[Here's Another One[RESOLVED]]

Never mind, figured it out.

Thanks.

[Here's Another One[RESOLVED]]

Hey gang, I'm back with another one. I'm cleaning a friends computer and there's multiple users on this system. I cleaned as much as I can and 1 user's profile works great but another one's internet is slow.

It doesn't make sense to me so I did a HJT log.

Logfile of HijackThis v1.99.1

Scan saved at 7:16:32 PM, on 11/20/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\lexpps.exe

C:\Program Files\Microsoft Location Finder\LocationFinder.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Sympatico Starter Kit\bin\confsvr.exe

C:\Program Files\Sympatico Starter Kit\bin\gbConMon.exe

C:\Program Files\Sympatico Starter Kit\bin\gbTask.exe

C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll (file missing)

O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dll

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\RunServices: [Gearbox Deferal Check] C:\Program Files\Sympatico Starter Kit\bin\gbdefer.exe

O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Antivirus] C:\Program Files\MS Antivirus\MSA.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dll/search.htm

O8 - Extra context menu item: &Search - ?p=ZKxdm098YYCA

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/v/8.1.7.44/applet/om...omaha-en_US.cab

O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/v/9.1.1.8/applet/aces/aces-en_US.cab

O16 - DPF: Addiction by pogo - http://game3.pogo.com/v/9.0.9.8/applet/add...ction-en_US.cab

O16 - DPF: Alibaba Slots - http://game3.pogo.com/v/9.1.1.20/applet/al...ibaba-en_US.cab

O16 - DPF: Bingo Luau by pogo - http://game1.pogo.com/v/8.1.0.30/applet/fr...bingo-en_US.cab

O16 - DPF: Blackjack by pogo - http://game3.pogo.com/v/9.0.9.8/applet/bla...kjack-en_US.cab

O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.com/v/8.1.1.1/applet/vbj...jack2-en_US.cab

O16 - DPF: Bowling by pogo - http://game1.pogo.com/v/8.1.2.14/applet/bo...wling-en_US.cab

O16 - DPF: Canasta by pogo - http://game1.pogo.com/v/8.1.7.44/applet/ca...nasta-en_US.cab

O16 - DPF: Dice City Roller by pogo - http://game3.pogo.com/v/9.0.9.8/applet/ytz/ytz-en_US.cab

O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/v/8.1.4.1/applet/che...dflag-en_US.cab

O16 - DPF: Dominoes v2 by pogo - http://game3.pogo.com/v/9.0.1.14/applet/do...mino2-en_US.cab

O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/v/8.1.1.1/applet/vid...deuce-en_US.cab

O16 - DPF: Euchre by pogo - http://game3.pogo.com/v/9.1.1.1/applet/euc...uchre-en_US.cab

O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/v/9.1.1.8/applet/fir...lass2-en_US.cab

O16 - DPF: Fortune Bingo by pogo - http://game3.pogo.com/v/9.1.1.1/applet/sup...bingo-en_US.cab

O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/v/8.1.1.1/applet/har...rvest-en_US.cab

O16 - DPF: Hearts by pogo - http://game3.pogo.com/v/8.1.7.44/applet/he...earts-en_US.cab

O16 - DPF: High Stakes Poker by pogo - http://game3.pogo.com/v/8.1.6.3/applet/dra...poker-en_US.cab

O16 - DPF: Hog Heaven Slots by pogo - http://game3.pogo.com/v/9.1.4.5/applet/fancy/fancy-en_US.cab

O16 - DPF: Jokers Wild Poker by pogo - http://game3.pogo.com/v/9.1.3.19/applet/vi...swild-en_US.cab

O16 - DPF: Jungle Gin by pogo - http://game3.pogo.com/v/9.1.1.1/applet/gin2/gin2-en_US.cab

O16 - DPF: Lost Temple Poker by pogo - http://game3.pogo.com/v/9.1.4.5/applet/mhp...poker-en_US.cab

O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-8.0.8.30/lott...ottso-en_US.cab

O16 - DPF: Mah Jong Garden by pogo - http://game3.pogo.com/v/9.1.4.5/applet/mah...jong2-en_US.cab

O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/v/8.1.7.44/applet/sh...shoes-en_US.cab

O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/v/8.1.1.1/applet/pai...aigow-en_US.cab

O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/v/8.1.1.1/applet/wat...wheel-en_US.cab

O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-8.0.9.41/flin...inger-en_US.cab

O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-8.0.8.30/popfu/popfu-en_US.cab

O16 - DPF: Poppit by pogo - http://game3.pogo.com/v/9.1.3.19/applet/po...ppit2-en_US.cab

O16 - DPF: Quick Quack by pogo - http://game3.pogo.com/v/9.1.1.8/applet/hot...treak-en_US.cab

O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-8.0.8.30/puck/puck-en_US.cab

O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-8.0.8.30/spid...pider-en_US.cab

O16 - DPF: Squelchies by pogo - http://game3.pogo.com/v/9.1.1.1/applet/squ...chies-en_US.cab

O16 - DPF: Sweet Tooth 2 by Pogo - http://game1.pogo.com/v/8.1.6.21/applet/sw...ooth2-en_US.cab

O16 - DPF: Texas Hold'em Poker by pogo - http://game3.pogo.com/v/9.1.5.8/applet/hol...oldem-en_US.cab

O16 - DPF: Thousand Island Solitaire by pogo - http://game3.pogo.com/v/9.1.1.8/applet/mil...lbrae-en_US.cab

O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.com/v/9.1.1.1/applet/peaks/peaks-en_US.cab

O16 - DPF: Turbo 21 v2 by pogo - http://game3.pogo.com/v/9.1.1.8/applet/tur...rbo22-en_US.cab

O16 - DPF: Vaults of Atlantis Slots by pogo - http://game3.pogo.com/v/9.1.1.1/applet/mls...slots-en_US.cab

O16 - DPF: Video Poker by pogo - http://game1.pogo.com/v/8.1.1.1/applet/vid...poker-en_US.cab

O16 - DPF: Wonderland Memories by pogo - http://game3.pogo.com/v/9.0.8.20/applet/me...ories-en_US.cab

O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/v/8.1.8.23/applet/wo...earch-en_US.cab

O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/v/8.1.7.44/applet/wh...kdown-en_US.cab

O16 - DPF: World Class Solitaire by pogo - http://game3.pogo.com/v/9.0.8.20/applet/wo...class-en_US.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v45/bejeweled/bejeweled.cab

O16 - DPF: {76716694-EADA-4810-8C3B-4826328A317F} (SmartCouponPrinter Control) - http://content.dll1.com/Connectus/SmartCou...ter20080208.cab

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

[Meanwhile............[RESOLVED]]

Thank you!

[Meanwhile............[RESOLVED]]

Monday, September 22, 2008

Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Sunday, September 21, 2008 17:55:35

Records in database: 1248303

Scan settings

Scan using the following database extended

Scan archives yes

Scan mail databases yes

Scan area My Computer

A:\

C:\

D:\

E:\

Scan statistics

Files scanned 167495

Threat name 0

Infected objects 0

Suspicious objects 0

Duration of the scan 04:56:35

No malware has been detected. The scan area is clean.

The selected area was scanned.

[Meanwhile............[RESOLVED]]

Here it is again.

