21:01 . 2008-01-24 21:02 1,331,200 --ah----- C:\list rapidshare.xls
2008-01-23 19:08 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-01-23 18:47 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\wwfqsaoacwmx.sys
2008-01-23 18:23 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-23 18:22 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\snnofnhvhygw.sys
2008-01-23 13:01 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2008-01-23 13:01 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2008-01-23 13:00 . 2008-01-23 13:00 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-01-23 12:58 . 2008-01-23 12:58 <DIR> d-------- C:\Program Files\Sony
2008-01-23 12:57 . 2008-01-23 12:57 <DIR> d-------- C:\Program Files\Sony Setup
2008-01-23 12:41 . 2008-01-23 12:59 <DIR> d-------- C:\Program Files\VstPlugins
2008-01-23 12:41 . 2002-07-07 18:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-01-23 12:40 . 2008-01-23 12:40 <DIR> d-------- C:\Program Files\Image-Line
2008-01-23 04:04 . 2008-01-23 04:12 <DIR> d--h----- C:\Exploited_Teens_-_Jada___Joey
2008-01-23 04:02 . 2008-01-23 04:02 <DIR> d--h----- C:\EXPTEECOM-CAS
2008-01-22 23:21 . 2008-01-27 21:19 <DIR> d-------- C:\Program Files\StickIt
2008-01-22 23:21 . 2000-12-06 00:00 109,248 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-01-21 22:24 . 2008-01-21 22:41 523 --a------ C:\hpfr5550.xml
2008-01-21 22:22 . 2008-01-21 22:22 <DIR> d-------- C:\Program Files\hp deskjet 5550 series
2008-01-21 22:22 . 2008-01-21 22:22 800 --a------ C:\WINDOWS\hpinfo.lnk
2008-01-21 22:13 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-21 22:13 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-21 13:16 . 2008-01-23 17:09 <DIR> d--h----- C:\aa
2008-01-20 19:22 . 2008-01-27 23:47 <DIR> d-------- C:\Program Files\GetRight
2008-01-18 18:52 . 2008-01-18 18:53 <DIR> d-------- C:\Program Files\VirtualDJ
2008-01-17 13:07 . 2008-01-17 13:07 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-16 16:17 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-16 16:17 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-16 16:17 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-16 16:17 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2008-01-16 11:28 . 2008-01-16 11:33 <DIR> d-------- C:\Program Files\AutoCAD 2008
2008-01-16 11:26 . 2008-01-23 18:19 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-01-16 11:26 . 2008-01-16 11:26 <DIR> d-------- C:\Program Files\Autodesk
2008-01-15 14:39 . 2008-01-15 14:39 <DIR> d-------- C:\Program Files\Runtimeware.com
2008-01-15 03:19 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-15 02:26 . 2008-01-15 02:26 549,376 --a------ C:\WINDOWS\system32\3C9.tmp
2008-01-15 02:15 . 2008-01-23 19:08 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-15 02:15 . 2008-01-23 18:44 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-15 02:15 . 2008-01-23 18:44 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-15 02:15 . 2008-01-23 18:44 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-14 23:04 . 2008-01-14 23:04 <DIR> d-------- C:\dj remixes
2008-01-14 13:35 . 2008-01-21 11:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-14 13:35 . 2008-01-14 13:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-11 23:33 . 2008-01-14 23:04 <DIR> d-------- C:\remixes
2008-01-10 22:14 . 2008-01-10 22:17 <DIR> d-------- C:\OtsLabs
2007-12-28 23:31 . 2007-12-28 23:31 25 --a------ C:\WINDOWS\cdplayer.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 04:35 13,880 ----a-w C:\WINDOWS\system32\drivers\COMFiltr.sys
2008-01-23 23:21 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-01-23 23:19 --------- d-----w C:\Program Files\Spyware Terminator
2008-01-22 03:21 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-16 16:27 --------- d--h--w C:\Program Files\Uninstall Information
2008-01-16 01:50 --------- d-----w C:\Program Files\Real
2008-01-15 20:33 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-01-15 08:07 260,748 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2008-01-15 08:07 260,748 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-01-15 08:07 1,224 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2008-01-15 08:07 1,224 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
2008-01-15 04:46 --------- d-----w C:\Program Files\Azureus
2008-01-14 22:27 576 ----a-w C:\WINDOWS\system32\drivers\wnmsav.dat
2007-12-26 17:00 --------- d-----w C:\Program Files\NetWaiting
2007-12-26 17:00 --------- d-----w C:\Program Files\CONEXANT
2007-12-26 16:56 --------- d-----w C:\Program Files\HP
2007-12-18 02:49 --------- d-----w C:\Program Files\America Online 9.0
2007-12-11 04:10 --------- d-----w C:\Program Files\DVDVideoSoft
2007-12-09 17:16 --------- d-----w C:\Program Files\Virtualboss
2007-12-09 05:20 --------- d-----w C:\Program Files\Common Files\ssce
2007-12-07 21:50 --------- d-----w C:\Program Files\Vixelsoft
2007-11-14 07:26 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 20:31 4,827,680 ----a-w C:\officexp-kb832332-v2-fullfile-enu.exe
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 09:55 3,065,856 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2005-09-24 15:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
Code:
<pre>
----a-w           291,928 2007-01-07 06:14:24  C:\Documents and Settings\Justin.YOUR-0CDC4F5844\My Documents\virtual dj\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1 .exe
----a-w           291,928 2007-01-07 07:14:24  C:\Documents and Settings\Justin.YOUR-0CDC4F5844\My Documents\virtual dj\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1\PictureRotation v1.1 .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 12:49 307200]
"StickIt"="C:\Program Files\StickIt\StickIt3.exe" [2007-08-01 23:02 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56 64512]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 00:58 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 23:03 36975]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 03:00 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 03:00 86016]
"nwiz"="nwiz.exe" [2006-08-18 03:00 1617920 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-01 19:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 00:01 761946]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 23:55 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 01:11 49152]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 18:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 18:30 81920]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 13:33 163840]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 18:02 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 12:23 1187840]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 11:52 643072]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.exe" [2007-07-19 15:23 455984]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-28 18:00 185896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-15 10:36 579072]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-09 19:19 188416]
"PrevxOne"="C:\Program Files\Prevx2\PXConsole.exe" [2007-10-09 14:53 1997880]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-15 03:22 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26 29696]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 11:39:30 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2005-07-28 16:28 50776 C:\Program Files\America Online 9.0\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-01-15 10:36 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 13:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2007-11-05 18:39 2778112 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-11-28 18:00 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sp_rssrv"=2 (0x2)
"sp_clamsrv"=3 (0x3)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"TPSrv"=2 (0x2)
"PSIMSVC"=2 (0x2)
"PSHost"=2 (0x2)
"PAVSRV"=2 (0x2)
"PavPrSrv"=2 (0x2)
"PAVFNSVR"=2 (0x2)
"Panda Software Controller"=2 (0x2)