ComboFix 08-09-16.05 - Owner 2008-09-19 0:05:08.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.159 [GMT -4:00]

Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\iuujefha.dll

C:\WINDOWS\system32\mgwlun.dll

C:\WINDOWS\system32\qdoahcie.dll

C:\WINDOWS\system32\qsxjef.dll

.

((((((((((((((((((((((((( Files Created from 2008-08-19 to 2008-09-19 )))))))))))))))))))))))))))))))

.

2100-02-16 16:09 . 2001-02-16 15:37 62 --a------ C:\WINDOWS\system32\LXBOUSCI.INI

2008-09-18 22:10 . 2008-09-18 22:10 <DIR> d-------- C:\_OTMoveIt

2008-09-08 08:23 . 2008-09-08 08:23 <DIR> d-------- C:\Program Files\HGTV Landscapes Screensaver

2008-09-05 07:57 . 2008-09-05 07:57 <DIR> d-------- C:\Live! Cam

2008-09-01 20:47 . 2008-09-01 20:48 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\muvee Technologies

2008-09-01 20:41 . 2008-09-01 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative

2008-09-01 20:34 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd

2008-09-01 20:32 . 2007-06-14 09:52 90,112 --a------ C:\WINDOWS\CtDrvIns.exe

2008-09-01 20:32 . 2007-03-02 14:30 670 -ra------ C:\WINDOWS\CtDrvIns.exe.manifest

2008-09-01 20:31 . 2008-04-13 20:12 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2008-09-01 20:31 . 2008-04-13 20:12 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll

2008-09-01 20:31 . 2005-07-07 01:07 36,864 --a------ C:\WINDOWS\system32\CtCamMgr.dll

2008-09-01 20:31 . 2007-03-28 01:01 20,480 --a------ C:\WINDOWS\system32\V0350Srv.exe

2008-09-01 20:30 . 2006-08-30 07:10 158,456 --a------ C:\WINDOWS\system32\pxwma.dll

2008-09-01 20:30 . 2006-08-30 07:10 36,528 --a------ C:\WINDOWS\system32\drivers\PxHelp20.sys

2008-09-01 20:30 . 2006-08-30 07:10 2,560 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-09-01 20:30 . 2006-08-30 07:10 2,432 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-09-01 20:29 . 2008-09-01 20:29 <DIR> d-------- C:\Program Files\muvee Technologies

2008-09-01 20:29 . 2008-09-01 20:29 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies

2008-09-01 20:28 . 2008-09-01 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies

2008-09-01 20:28 . 2008-04-13 14:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2008-09-01 20:28 . 2008-04-13 14:45 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys

2008-09-01 20:27 . 2008-04-13 14:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-09-01 20:27 . 2008-04-13 14:45 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-09-01 20:26 . 2008-09-01 20:26 <DIR> d-------- C:\Program Files\SightSpeed

2008-09-01 20:21 . 2006-08-29 04:11 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-19 01:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-09-16 22:02 --------- d-----w C:\Program Files\SpywareBlaster

2008-09-16 12:30 --------- d-----w C:\Program Files\a-squared Free

2008-09-13 02:49 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2008-09-10 12:42 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire

2008-09-08 14:58 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-07 16:24 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer

2008-09-07 11:08 --------- d-----w C:\Program Files\Apple Software Update

2008-09-05 12:01 --------- d-----w C:\Program Files\Creative

2008-09-02 00:43 --------- d-----w C:\Documents and Settings\Owner\Application Data\Creative

2008-08-29 23:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-08-29 19:57 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-08-21 08:52 3,299,840 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-08-21 06:19 425,984 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll

2008-08-21 06:18 314,880 ----a-w C:\WINDOWS\system32\ati2dvag.dll

2008-08-21 06:08 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll

2008-08-21 06:08 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll

2008-08-21 06:07 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll

2008-08-21 06:07 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe

2008-08-21 06:07 143,360 ----a-w C:\WINDOWS\system32\ati2evxx.dll

2008-08-21 06:05 573,440 ----a-w C:\WINDOWS\system32\ati2evxx.exe

2008-08-21 06:04 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL

2008-08-21 06:01 10,084,352 ----a-w C:\WINDOWS\system32\atioglxx.dll

2008-08-21 05:55 4,094,560 ----a-w C:\WINDOWS\system32\ati3duag.dll

2008-08-21 05:50 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll

2008-08-21 05:38 2,377,856 ----a-w C:\WINDOWS\system32\ativvaxx.dll

2008-08-21 05:23 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll

2008-08-21 05:19 380,928 ----a-w C:\WINDOWS\system32\atikvmag.dll

2008-08-21 05:18 37,376 ----a-w C:\WINDOWS\system32\atiadlxx.dll

2008-08-21 05:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll

2008-08-21 05:17 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll

2008-08-21 05:17 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll

2008-08-21 05:11 561,152 ----a-w C:\WINDOWS\system32\ati2cqag.dll

2008-08-19 07:01 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-15 04:22 --------- d-----w C:\Documents and Settings\Owner\Application Data\Windows Search

2008-08-15 02:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Windows Desktop Search

2008-08-15 02:35 --------- d-----w C:\Program Files\Windows Desktop Search

2008-08-12 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-08-06 13:11 --------- d-----w C:\Program Files\Java

2008-08-06 01:14 90,112 ----a-w C:\WINDOWS\system32\ATIBRTMON.EXE

2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-04 13:24 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-07-04 07:48 9,490,432 ----a-w C:\WINDOWS\system32\atioglx2.dll

2008-06-24 22:12 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll

2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll

2007-06-11 22:15 50 --sh--r C:\Program Files\Common Files\desSktop.ini

2007-01-16 03:07 299 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb1942.dat