R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-05-11 09:33]
R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 09:33]
R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-05-11 09:33]
R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 11:39]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-05-11 09:33]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 09:40]
R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 09:33]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-11-13 03:25]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 09:33]
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 08:44]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 07:49]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-04-24 15:43]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 18:49]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 15:39]
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []
S3 XMCNTRL;MadCatz Kernel Module;C:\WINDOWS\system32\Drivers\xmcntrl.sys [2004-11-20 07:28]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-24 02:08:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 00:14:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????d??????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-28 0:14:44
ComboFix-quarantined-files.txt 2008-01-28 05:14:42
.
2008-01-17 18:07:15 --- E O F ---



Here is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:16 AM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clarkson.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pandasoftware.com/redirec...pdate&lang=eng
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [StickIt] C:\Program Files\StickIt\StickIt3.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C1B4DF9-D950-4222-A552-A0A4A3D6C89D}: NameServer = 24.92.226.11,24.92.226.12
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PREVXAgent - Prevx - C:\Program Files\Prevx2\PXAgent.exe

--
End of file - 8024 bytes
skoahiggs11 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 01-28-2008, 04:11 AM   #4 (permalink)
Analyst, Security Team
 
Katana's Avatar
 
Join Date: Nov 2007
Location: Manchester, UK
Posts: 676
OS: W2K SP4 + XP SP2 + Vista


Re: Memory usage is extremely high need PLEASE help!!
AntiVirus
You appear to have Panda Security and AVG7
First you should know that you're actually doing more harm than good by running more than one Anti Virus program.
When you do this the programs compete for resources, and the end result is none does it's best and can cause system instability.
I recommend that you choose one that you want to keep.
The other/s I would either uninstall, or disable from startup and use as "on demand" for an occasional scan.


IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Azureus

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please note: you must NOT use this whilst we are cleaning your machine.


Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code:
    RenV::
----a-w           291,928 2007-01-07 06:14:24  C:\Documents and Settings\Justin.YOUR-0CDC4F5844\My Documents\virtual dj\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1 .exe
----a-w           291,928 2007-01-07 07:14:24  C:\Documents and Settings\Justin.YOUR-0CDC4F5844\My Documents\virtual dj\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1\PictureRotation v1.1 .exe
  • Save this as CFScript.txt and place it on your desktop.




  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Go Here http://www.kaspersky.com/kos/eng/par...avwebscan.html

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


Installed Programs
Please could you give me a list of the programs that are installed.
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.

Please post all the logs in reply


Note .... Adult websites are very good places to get infected, I would stay away from them if I were you
__________________
Katana is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 01-28-2008, 10:25 AM   #5 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 11
OS: windows xp sp2 home


Re: Memory usage is extremely high need PLEASE help!!
ok... i uninstalled panda and then did the hijack this log, the online virus scan log and the combofix log by adding CFScript.txt to it... here are the results...

Hijackthis(uninstall list) log:

Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.5
Apple Mobile Device Support
Apple Software Update
AutoCAD 2008 - English
Autodesk DWF Viewer 7
AVG 7.5
AVG Anti-Spyware 7.5
Conexant HD Audio
DivX
ESET Online Scanner
FL Studio 5
Free YouTube to Mp3 Converter version 2.4
GetRight
HijackThis 2.0.2
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912436)
hp deskjet 5550 series (Remove only)
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP Quick Launch Buttons 6.10 A2
HP QuickPlay 2.3
HP Update
HP User Guides 0031
HP Wireless Assistant 2.00 G2
iPod for Windows 2005-06-26
iTunes
J2SE Runtime Environment 5.0 Update 6
Kaspersky Online Scanner
Macromedia Flash Player 8
Macromedia Shockwave Player
Mad Catz Xbox PC Driver
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 2.0
Microsoft Money 2006
Microsoft Office Standard Edition 2003
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Works
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
NetWaiting
NVIDIA Drivers
Office 2003 Trial Assistant
Otto
Panda ActiveScan
Quicken 2006
QuickTime
RapidSeek .NET Pro 2007
RealPlayer
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Sentinel 2.0
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SonicAC3Encoder
SonicMPEGEncoder
Sony ACID Pro 6.0
Sony Media Manager 2.2
StickIt
Synaptics Pointing Device Driver
TigerGame Xbox to USB Controller Version 2.01
TourSetup
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911164)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Viewpoint Media Player
Virtual DJ - Atomix Productions
VirtualBoss
Vixelsoft Imaging Express Version 1.4
Vongo
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890546
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB915381
Wireless Home Network Setup

Combofix log:

ComboFix 08-01-23.1C - Justin 2008-01-28 10:15:50.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.603 [GMT -5:00]
Running from: C:\Documents and Settings\Justin.YOUR-0CDC4F5844\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Justin.YOUR-0CDC4F5844\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-28 )))))))))))))))))))))))))))))))
.

2008-01-28 10:13 . 2008-01-28 10:13 0 --a------ C:\WINDOWS\RAVTC.TMP
2008-01-28 10:11 . 2008-01-28 10:11 0 --------- C:\WINDOWS\PAVSHRB.INI
2008-01-28 01:33 . 2008-01-28 03:13 <DIR> d-------- C:\mp
2008-01-28 00:47 . 2008-01-28 01:59 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-28 00:08 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-01-28 00:08 . 2008-01-15 03:11 209 --a------ C:\Boot.bak
2008-01-28 00:06 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-27 21:13 . 2008-01-27 21:27 <DIR> d-------- C:\Program Files\Prevx2
2008-01-26 20:30 . 2008-01-26 20:31 48 --a------ C:\plug_in.ini
2008-01-26 15:14 . 2008-01-26 15:14 <DIR> d-------- C:\Program Files\ITSupremum Inc
2008-01-24 21:01 . 2008-01-24 21:02 1,331,200 --ah----- C:\list rapidshare.xls
2008-01-23 19:08 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-01-23 18:47 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\wwfqsaoacwmx.sys
2008-01-23 18:23 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-23 18:22 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\snnofnhvhygw.sys
2008-01-23 13:01 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2008-01-23 13:01 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2008-01-23 13:00 . 2008-01-23 13:00 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-01-23 12:58 . 2008-01-23 12:58 <DIR> d-------- C:\Program Files\Sony
2008-01-23 12:57 . 2008-01-23 12:57 <DIR> d-------- C:\Program Files\Sony Setup
2008-01-23 12:41 . 2008-01-23 12:59 <DIR> d-------- C:\Program Files\VstPlugins
2008-01-23 12:41 . 2002-07-07 18:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-01-23 12:40 . 2008-01-23 12:40 <DIR> d-------- C:\Program Files\Image-Line
2008-01-22 23:21 . 2008-01-27 21:19 <DIR> d-------- C:\Program Files\StickIt
2008-01-22 23:21 . 2000-12-06 00:00 109,248 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-01-21 22:24 . 2008-01-21 22:41 523 --a------ C:\hpfr5550.xml
2008-01-21 22:22 . 2008-01-21 22:22 <DIR> d-------- C:\Program Files\hp deskjet 5550 series
2008-01-21 22:22 . 2008-01-21 22:22 800 --a------ C:\WINDOWS\hpinfo.lnk
2008-01-21 22:13 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-21 22:13 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-20 19:22 . 2008-01-28 02:09 <DIR> d-------- C:\Program Files\GetRight
2008-01-18 18:52 . 2008-01-18 18:53 <DIR> d-------- C:\Program Files\VirtualDJ
2008-01-17 13:07 . 2008-01-17 13:07 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-16 16:17 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-16 16:17 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-16 16:17 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-16 16:17 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2008-01-16 11:28 . 2008-01-16 11:33 <DIR> d-------- C:\Program Files\AutoCAD 2008
2008-01-16 11:26 . 2008-01-23 18:19 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-01-16 11:26 . 2008-01-16 11:26 <DIR> d-------- C:\Program Files\Autodesk
2008-01-15 14:39 . 2008-01-15 14:39 <DIR> d-------- C:\Program Files\Runtimeware.com
2008-01-15 03:19 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-15 02:26 . 2008-01-15 02:26 549,376 --a------ C:\WINDOWS\system32\3C9.tmp
2008-01-15 02:15 . 2008-01-23 19:08 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-15 02:15 . 2008-01-23 18:44 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-15 02:15 . 2008-01-23 18:44 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-15 02:15 . 2008-01-23 18:44 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-14 23:04 . 2008-01-14 23:04 <DIR> d-------- C:\dj remixes
2008-01-14 13:35 . 2008-01-21 11:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-14 13:35 . 2008-01-14 13:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-11 23:33 . 2008-01-14 23:04 <DIR> d-------- C:\remixes
2008-01-10 22:14 . 2008-01-10 22:17 <DIR> d-------- C:\OtsLabs
2007-12-28 23:31 . 2007-12-28 23:31 25 --a------ C:\WINDOWS\cdplayer.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 06:05 --------- d-----w C:\Program Files\Project64 1.6
2008-01-23 23:21 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-01-23 23:19 --------- d-----w C:\Program Files\Spyware Terminator
2008-01-22 03:21 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-16 16:27 --------- d--h--w C:\Program Files\Uninstall Information
2008-01-16 01:50 --------- d-----w C:\Program Files\Real
2008-01-15 20:33 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-01-15 08:07 260,748 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2008-01-15 08:07 1,224 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2008-01-15 04:46 --------- d-----w C:\Program Files\Azureus
2008-01-14 22:27 576 ----a-w C:\WINDOWS\system32\drivers\wnmsav.dat
2007-12-26 17:00 --------- d-----w C:\Program Files\NetWaiting
2007-12-26 17:00 --------- d-----w C:\Program Files\CONEXANT
2007-12-26 16:56 --------- d-----w C:\Program Files\HP
2007-12-18 02:49 --------- d-----w C:\Program Files\America Online 9.0