2006-06-03 00:17 167,064 ----a-w C:\Program Files\custom.dat

2006-06-03 00:17 0 -c--a-w C:\Program Files\landgen.log

2006-06-02 23:50 0 -c--a-w C:\Program Files\rew2.log

2006-02-07 22:15 774,144 ----a-w C:\Program Files\RngInterstitial.dll

2005-02-05 22:51 1,638 ----a-w C:\Program Files\INSTALL.LOG

2005-01-25 14:05 512,103 ----a-w C:\Program Files\StarterSetup.exe

2004-10-27 21:43 249,608 ----a-w C:\Program Files\Uninst.isu

2002-06-04 10:06 65,536 ------w C:\WINDOWS\inf\copyinf.exe

1999-05-26 16:23 70,541 -c--a-w C:\Program Files\readme.rtf

1999-05-26 16:23 3,265,024 ----a-w C:\Program Files\wa.exe

1999-04-26 18:29 83,456 ------r C:\Program Files\DirectX2D.dll

1999-04-26 18:28 240,128 ------r C:\Program Files\DXMfc.dll

1999-04-26 18:28 10,240 ------r C:\Program Files\DirectSound.dll

1999-03-31 17:00 2,257,920 ------w C:\Program Files\HSBRCiv.exe

1999-03-29 17:48 34,304 ------r C:\Program Files\lfbmp10N.dll

1999-03-29 17:48 31,744 ------r C:\Program Files\lflmb10N.dll

1999-03-29 17:48 297,984 ------r C:\Program Files\ltkrn10N.dll

1999-03-29 17:48 27,648 ------r C:\Program Files\lftga10N.dll

1999-03-29 17:48 269,312 ------r C:\Program Files\LFCMP10N.DLL

1999-03-29 17:48 105,472 ------r C:\Program Files\ltfil10N.DLL

1999-01-09 16:42 132,608 ------r C:\Program Files\Landgen.exe

1998-12-23 14:06 9,304 ------r C:\Program Files\thm01309.dat

1998-12-23 14:06 9,304 ------r C:\Program Files\thm01308.dat

1998-12-23 14:06 9,304 ------r C:\Program Files\thm01307.dat

1998-12-23 14:06 9,304 ------r C:\Program Files\thm01306.dat

1998-12-23 14:06 9,304 ------r C:\Program Files\thm01305.dat

1998-12-23 14:06 9,304 ------r C:\Program Files\thm01304.dat

1998-12-23 14:06 9,304 ------r C:\Program Files\thm01303.dat

1998-12-23 14:06 9,304 ------r C:\Program Files\thm01302.dat

1998-05-12 00:01 954,128 ------r C:\Program Files\MFC42.DLL

1998-05-12 00:01 280,576 ------r C:\Program Files\MSVCRT.DLL

2008-06-14 07:09 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

2008-06-14 07:09 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

2008-06-14 07:08 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061420080615\index.dat

2008-06-14 07:09 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-07 61440]

"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 143360]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-08-01 81920]

"Lexmark X84-X85 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe" [2003-01-08 40960]

"Lexmark X84-X85 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 53248]

"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-18 36864]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-29 1235736]

"V0350Mon.exe"="C:\WINDOWS\V0350Mon.exe" [2007-08-23 28672]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\

SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 360448]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\rtcshare.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=

.

Contents of the 'Scheduled Tasks' folder

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-19 00:13:46

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-09-19 0:29:52

ComboFix-quarantined-files.txt 2008-09-19 04:29:38

ComboFix2.txt 2008-09-19 03:27:06

ComboFix3.txt 2008-09-19 00:58:06

Pre-Run: 7,632,138,240 bytes free

Post-Run: 7,614,627,840 bytes free

200 --- E O F --- 2008-09-10 07:07:00

Logfile of HijackThis v1.99.1

Scan saved at 00:36, on 2008-09-19

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe

C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\V0350Mon.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nbc.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe

O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: RaptisoftGameLoader - http://www.arcadetown.com/swf/hamsterball/...tgameloader.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/pi...st_uploader.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash...h2.1.0.0.67.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171635541706

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171647865140

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) -

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab

O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...upv2.0.0.10.cab?

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15105/CTPID.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

[Meanwhile............[RESOLVED]]

There's no log there because it didn't finish.

Anyway, I tried ComboFix again and it worked. Here's the log along with a new HJT.

ComboFix 08-09-16.05 - Owner 2008-09-18 22:55:12.2 - NTFSx86

Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\wDeeKkkj.ini

C:\WINDOWS\system32\wDeeKkkj.ini2

.

((((((((((((((((((((((((( Files Created from 2008-08-19 to 2008-09-19 )))))))))))))))))))))))))))))))

.

2100-02-16 16:09 . 2001-02-16 15:37 62 --a------ C:\WINDOWS\system32\LXBOUSCI.INI

2008-09-18 22:10 . 2008-09-18 22:10 <DIR> d-------- C:\_OTMoveIt

2008-09-18 21:03 . 2008-09-18 21:03 137,344 --a------ C:\WINDOWS\system32\qdoahcie.dll

2008-09-18 21:03 . 2008-09-18 21:03 137,344 --a------ C:\WINDOWS\system32\mgwlun.dll

2008-09-18 21:01 . 2008-09-18 21:01 137,344 --a------ C:\WINDOWS\system32\qsxjef.dll

2008-09-18 21:01 . 2008-09-18 21:01 137,344 --a------ C:\WINDOWS\system32\iuujefha.dll

2008-09-08 08:23 . 2008-09-08 08:23 <DIR> d-------- C:\Program Files\HGTV Landscapes Screensaver

2008-09-05 07:57 . 2008-09-05 07:57 <DIR> d-------- C:\Live! Cam

2008-09-01 20:47 . 2008-09-01 20:48 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\muvee Technologies

2008-09-01 20:41 . 2008-09-01 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative

2008-09-01 20:34 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd

2008-09-01 20:32 . 2007-06-14 09:52 90,112 --a------ C:\WINDOWS\CtDrvIns.exe

2008-09-01 20:32 . 2007-03-02 14:30 670 -ra------ C:\WINDOWS\CtDrvIns.exe.manifest

2008-09-01 20:31 . 2008-04-13 20:12 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2008-09-01 20:31 . 2008-04-13 20:12 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll

2008-09-01 20:31 . 2005-07-07 01:07 36,864 --a------ C:\WINDOWS\system32\CtCamMgr.dll

2008-09-01 20:31 . 2007-03-28 01:01 20,480 --a------ C:\WINDOWS\system32\V0350Srv.exe

2008-09-01 20:30 . 2006-08-30 07:10 158,456 --a------ C:\WINDOWS\system32\pxwma.dll

2008-09-01 20:30 . 2006-08-30 07:10 36,528 --a------ C:\WINDOWS\system32\drivers\PxHelp20.sys

2008-09-01 20:30 . 2006-08-30 07:10 2,560 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-09-01 20:30 . 2006-08-30 07:10 2,432 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-09-01 20:29 . 2008-09-01 20:29 <DIR> d-------- C:\Program Files\muvee Technologies

2008-09-01 20:29 . 2008-09-01 20:29 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies

2008-09-01 20:28 . 2008-09-01 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies

2008-09-01 20:28 . 2008-04-13 14:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2008-09-01 20:28 . 2008-04-13 14:45 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys

2008-09-01 20:27 . 2008-04-13 14:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-09-01 20:27 . 2008-04-13 14:45 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-09-01 20:26 . 2008-09-01 20:26 <DIR> d-------- C:\Program Files\SightSpeed

2008-09-01 20:21 . 2006-08-29 04:11 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-19 01:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-09-16 22:02 --------- d-----w C:\Program Files\SpywareBlaster

2008-09-16 12:30 --------- d-----w C:\Program Files\a-squared Free

2008-09-10 12:42 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire

2008-09-08 14:58 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-07 16:24 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer

2008-09-07 11:08 --------- d-----w C:\Program Files\Apple Software Update

2008-09-05 12:01 --------- d-----w C:\Program Files\Creative

2008-09-02 00:43 --------- d-----w C:\Documents and Settings\Owner\Application Data\Creative

2008-08-29 23:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-08-29 19:57 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-08-21 08:52 3,299,840 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-08-21 05:17 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll

2008-08-19 07:01 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-15 04:22 --------- d-----w C:\Documents and Settings\Owner\Application Data\Windows Search

2008-08-15 02:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Windows Desktop Search

2008-08-15 02:35 --------- d-----w C:\Program Files\Windows Desktop Search

2008-08-12 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-08-06 13:11 --------- d-----w C:\Program Files\Java

2007-06-11 22:15 50 --sh--r C:\Program Files\Common Files\desSktop.ini

2007-01-16 03:07 299 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb1942.dat

2006-06-03 00:17 167,064 ----a-w C:\Program Files\custom.dat

2006-06-03 00:17 0 -c--a-w C:\Program Files\landgen.log

2006-06-02 23:50 0 -c--a-w C:\Program Files\rew2.log

2006-02-07 22:15 774,144 ----a-w C:\Program Files\RngInterstitial.dll

2005-02-05 22:51 1,638 ----a-w C:\Program Files\INSTALL.LOG

2005-01-25 14:05 512,103 ----a-w C:\Program Files\StarterSetup.exe

2004-10-27 21:43 249,608 ----a-w C:\Program Files\Uninst.isu

1999-05-26 16:23 70,541 -c--a-w C:\Program Files\readme.rtf

1999-05-26 16:23 3,265,024 ----a-w C:\Program Files\wa.exe

1999-04-26 18:29 83,456 ------r C:\Program Files\DirectX2D.dll

1999-04-26 18:28 240,128 ------r C:\Program Files\DXMfc.dll

1999-04-26 18:28 10,240 ------r C:\Program Files\DirectSound.dll

1999-03-31 17:00 2,257,920 ------w C:\Program Files\HSBRCiv.exe

1999-03-29 17:48 34,304 ------r C:\Program Files\lfbmp10N.dll

1999-03-29 17:48 31,744 ------r C:\Program Files\lflmb10N.dll

1999-03-29 17:48 297,984 ------r C:\Program Files\ltkrn10N.dll

1999-03-29 17:48 27,648 ------r C:\Program Files\lftga10N.dll

1999-03-29 17:48 269,312 ------r C:\Program Files\LFCMP10N.DLL

1999-03-29 17:48 105,472 ------r C:\Program Files\ltfil10N.DLL

1999-01-09 16:42 132,608 ------r C:\Program Files\Landgen.exe

1998-12-23 14:06 9,304 ------r C:\Program Files\thm01309.dat

1998-12-23 14:06 9,304 ------r C:\Program Files\thm01308.dat

1998-12-23 14:06 9,304 ------r C:\Program Files\thm01307.dat

1998-12-23 14:06 9,304 ------r C:\Program Files\thm01306.dat

1998-12-23 14:06 9,304 ------r C:\Program Files\thm01305.dat

1998-12-23 14:06 9,304 ------r C:\Program Files\thm01304.dat

1998-12-23 14:06 9,304 ------r C:\Program Files\thm01303.dat

1998-12-23 14:06 9,304 ------r C:\Program Files\thm01302.dat

1998-05-12 00:01 954,128 ------r C:\Program Files\MFC42.DLL

1998-05-12 00:01 280,576 ------r C:\Program Files\MSVCRT.DLL

2008-06-14 07:09 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

2008-06-14 07:09 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

2008-06-14 07:08 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061420080615\index.dat

2008-06-14 07:09 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-07 61440]

"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 143360]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-08-01 81920]

"Lexmark X84-X85 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe" [2003-01-08 40960]

"Lexmark X84-X85 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 53248]

"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-18 36864]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-29 1235736]

"V0350Mon.exe"="C:\WINDOWS\V0350Mon.exe" [2007-08-23 28672]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\

SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 360448]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll xppqrf.dll mgwlun.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\rtcshare.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 97928]

R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 76040]

R3 VF0350Afx;VF0350 Audio FX;C:\WINDOWS\system32\Drivers\V0350Afx.sys [2007-06-11 142656]

R3 VF0350Vfx;VF0350 Video FX;C:\WINDOWS\system32\DRIVERS\V0350VFx.sys [2007-03-05 7424]

R3 VF0350Vid;Live! Cam Video Chat (VF0350);C:\WINDOWS\system32\DRIVERS\V0350Vid.sys [2007-08-29 170368]

S3 gkmixern;gkmixern;C:\DOCUME~1\Owner\LOCALS~1\Temp\gkmixern.sys [ ]

S3 msCMTSrvc;Content Monitoring Tool;C:\WINDOWS\system32\msCMTSrvc.exe [ ]

S3 PCDRDRV;Pcdr Helper Driver;C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [ ]

.

Contents of the 'Scheduled Tasks' folder

.

- - - - ORPHANS REMOVED - - - -

BHO-{A245C37E-79E3-46C6-AB8A-60FBCB516B9C} - C:\WINDOWS\system32\jkkKeeDw.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-18 23:09:19

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTSVCCDA.EXE

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\searchindexer.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\WINDOWS\system32\searchprotocolhost.exe

C:\WINDOWS\system32\searchfilterhost.exe

.

**************************************************************************

.

Completion time: 2008-09-18 23:27:00 - machine was rebooted

ComboFix-quarantined-files.txt 2008-09-19 03:26:43

ComboFix2.txt 2008-09-19 00:58:06

Pre-Run: 7,667,306,496 bytes free

Post-Run: 7,651,119,104 bytes free

193 --- E O F --- 2008-09-10 07:07:00

Logfile of HijackThis v1.99.1

Scan saved at 23:30, on 2008-09-18

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\fxssvc.exe

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe

C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\V0350Mon.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nbc.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe

O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: RaptisoftGameLoader - http://www.arcadetown.com/swf/hamsterball/...tgameloader.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/pi...st_uploader.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash...h2.1.0.0.67.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171635541706

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171647865140

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) -

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab

O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...upv2.0.0.10.cab?

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15105/CTPID.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll xppqrf.dll mgwlun.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

[Meanwhile............[RESOLVED]]

That program hung on [emptytemp] and after a few minutes didn't respond. Up to that point everything was successful.

I had to do a hard shutdown. I couldn't copy the results.

[Meanwhile............[RESOLVED]]

The program didn't run

[Meanwhile............[RESOLVED]]

Here's a new HJT log

Logfile of HijackThis v1.99.1

Scan saved at 21:09, on 2008-09-18

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\fxssvc.exe

C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe

C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\V0350Mon.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\AVG\AVG8\avgrsx.exe

C:\Program Files\AVG\AVG8\avgrsx.exe

C:\Program Files\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\explorer.exe

C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nbc.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe

O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: RaptisoftGameLoader - http://www.arcadetown.com/swf/hamsterball/...tgameloader.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/pi...st_uploader.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash...h2.1.0.0.67.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171635541706

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171647865140

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) -

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab

O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...upv2.0.0.10.cab?

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15105/CTPID.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll xppqrf.dll mgwlun.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

[Meanwhile............[RESOLVED]]

Here's the ComboFix log

ComboFix 08-09-16.05 - Owner 2008-09-18 19:27:01.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.179 [GMT -4:00]

Running from: C:\Documents and Settings\Owner\desktop\ComboFix.exe

Command switches used :: /KillAll

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\PCHealthCenter\0.exe

C:\Program Files\PCHealthCenter\2.gif

C:\Program Files\PCHealthCenter\3.gif

C:\Program Files\PCHealthCenter\sc.html

C:\WINDOWS\system32\actskn43.ocx

C:\WINDOWS\system32\buhdkcfe.ini

C:\WINDOWS\system32\dbtmgeqw.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\MSINET.oca

C:\WINDOWS\system32\uryslccw.ini

C:\WINDOWS\system32\vcyajtyo.dll

C:\WINDOWS\system32\vyslas.dll

C:\WINDOWS\system32\wDeeKkkj.ini

C:\WINDOWS\system32\wDeeKkkj.ini2

C:\x

D:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2008-08-19 to 2008-09-19 )))))))))))))))))))))))))))))))

.