2007-12-11 04:10 --------- d-----w C:\Program Files\DVDVideoSoft
2007-12-09 17:16 --------- d-----w C:\Program Files\Virtualboss
2007-12-09 05:20 --------- d-----w C:\Program Files\Common Files\ssce
2007-12-07 21:50 --------- d-----w C:\Program Files\Vixelsoft
2007-11-14 07:26 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 20:31 4,827,680 ----a-w C:\officexp-kb832332-v2-fullfile-enu.exe
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 09:55 3,065,856 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2005-09-24 15:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-28_ 0.14.28.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-28 05:07:21 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-28 15:15:44 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-28 05:07:21 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-28 15:15:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-28 05:07:21 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-28 15:15:44 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-28 05:07:21 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-28 15:15:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-28 05:07:22 5,246,976 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-28 15:15:44 5,246,976 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-28 05:07:22 389,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-28 15:15:44 389,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2007-07-27 20:49:02 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
+ 2007-07-27 20:49:02 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
+ 2005-12-06 01:25:22 139,264 ----a-w C:\WINDOWS\system32\lnod32umc.dll
+ 2005-12-05 18:37:10 106,496 ----a-w C:\WINDOWS\system32\lnod32upd.dll
+ 2007-08-02 23:11:28 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
+ 2007-08-02 23:11:14 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
+ 2007-08-08 21:30:12 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
+ 2007-06-13 16:10:34 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 12:49 307200]
"StickIt"="C:\Program Files\StickIt\StickIt3.exe" [2007-08-01 23:02 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56 64512]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 00:58 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 23:03 36975]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 03:00 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 03:00 86016]
"nwiz"="nwiz.exe" [2006-08-18 03:00 1617920 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-01 19:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 00:01 761946]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 23:55 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 01:11 49152]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 18:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 18:30 81920]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 13:33 163840]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 18:02 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 12:23 1187840]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 11:52 643072]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-28 18:00 185896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-15 10:36 579072]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-09 19:19 188416]
"PrevxOne"="C:\Program Files\Prevx2\PXConsole.exe" [2007-10-09 14:53 1997880]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-15 03:22 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26 29696]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 11:39:30 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2005-07-28 16:28 50776 C:\Program Files\America Online 9.0\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-01-15 10:36 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 13:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2007-11-05 18:39 2778112 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-11-28 18:00 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sp_rssrv"=2 (0x2)
"sp_clamsrv"=3 (0x3)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"TPSrv"=2 (0x2)
"PSIMSVC"=2 (0x2)
"PSHost"=2 (0x2)
"PAVSRV"=2 (0x2)
"PavPrSrv"=2 (0x2)
"PAVFNSVR"=2 (0x2)
"Panda Software Controller"=2 (0x2)

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys []
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-11-13 03:25]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys []
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 18:49]
R4 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys []
R4 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS []
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 15:39]
S3 XMCNTRL;MadCatz Kernel Module;C:\WINDOWS\system32\Drivers\xmcntrl.sys [2004-11-20 07:28]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-24 02:08:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 10:18:27
Windows 5.1.2600 Service Pack 2 NTFS

s