2100-02-16 16:09 . 2001-02-16 15:37 62 --a------ C:\WINDOWS\system32\LXBOUSCI.INI

2008-09-18 06:25 . 2008-09-18 06:24 137,344 --a------ C:\WINDOWS\system32\tcvdhd.dll

2008-09-18 06:24 . 2008-09-18 06:24 137,344 --a------ C:\WINDOWS\system32\rvfduvbf.dll

2008-09-17 01:40 . 2008-09-17 01:40 136,832 --a------ C:\WINDOWS\system32\bcamtryd.dll

2008-09-16 15:26 . 2008-09-16 15:26 328,448 --a------ C:\WINDOWS\system32\jkkKeeDw.dll

2008-09-16 15:16 . 2008-09-18 20:33 <DIR> d-------- C:\Program Files\PCHealthCenter

2008-09-08 08:23 . 2008-09-08 08:23 <DIR> d-------- C:\Program Files\HGTV Landscapes Screensaver

2008-09-05 07:57 . 2008-09-05 07:57 <DIR> d-------- C:\Live! Cam

2008-09-01 20:47 . 2008-09-01 20:48 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\muvee Technologies

2008-09-01 20:41 . 2008-09-01 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative

2008-09-01 20:34 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd

2008-09-01 20:32 . 2007-06-14 09:52 90,112 --a------ C:\WINDOWS\CtDrvIns.exe

2008-09-01 20:32 . 2007-03-02 14:30 670 -ra------ C:\WINDOWS\CtDrvIns.exe.manifest

2008-09-01 20:31 . 2008-04-13 20:12 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2008-09-01 20:31 . 2008-04-13 20:12 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll

2008-09-01 20:31 . 2005-07-07 01:07 36,864 --a------ C:\WINDOWS\system32\CtCamMgr.dll

2008-09-01 20:31 . 2007-03-28 01:01 20,480 --a------ C:\WINDOWS\system32\V0350Srv.exe

2008-09-01 20:30 . 2006-08-30 07:10 158,456 --------- C:\WINDOWS\system32\pxwma.dll

2008-09-01 20:30 . 2006-08-30 07:10 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys

2008-09-01 20:30 . 2006-08-30 07:10 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-09-01 20:30 . 2006-08-30 07:10 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-09-01 20:29 . 2008-09-01 20:29 <DIR> d-------- C:\Program Files\muvee Technologies

2008-09-01 20:29 . 2008-09-01 20:29 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies

2008-09-01 20:28 . 2008-09-01 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies

2008-09-01 20:28 . 2008-04-13 14:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2008-09-01 20:28 . 2008-04-13 14:45 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys

2008-09-01 20:27 . 2008-04-13 14:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-09-01 20:27 . 2008-04-13 14:45 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-09-01 20:26 . 2008-09-01 20:26 <DIR> d-------- C:\Program Files\SightSpeed

2008-09-01 20:21 . 2006-08-29 04:11 1,047,552 --------- C:\WINDOWS\system32\MFC71u.dll

2008-08-27 13:10 . 2008-08-27 13:10 244 --ah----- C:\sqmnoopt04.sqm

2008-08-27 13:10 . 2008-08-27 13:10 232 --ah----- C:\sqmdata04.sqm

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-18 23:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-09-16 22:02 --------- d-----w C:\Program Files\SpywareBlaster

2008-09-16 12:30 --------- d-----w C:\Program Files\a-squared Free

2008-09-10 12:42 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire

2008-09-08 14:58 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-07 16:24 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer

2008-09-07 11:08 --------- d-----w C:\Program Files\Apple Software Update

2008-09-05 12:01 --------- d-----w C:\Program Files\Creative

2008-09-02 00:43 --------- d-----w C:\Documents and Settings\Owner\Application Data\Creative

2008-08-29 23:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-08-29 19:57 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-08-21 08:52 3,299,840 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-08-21 05:17 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll

2008-08-19 07:01 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-15 04:22 --------- d-----w C:\Documents and Settings\Owner\Application Data\Windows Search

2008-08-15 02:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Windows Desktop Search

2008-08-15 02:35 --------- d-----w C:\Program Files\Windows Desktop Search

2008-08-12 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-08-06 13:11 --------- d-----w C:\Program Files\Java

2007-06-11 22:15 50 --sh--r C:\Program Files\Common Files\desSktop.ini

2007-01-16 03:07 299 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb1942.dat

2006-06-03 00:17 167,064 ----a-w C:\Program Files\custom.dat

2006-06-03 00:17 0 -c--a-w C:\Program Files\landgen.log

2006-06-02 23:50 0 -c--a-w C:\Program Files\rew2.log

2006-02-07 22:15 774,144 ----a-w C:\Program Files\RngInterstitial.dll

2005-02-05 22:51 1,638 ----a-w C:\Program Files\INSTALL.LOG

2005-01-25 14:05 512,103 ----a-w C:\Program Files\StarterSetup.exe

2004-10-27 21:43 249,608 ----a-w C:\Program Files\Uninst.isu

1999-05-26 16:23 70,541 -c--a-w C:\Program Files\readme.rtf

1999-05-26 16:23 3,265,024 ----a-w C:\Program Files\wa.exe

1999-04-26 18:29 83,456 ------r C:\Program Files\DirectX2D.dll

1999-04-26 18:28 240,128 ------r C:\Program Files\DXMfc.dll

1999-04-26 18:28 10,240 ------r C:\Program Files\DirectSound.dll

1999-03-31 17:00 2,257,920 ------w C:\Program Files\HSBRCiv.exe

1999-03-29 17:48 34,304 ------r C:\Program Files\lfbmp10N.dll

1999-03-29 17:48 31,744 ------r C:\Program Files\lflmb10N.dll

1999-03-29 17:48 297,984 ------r C:\Program Files\ltkrn10N.dll

1999-03-29 17:48 27,648 ------r C:\Program Files\lftga10N.dll

1999-03-29 17:48 269,312 ------r C:\Program Files\LFCMP10N.DLL

1999-03-29 17:48 105,472 ------r C:\Program Files\ltfil10N.DLL

1999-01-09 16:42 132,608 ------r C:\Program Files\Landgen.exe

1998-12-23 14:06 9,304 ------r C:\Program Files\thm01309.dat

1998-12-23 14:06 9,304 ------r C:\Program Files\thm01308.dat

1998-12-23 14:06 9,304 ------r C:\Program Files\thm01307.dat

1998-12-23 14:06 9,304 ------r C:\Program Files\thm01306.dat

1998-12-23 14:06 9,304 ------r C:\Program Files\thm01305.dat

1998-12-23 14:06 9,304 ------r C:\Program Files\thm01304.dat

1998-12-23 14:06 9,304 ------r C:\Program Files\thm01303.dat

1998-12-23 14:06 9,304 ------r C:\Program Files\thm01302.dat

1998-05-12 00:01 954,128 ------r C:\Program Files\MFC42.DLL

1998-05-12 00:01 280,576 ------r C:\Program Files\MSVCRT.DLL

2008-06-14 07:09 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

2008-06-14 07:09 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

2008-06-14 07:08 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061420080615\index.dat

2008-06-14 07:09 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ab3a1ea-08b8-4537-9be4-75014d32fe81}]

2008-09-18 06:24 137344 --a------ C:\WINDOWS\system32\tcvdhd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71DAD6B9-06A8-4F66-A93F-ACBACC67B651}]

2008-09-16 15:26 328448 --a------ C:\WINDOWS\system32\jkkKeeDw.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-07 61440]

"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 143360]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-08-01 81920]

"Lexmark X84-X85 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe" [2003-01-08 40960]

"Lexmark X84-X85 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 53248]

"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-18 36864]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-29 1235736]

"V0350Mon.exe"="C:\WINDOWS\V0350Mon.exe" [2007-08-23 28672]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\

SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 360448]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll xppqrf.dll tcvdhd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\rtcshare.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 97928]

R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 76040]

R3 VF0350Afx;VF0350 Audio FX;C:\WINDOWS\system32\Drivers\V0350Afx.sys [2007-06-11 142656]

R3 VF0350Vfx;VF0350 Video FX;C:\WINDOWS\system32\DRIVERS\V0350VFx.sys [2007-03-05 7424]

R3 VF0350Vid;Live! Cam Video Chat (VF0350);C:\WINDOWS\system32\DRIVERS\V0350Vid.sys [2007-08-29 170368]

S3 gkmixern;gkmixern;C:\DOCUME~1\Owner\LOCALS~1\Temp\gkmixern.sys [ ]

S3 msCMTSrvc;Content Monitoring Tool;C:\WINDOWS\system32\msCMTSrvc.exe [ ]

S3 PCDRDRV;Pcdr Helper Driver;C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [ ]

.

Contents of the 'Scheduled Tasks' folder

.

- - - - ORPHANS REMOVED - - - -

BHO-{ADFD5FD2-2DD2-4572-80DA-C74F1193FBA1} - C:\WINDOWS\system32\ljJDtqrp.dll

WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)

HKCU-Run-\YUR27.exe - C:\Windows\system32\YUR27.exe

HKCU-Run-\YUR28.exe - C:\Windows\system32\YUR28.exe

HKCU-Run-\YUR29.exe - C:\Windows\system32\YUR29.exe

HKCU-Run-\YUR76.exe - C:\Windows\system32\YUR76.exe

HKCU-Run-\YUR1.exe - C:\Windows\system32\YUR1.exe

HKCU-Run-\YUR2.exe - C:\Windows\system32\YUR2.exe

HKCU-Run-\YUR3.exe - C:\Windows\system32\YUR3.exe

HKCU-Run-\YUR4.exe - C:\Windows\system32\YUR4.exe

HKLM-Run-\YUR27.exe - C:\Windows\system32\YUR27.exe

HKLM-Run-\YUR28.exe - C:\Windows\system32\YUR28.exe

HKLM-Run-\YUR29.exe - C:\Windows\system32\YUR29.exe

HKLM-Run-\YUR76.exe - C:\Windows\system32\YUR76.exe

HKLM-Run-\YUR1.exe - C:\Windows\system32\YUR1.exe

HKLM-Run-\YUR2.exe - C:\Windows\system32\YUR2.exe

HKLM-Run-\YUR3.exe - C:\Windows\system32\YUR3.exe

HKLM-Run-\YUR4.exe - C:\Windows\system32\YUR4.exe

HKLM-Run-306342cb - C:\WINDOWS\system32\wcclsyru.dll

ShellExecuteHooks-{ADFD5FD2-2DD2-4572-80DA-C74F1193FBA1} - C:\WINDOWS\system32\ljJDtqrp.dll

Notify-ljJDtqrp - ljJDtqrp.dll

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l94vc8cl.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.facebook.com/home.php?

FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-18 20:35:32

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\CTSVCCDA.EXE

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\AVG\AVG8\avgrsx.exe

C:\Program Files\AVG\AVG8\avgrsx.exe

.

**************************************************************************

.

Completion time: 2008-09-18 20:58:02 - machine was rebooted

ComboFix-quarantined-files.txt 2008-09-19 00:57:42

Pre-Run: 7,706,095,616 bytes free

Post-Run: 7,741,399,040 bytes free

238 --- E O F --- 2008-09-10 07:07:00

[Meanwhile............[RESOLVED]]

Ran Combofix and it rebooted my computer.

Now it's stuck on the blue shutdown screen.

[Hjt Log[RESOLVED]]

Thank you!

[Hjt Log[RESOLVED]]

Here's the MBAM report:

Malwarebytes' Anti-Malware 1.28

Database version: 1166

Windows 5.1.2600 Service Pack 3

18/09/2008 1:39:26 AM

mbam-log-2008-09-18 (01-39-26).txt

Scan type: Full Scan (C:\|)

Objects scanned: 138729

Time elapsed: 1 hour(s), 7 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 12

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 21

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{450b9e4d-4014-4de3-b34e-014a81468293} (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7} (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\gksraemq.bvxd (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\gksraemq.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\WINDOWS\system32\kBin15 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:

C:\QooBox\Quarantine\C\WINDOWS\elat.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\jdmtxo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\pcvpmted.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\pveexsnq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\uafmed.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FA5ACB9A-D9FD-4551-8583-54F1E9191F4D}\RP1197\A0318600.dll (Trojan.Vundo) -> Delete on reboot.

C:\System Volume Information\_restore{FA5ACB9A-D9FD-4551-8583-54F1E9191F4D}\RP1197\A0318601.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FA5ACB9A-D9FD-4551-8583-54F1E9191F4D}\RP1197\A0319576.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FA5ACB9A-D9FD-4551-8583-54F1E9191F4D}\RP1197\A0319835.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FA5ACB9A-D9FD-4551-8583-54F1E9191F4D}\RP1197\A0319870.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FA5ACB9A-D9FD-4551-8583-54F1E9191F4D}\RP1197\A0319876.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FA5ACB9A-D9FD-4551-8583-54F1E9191F4D}\RP1200\A0322396.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FA5ACB9A-D9FD-4551-8583-54F1E9191F4D}\RP1200\A0322404.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FA5ACB9A-D9FD-4551-8583-54F1E9191F4D}\RP1201\A0322453.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FA5ACB9A-D9FD-4551-8583-54F1E9191F4D}\RP1201\A0322454.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FA5ACB9A-D9FD-4551-8583-54F1E9191F4D}\RP1201\A0322455.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FA5ACB9A-D9FD-4551-8583-54F1E9191F4D}\RP1201\A0322456.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FA5ACB9A-D9FD-4551-8583-54F1E9191F4D}\RP1201\A0322463.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FA5ACB9A-D9FD-4551-8583-54F1E9191F4D}\RP1161\A0311130.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FA5ACB9A-D9FD-4551-8583-54F1E9191F4D}\RP1161\A0311131.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Katie\Desktop\Smart Antivirus-2009.lnk (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.

[Meanwhile............[RESOLVED]]

I've been posting logs to fix my friends computer, but in the mean time my own computer got infected.

I did some scans but it didn't get every thing. Getting pop ups.

Here's the hjt:

Logfile of HijackThis v1.99.1

Scan saved at 11:58:49 PM, on 9/17/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe

C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\V0350Mon.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nbc.ca/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe

O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [\YUR27.exe] C:\Windows\system32\YUR27.exe

O4 - HKLM\..\Run: [\YUR28.exe] C:\Windows\system32\YUR28.exe

O4 - HKLM\..\Run: [\YUR29.exe] C:\Windows\system32\YUR29.exe

O4 - HKLM\..\Run: [\YUR76.exe] C:\Windows\system32\YUR76.exe

O4 - HKLM\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe

O4 - HKLM\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe

O4 - HKLM\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe

O4 - HKLM\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe

O4 - HKLM\..\Run: [306342cb] rundll32.exe "C:\WINDOWS\system32\wqegmtbd.dll",b

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"

O4 - HKCU\..\Run: [\YUR27.exe] C:\Windows\system32\YUR27.exe

O4 - HKCU\..\Run: [\YUR28.exe] C:\Windows\system32\YUR28.exe

O4 - HKCU\..\Run: [\YUR29.exe] C:\Windows\system32\YUR29.exe

O4 - HKCU\..\Run: [\YUR76.exe] C:\Windows\system32\YUR76.exe

O4 - HKCU\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe

O4 - HKCU\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe

O4 - HKCU\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe

O4 - HKCU\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: RaptisoftGameLoader - http://www.arcadetown.com/swf/hamsterball/...tgameloader.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/pi...st_uploader.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash...h2.1.0.0.67.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171635541706

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171647865140

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) -

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bookworma...ader_v10_en.cab

O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...upv2.0.0.10.cab?

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15105/CTPID.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll xppqrf.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

[Hjt Log[RESOLVED]]

Here's the Combofix log and the new HJT log.

ComboFix 08-09-16.01 - Katie 2008-09-17 0:49:02.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.193 [GMT -4:00]

Running from: C:\Documents and Settings\Katie\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\BMffd9ee4c.txt

C:\WINDOWS\BMffd9ee4c.xml

C:\WINDOWS\cookies.ini

C:\WINDOWS\Downloaded Program Files\setup.dll

C:\WINDOWS\Downloaded Program Files\setup.inf

C:\WINDOWS\elat.exe

C:\WINDOWS\hosts

C:\WINDOWS\system32\AutoRun.inf

C:\WINDOWS\system32\bisoqped.ini

C:\WINDOWS\system32\fudvnkmh.ini

C:\WINDOWS\system32\jdmtxo.dll

C:\WINDOWS\system32\JjiSAJjl.ini

C:\WINDOWS\system32\JjiSAJjl.ini2

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mqymrmsk.ini

C:\WINDOWS\system32\MSINET.oca

C:\WINDOWS\system32\pac.txt

C:\WINDOWS\system32\pcvpmted.dll

C:\WINDOWS\system32\pveexsnq.dll

C:\WINDOWS\system32\QpXHQXbc.ini

C:\WINDOWS\system32\QpXHQXbc.ini2

C:\WINDOWS\system32\tnvajiad.ini

C:\WINDOWS\system32\uafmed.dll

C:\WINDOWS\vanwxemgfwn.dll

C:\xcrashdump.dat

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

((((((((((((((((((((((((( Files Created from 2008-08-17 to 2008-09-17 )))))))))))))))))))))))))))))))

.

2008-09-14 13:25 . 2008-09-14 15:13 <DIR> d-------- C:\Program Files\a-squared Free

2008-09-11 14:39 . 2008-09-11 14:40 <DIR> d-------- C:\Program Files\SpywareBlaster

2008-09-11 14:39 . 2005-08-25 19:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL

2008-09-11 13:17 . 2008-09-11 13:17 <DIR> d-------- C:\VundoFix Backups

2008-09-11 11:55 . 2008-09-11 12:10 2,958 --a------ C:\WINDOWS\system32\tmp.reg

2008-09-10 22:00 . 2008-09-10 22:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7

2008-09-10 19:45 . 2008-09-10 20:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-09-10 19:44 . 2008-09-10 19:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-09-10 19:30 . 2008-09-10 19:30 <DIR> d-------- C:\Program Files\CodeStuff

2008-09-06 02:37 . 2008-09-06 00:39 94,208 --a------ C:\WINDOWS\sxmaokgf.exe

2008-09-03 00:28 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-09-03 00:15 . 2008-09-03 00:15 <DIR> d-------- C:\Program Files\Common Files\Java

2008-09-01 12:22 . 2008-09-01 12:22 <DIR> d-------- C:\Documents and Settings\Katie\Application Data\Talkback

2008-08-28 21:17 . 2008-08-28 21:17 <DIR> d-------- C:\Documents and Settings\Katie\Application Data\GamesCafe

2008-08-27 18:45 . 2008-08-27 18:45 <DIR> d-------- C:\Documents and Settings\Katie\Application Data\Eyeblaster

2008-08-27 18:42 . 2008-08-27 18:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom

2008-08-27 10:44 . 2008-08-28 19:10 <DIR> d-------- C:\Documents and Settings\Katie\Application Data\GameHouse

2008-08-27 10:44 . 2008-08-27 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9

2008-08-22 17:32 . 2008-08-22 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PBGsavesDirectory

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-17 04:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-09-17 04:40 --------- d-----w C:\Documents and Settings\Katie\Application Data\OpenOffice.org2

2008-09-17 04:39 --------- d-----w C:\Documents and Settings\Katie\Application Data\AVG7

2008-09-14 15:15 456,617 ----a-w C:\WINDOWS\java\Packages\8HRV3NBR.ZIP

2008-09-14 15:12 --------- d-----w C:\Program Files\Dynamic Gaming Systems

2008-09-11 13:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-09-11 01:26 --------- d-----w C:\Program Files\MSN Messenger

2008-09-10 23:45 --------- d-----w C:\Program Files\Lavasoft

2008-09-10 22:41 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-09-03 04:28 --------- d-----w C:\Program Files\Java

2008-09-03 04:06 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-03 02:13 --------- d-----w C:\Documents and Settings\Katie\Application Data\Microgaming

2008-09-02 03:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-08-27 15:53 --------- d-----w C:\Program Files\Oberon Media

2008-08-27 13:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo

2008-08-23 23:02 --------- d-----w C:\Documents and Settings\Katie\Application Data\PlayFirst

2008-08-23 23:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst

2008-08-20 01:27 --------- d-----w C:\Program Files\Apple Software Update

2008-08-16 16:10 --------- d-----w C:\Documents and Settings\Katie\Application Data\Pogo Games

2008-08-16 14:50 --------- d-----w C:\Program Files\Canon

2008-08-15 23:27 --------- d-----w C:\Program Files\Kodak

2008-08-15 23:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak

2008-08-14 22:16 --------- d-----w C:\Documents and Settings\Katie\Application Data\Go-Go Gourmet Chef of the Year

2008-08-13 23:11 --------- d-----w C:\Documents and Settings\Katie\Application Data\Gogii Games

2008-08-13 23:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gogii Games

2008-08-12 03:32 --------- d-----w C:\Program Files\LimeWire

2008-08-11 00:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Astar Games

2008-08-10 22:55 --------- d-----w C:\Documents and Settings\Katie\Application Data\Friday's games

2008-08-06 21:49 --------- d-----w C:\Documents and Settings\Katie\Application Data\BrandX Games

2008-08-03 00:31 --------- d-----w C:\Program Files\Gnuf

2008-08-02 03:39 --------- d-----w C:\Program Files\QuickTime

2008-07-30 16:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\DivoGames

2008-07-28 06:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microgaming

2008-07-28 06:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS

2008-07-22 22:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games

2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 22:12 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll

2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-04-12 07:34 61,224 ----a-w C:\Documents and Settings\Katie\GoToAssistDownloadHelper.exe

2008-02-25 03:19 5,180 ----a-w C:\Documents and Settings\Katie\Application Data\mindhabits.dat

2007-10-05 02:26 2,103,064 ----a-w C:\Documents and Settings\Katie\Application Data\PerformanceoptimizerFreeSetup[1].exe

2007-01-15 07:09 774,144 ----a-w C:\Program Files\RngInterstitial.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 4841472]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-27 579584]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-08-01 413696]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"nwiz"="nwiz.exe" [2003-07-28 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-02 219136]

C:\Documents and Settings\Katie\Start Menu\Programs\Startup\

OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"NoDispSettingPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-04-12 03:36 10536 C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=uafmed.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\StubInstaller.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

S3 GoToAssist;GoToAssist;C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe Start=service [ ]

S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 18176]

S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 7680]

S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [ ]

S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]

S3 VICAMUSB;3Com HomeConnect USB Camera;C:\WINDOWS\system32\drivers\vicamusb.sys [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

- - - - ORPHANS REMOVED - - - -

BHO-{2DF74DB3-9990-4535-ABC2-B5DE34B1C82F} - C:\WINDOWS\system32\cbXQHXpQ.dll

BHO-{4F7E9D97-BEE7-4F55-811D-19F15F2120AD} - C:\WINDOWS\system32\hgGVpoLe.dll

BHO-{a24ca48f-bf04-45b7-b8af-f20dfc2b8c91} - C:\WINDOWS\system32\uafmed.dll

BHO-{C31E85DE-8C2F-4035-AC49-5B6062B62CAD} - C:\WINDOWS\system32\ljJASijJ.dll

Toolbar-{7C74C1B1-81FB-4105-B304-80A12EC6E73D} - C:\WINDOWS\gksraemq.dll

HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

HKCU-Run-Vidalia - C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe

HKLM-Run-BO1HelperStartUp - C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE

HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe

HKLM-Run-StandardInstall - (no file)

ShellExecuteHooks-{4F7E9D97-BEE7-4F55-811D-19F15F2120AD} - C:\WINDOWS\system32\hgGVpoLe.dll

Notify-fceadd7f382 - C:\WINDOWS\system32\__c0022362.dat

Notify-__c002CCEE - C:\WINDOWS\system32\__c002CCEE.dat

Notify-hgGVpoLe - hgGVpoLe.dll

Notify-jkkIAtsq - jkkIAtsq.dll

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\8a0rjdg3.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-17 00:56:38

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.bin

C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

.

**************************************************************************

.

Completion time: 2008-09-17 1:11:54 - machine was rebooted

ComboFix-quarantined-files.txt 2008-09-17 05:10:49

Pre-Run: 61,423,730,688 bytes free

Post-Run: 61,592,387,584 bytes free

223 --- E O F --- 2008-08-16 21:01:19

Logfile of HijackThis v1.99.1

Scan saved at 1:13:44 AM, on 17/09/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Crazy Vegas Poker - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\crazyvegasMPP\MPPoker.exe (file missing) (HKCU)

O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Katie\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Katie\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.4.4.27/cana...a-ob-assets.cab

O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.4.3.28/domi...o-ob-assets.cab

O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.5.1.24/hold...oldem-en_US.cab

O16 - DPF: Video Poker by pogo - http://game1.pogo.com/applet-6.4.3.36/vide...r-ob-assets.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Virtual%20Villagers%202/Images/stg_drm.ocx

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v45/sol/sol.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B45E4E22-E6A8-4B58-88FA-F2E4726DC95E} - http://scanner.vav-scan.com/setup/demo/setup.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Virtual%20Villagers%202/Images/armhelper.ocx

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/famil.../familyfeud.cab

O16 - DPF: {D27CDB6E-AE6D-12CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin9.valueactive.com/Register/Br...018/flashax.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: uafmed.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe" Start=service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[Hjt Log[RESOLVED]]

Hey Guys,

I've been cleaning up a friends computer and there was a lot of nasty stuff.

I seem to be missing something because I'm still getting various pop up ads.

Anyway here's the log

Logfile of HijackThis v1.99.1

Scan saved at 6:19:53 PM, on 14/09/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: (no name) - {10990D5B-D686-4CD2-81EB-C7540450A1BA} - C:\WINDOWS\system32\jkkIAtsq.dll (file missing)

O2 - BHO: (no name) - {2DF74DB3-9990-4535-ABC2-B5DE34B1C82F} - C:\WINDOWS\system32\cbXQHXpQ.dll (file missing)

O2 - BHO: (no name) - {4F7E9D97-BEE7-4F55-811D-19F15F2120AD} - C:\WINDOWS\system32\hgGVpoLe.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: {19c8b2cf-d02f-fa8b-7b54-40fbf84ac42a} - {a24ca48f-bf04-45b7-b8af-f20dfc2b8c91} - C:\WINDOWS\system32\uafmed.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: (no name) - {C31E85DE-8C2F-4035-AC49-5B6062B62CAD} - C:\WINDOWS\system32\ljJASijJ.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: gksraemq - {7C74C1B1-81FB-4105-B304-80A12EC6E73D} - C:\WINDOWS\gksraemq.dll (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [bO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Crazy Vegas Poker - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\crazyvegasMPP\MPPoker.exe (file missing) (HKCU)

O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Katie\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Katie\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.4.4.27/cana...a-ob-assets.cab

O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.4.3.28/domi...o-ob-assets.cab

O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.5.1.24/hold...oldem-en_US.cab

O16 - DPF: Video Poker by pogo - http://game1.pogo.com/applet-6.4.3.36/vide...r-ob-assets.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Virtual%20Villagers%202/Images/stg_drm.ocx

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/mi...pGameLoader.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v45/sol/sol.cab

O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLhelper/ve...n7/dlhelper.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B45E4E22-E6A8-4B58-88FA-F2E4726DC95E} - http://scanner.vav-scan.com/setup/demo/setup.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Virtual%20Villagers%202/Images/armhelper.ocx

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/famil.../familyfeud.cab

O16 - DPF: {D27CDB6E-AE6D-12CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin9.valueactive.com/Register/Br...018/flashax.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://clubgames.pogo.com/online2/pogop/in...aploader_v6.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: uafmed.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: fceadd7f382 - C:\WINDOWS\system32\__c0022362.dat (file missing)

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll

O20 - Winlogon Notify: hgGVpoLe - hgGVpoLe.dll (file missing)

O20 - Winlogon Notify: jkkIAtsq - jkkIAtsq.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O20 - Winlogon Notify: __c002CCEE - C:\WINDOWS\system32\__c002CCEE.dat (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe" Start=service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe