I'm Sorry.. I had some issues doing the whole series and had to do it over ... I thought three times. I didnt realzie you needed all the logs.
My first attempt must have glitched... becase I ran the avg remover tool...ran combofix which gave me NO avg warnings now.... then my computer appeared to abruptly restart. Thought that was normal though. I did a hijack this log and posted that with a new combofix, looked them over and saw AVG listed in the combofix log. Sure enough it was showing those same files in the processes. So I had to start over.
Did the avg removal tool again. Did combfix... it did not reboot this time... I posted both logs and looked them over. AVG was gone but I then saw a program in the list that is a no no... so I new I needed too uninstall that and then reboot and do the logs yet again. Hence the different attempts. Plus at that point Irealized I hadn't put on the new AVG. Wasnt sure if that mattered. SO I redid it once more.
Sorry again for the extra crap... it was way too late and I'm not sure I wrote the order of what I did correctly above but its close. Below are the extra logs. Everything appears to be working fine still. No extra popups yet and like i said reboot is instant.
ComboFix 09-04-04.01 - NancyGail 2009-04-07 19:24:50.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2573 [GMT -7:00]
Running from: c:\documents and settings\NancyGail\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2009-03-08 to 2009-04-08 )))))))))))))))))))))))))))))))
.
2009-04-07 18:29 . 2009-04-07 18:29 <DIR> d-------- c:\program files\ERUNT
2009-04-07 13:43 . 2009-04-07 13:43 <DIR> d-------- c:\program files\twhirl
2009-04-02 06:47 . 2009-04-02 06:47 43,585 --a------ C:\BillingTracker.elf
2009-04-01 18:46 . 2009-04-01 18:50 <DIR> d-------- c:\documents and settings\NancyGail\Application Data\Uniblue
2009-04-01 18:46 . 2009-04-01 18:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2009-04-01 18:23 . 2009-04-01 18:25 <DIR> d-------- c:\program files\USB-IF Test Suite
2009-04-01 18:23 . 2008-04-17 14:40 50,304 --a------ c:\windows\system32\drivers\hcdriver.sys
2009-03-31 10:42 . 2009-03-31 10:42 <DIR> d-------- c:\documents and settings\NancyGail\Application Data\Centered Systems
2009-03-31 10:36 . 2009-03-31 10:38 <DIR> d-------- c:\program files\SecCopy
2009-03-31 10:36 . 2006-12-21 15:18 497,496 --a------ c:\windows\system32\XceedZip.dll
2009-03-30 10:03 . 2009-03-30 10:03 <DIR> d-------- c:\program files\Trend Micro
2009-03-29 10:58 . 2009-03-29 10:58 <DIR> d-------- c:\program files\Fraps
2009-03-29 09:24 . 2009-04-04 06:56 <DIR> d-------- c:\program files\XoftSpySE
2009-03-28 09:47 . 2001-05-11 13:18 420,240 --a------ c:\windows\system32\mpg4c32.dll
2009-03-28 09:47 . 2001-05-16 17:54 309,616 --a------ c:\windows\system32\wmv8dmod.dll
2009-03-28 09:47 . 2001-03-26 04:41 245,760 --a------ c:\windows\system32\mp4sds32.ax
2009-03-28 09:45 . 2009-03-29 10:56 <DIR> d-------- c:\program files\Game Cam
2009-03-25 14:33 . 2009-03-25 14:51 <DIR> d-------- c:\program files\Game Cam V2
2009-03-24 14:54 . 2009-03-24 14:54 5,242,934 --ah----- c:\windows\system32\toyhide.bmp
2009-03-24 14:24 . 2009-03-24 14:24 187,072 --a------ c:\windows\walltoyUninst.exe
2009-03-23 10:36 . 2009-03-23 10:36 <DIR> d-------- c:\program files\IrfanView
2009-03-21 13:21 . 2009-03-21 13:21 <DIR> d-------- c:\program files\Hotkey CD Eject
2009-03-20 11:24 . 2009-03-20 11:24 <DIR> d-------- c:\program files\iTunes
2009-03-20 11:24 . 2009-03-20 11:24 <DIR> d-------- c:\program files\iPod
2009-03-20 11:24 . 2009-03-20 11:24 <DIR> d-------- c:\program files\Common Files\Apple
2009-03-20 11:24 . 2009-03-20 11:24 <DIR> d-------- c:\program files\Bonjour
2009-03-20 11:24 . 2009-03-20 11:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-20 11:24 . 2008-04-17 12:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-03-20 11:24 . 2009-01-15 12:19 23,848 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-20 11:02 . 2009-03-20 11:02 <DIR> d-------- c:\program files\NCH Software
2009-03-20 11:02 . 2009-03-20 11:02 <DIR> d-------- c:\documents and settings\NancyGail\Application Data\Recordpad
2009-03-20 11:02 . 2009-03-20 11:02 <DIR> d-------- c:\documents and settings\NancyGail\Application Data\NCH Swift Sound
2009-03-20 11:02 . 2009-03-20 11:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-03-20 11:01 . 2009-03-20 11:02 <DIR> d-------- c:\program files\NCH Swift Sound
2009-03-20 10:50 . 2009-03-20 11:11 <DIR> d-------- c:\program files\All Sound Recorder XP
2009-03-19 10:33 . 2009-03-19 10:33 <DIR> d-------- c:\program files\MAPILab Ltd
2009-03-19 10:13 . 2009-03-19 10:13 <DIR> dr-h----- C:\MSOCache
2009-03-19 10:13 . 2009-03-20 03:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-19 03:00 . 2009-03-19 03:00 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-18 10:49 . 2009-03-18 10:49 2,344 --a------ c:\windows\hpbvspst.his
2009-03-18 10:49 . 2009-03-18 10:49 414 --a------ c:\windows\hpbvspst.ini
2009-03-18 10:44 . 2009-04-03 17:16 50,895 --a------ c:\windows\hpdj6500.hi2
2009-03-18 10:44 . 2009-04-03 17:16 8,768 --a------ c:\windows\hpdj6500.bu2
2009-03-18 10:35 . 2003-12-11 11:15 626,960 -ra------ c:\windows\system32\hpvaut32.dll
2009-03-18 10:35 . 2003-12-11 11:15 487,424 -ra------ c:\windows\system32\hpvcp70.dll
2009-03-18 10:35 . 2003-12-11 11:15 344,064 -ra------ c:\windows\system32\hpvcr70.dll
2009-03-18 10:35 . 2003-12-11 11:15 44,544 -ra------ c:\windows\system32\MSXML4a.dll
2009-03-18 10:30 . 2009-04-03 17:18 42,237 --a------ c:\windows\hpdj6500.hi1
2009-03-18 10:30 . 2009-04-03 17:18 5,586 --a------ c:\windows\hpdj6500.bu1
2009-03-14 15:58 . 2009-03-14 15:58 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2009-03-12 09:11 . 2009-03-12 09:11 <DIR> d-------- c:\program files\Realtek Sound Manager
2009-03-12 09:11 . 2009-03-12 09:11 <DIR> d-------- c:\program files\Realtek AC97
2009-03-12 09:11 . 2009-03-12 09:11 <DIR> d-------- c:\program files\AvRack
2009-03-12 09:11 . 2006-03-22 16:23 10,524,672 --a------ c:\windows\system32\RTLCPL.exe
2009-03-12 09:11 . 2006-03-31 14:38 3,960,896 -ra------ c:\windows\system32\drivers\alcxwdm.sys
2009-03-12 09:11 . 2006-03-20 11:48 315,392 --a------ c:\windows\alcupd.exe
2009-03-12 09:11 . 2005-11-18 11:20 217,088 --a------ c:\windows\alcrmv.exe
2009-03-12 09:11 . 2002-02-05 13:54 141,016 --a------ c:\windows\system32\alsndmgr.wav
2009-03-12 09:11 . 2006-01-10 13:38 135,168 --a------ c:\windows\system32\RtlCPAPI.dll
2009-03-12 09:11 . 2001-07-06 00:19 164 --a------ c:\windows\avrack.ini
2009-03-10 10:15 . 2009-03-10 10:15 <DIR> d-------- c:\program files\MSECache
2009-03-08 13:11 . 2009-03-08 13:11 <DIR> d-------- c:\program files\FTP Now
2009-03-08 08:47 . 2009-03-08 08:47 <DIR> d-------- c:\documents and settings\NancyGail\Application Data\AdobeUM
2009-03-08 08:46 . 2009-03-08 08:46 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2009-03-08 08:46 . 2009-03-08 08:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 02:24 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-08 02:24 --------- d-----w c:\documents and settings\NancyGail\Application Data\nView_Wallpaper
2009-04-08 02:22 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-08 02:13 --------- d-----w c:\program files\eMule
2009-04-08 00:56 --------- d-----w c:\documents and settings\NancyGail\Application Data\UseNeXT
2009-04-07 23:13 --------- d-----w c:\program files\BillingTracker Pro 4
2009-04-06 12:35 --------- d-----w c:\documents and settings\NancyGail\Application Data\ZoomBrowser EX
2009-04-06 12:35 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-04-05 19:54 --------- d-----w c:\documents and settings\NancyGail\Application Data\U3
2009-04-02 23:37 --------- d-----w c:\program files\World of Warcraft
2009-04-01 00:35 5,014 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-03-29 17:56 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-25 21:33 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-24 17:18 --------- d-----w c:\program files\UseNeXT
2009-03-20 18:25 --------- d-----w c:\documents and settings\NancyGail\Application Data\Apple Computer
2009-03-20 18:24 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-19 17:34 --------- d-----w c:\program files\Rules Manager
2009-03-18 17:50 --------- d-----w c:\program files\HP
2009-03-18 17:50 --------- d-----w c:\program files\Hewlett-Packard
2009-03-17 19:52 --------- d-----w c:\program files\WhizFolders Organizer Deluxe
2009-03-15 19:47 --------- d-----w c:\program files\Maxthon2
2009-03-08 15:46 --------- d-----w c:\program files\Common Files\Adobe
2009-03-05 00:20 --------- d-----w c:\program files\Amara - Flash Photo Animation Software
2009-03-04 23:45 --------- d-----w c:\program files\FastStone Photo Resizer
2009-03-04 23:45 --------- d-----w c:\documents and settings\NancyGail\Application Data\FastStone
2009-03-04 22:51 --------- d-----w c:\program files\Flash Slideshow Maker Professional
2009-03-04 22:48 --------- d-----w c:\program files\Microsoft Student
2009-03-04 19:43 --------- d-----w c:\documents and settings\NancyGail\Application Data\ColorCop
2009-03-04 19:18 --------- d-----w c:\program files\AllToTray
2009-03-04 02:57 --------- d-----w c:\program files\Cool MP3 Splitter
2009-03-03 22:35 --------- d-----w c:\program files\Common Files\AVSMedia
2009-03-03 22:35 --------- d-----w c:\program files\AVS4YOU
2009-03-03 21:12 --------- d-----w c:\documents and settings\NancyGail\Application Data\vlc
2009-03-03 19:56 --------- d-----w c:\program files\Canon
2009-03-03 17:13 --------- d-----w c:\documents and settings\NancyGail\Application Data\AVS4YOU
2009-03-03 17:13 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-03-03 03:09 --------- d-----w c:\program files\Graboid
2009-03-03 03:03 --------- d-----w c:\documents and settings\NancyGail\Application Data\Graboid Inc
2009-03-02 19:02 --------- d-----w c:\program files\Collectorz.com
2009-03-02 16:56 --------- d-----w c:\documents and settings\NancyGail\Application Data\Rules Manager
2009-03-02 01:50 --------- d-----w c:\program files\D-Tools
2009-03-02 00:25 --------- d-----w c:\program files\Unlocker
2009-03-01 21:59 --------- d-----w c:\program files\Mozilla ActiveX Control v1.7.12
2009-03-01 21:59 --------- d-----w c:\documents and settings\NancyGail\Application Data\MozillaControl
2009-03-01 21:59 --------- d-----w c:\documents and settings\All Users\Application Data\Graboid Inc
2009-03-01 16:21 --------- d-----w c:\documents and settings\NancyGail\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-03-01 03:48 --------- d-----w c:\program files\VideoLAN
2009-03-01 03:44 --------- d-----w c:\program files\NOS
2009-03-01 03:44 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-03-01 02:51 --------- d-----w c:\program files\MSBuild
2009-03-01 02:50 --------- d-----w c:\program files\Reference Assemblies
2009-03-01 02:48 --------- d-----w c:\program files\MSXML 4.0
2009-03-01 02:27 121,887 ----a-w c:\windows\File Renamer - Basic Uninstaller.exe
2009-03-01 02:27 --------- d-----w c:\program files\File Renamer
2009-03-01 01:36 --------- d-----w c:\program files\Lakefront Software
2009-03-01 01:17 --------- d-----w c:\documents and settings\All Users\Application Data\WEBREG
2009-03-01 01:15 --------- d-----w c:\program files\Common Files\HP
2009-03-01 01:15 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-03-01 01:15 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-03-01 01:14 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-03-01 01:07 --------- d-----w c:\program files\PDFCreator
2009-03-01 00:44 --------- d-----w c:\documents and settings\NancyGail\Application Data\AvniTech
2009-03-01 00:39 --------- d-----w c:\program files\Color_Cop
2009-03-01 00:37 6,144 ----a-w c:\windows\system32\drivers\NTIDrvr.sys
2009-03-01 00:37 --------- d-----w c:\program files\NewTech Infosystems
2009-03-01 00:37 --------- d-----w c:\program files\Common Files\NewTech Infosystems
2009-03-01 00:37 --------- d-----w c:\program files\Common Files\muvee Technologies
2009-03-01 00:31 --------- d-----w c:\program files\TweetDeck
2009-03-01 00:31 --------- d-----w c:\documents and settings\NancyGail\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-02-28 23:26 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-28 23:26 --------- d-----w c:\documents and settings\NancyGail\Application Data\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
2009-02-28 23:17 --------- d-----w c:\program files\MediaMonkey
2009-02-28 23:11 --------- d-----w c:\program files\Olympus
2009-02-28 23:09 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-28 23:07 --------- d-----w c:\program files\Common Files\Canon
2009-02-28 23:00 --------- d-----w c:\program files\Microsoft IntelliType Pro
2009-02-28 22:55 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-02-28 22:55 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-02-28 22:45 --------- d-----w c:\program files\Corel
2009-02-28 22:45 --------- d-----w c:\program files\Common Files\Corel
2009-02-28 22:45 --------- d-----w c:\documents and settings\NancyGail\Application Data\Corel
2009-02-28 22:45 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-02-28 22:18 --------- d-----w c:\documents and settings\All Users\Application Data\Corel
2009-02-28 22:15 --------- d-----w c:\documents and settings\NancyGail\Application Data\InstallShield
2009-02-28 22:00 --------- d-----w c:\program files\Macromedia
2009-02-28 22:00 --------- d-----w c:\program files\Common Files\Macromedia
2009-02-28 21:50 --------- d-----w c:\program files\QuickTime
2009-02-28 21:49 --------- d-----w c:\program files\Apple Software Update
2009-02-28 21:49 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-02-28 20:43 --------- d-----w c:\documents and settings\NancyGail\Application Data\MxBoost
2009-02-28 20:40 --------- d-----w c:\program files\TechHit.com
2009-02-28 19:31 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-28 19:31 --------- d-----w c:\program files\Windows Live
2009-02-28 19:31 --------- d-----w c:\program files\Microsoft
2009-02-28 19:30 --------- d-----w c:\program files\Microsoft.NET
2009-02-28 19:30 --------- d-----w c:\program files\Microsoft ActiveSync
2009-02-28 19:27 --------- d-----w c:\program files\Common Files\Windows Live
2009-02-28 19:11 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-02-28 19:02 --------- d-----w c:\program files\Setup Files
2009-02-28 19:00 --------- d-----w c:\program files\MSI
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-28 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"L09AXLRD_139214234"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" [2008-06-03 351000]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"Hotkey CD Eject"="c:\program files\Hotkey CD Eject\cdeject.exe" [2003-02-20 597504]
"AllToTray"="c:\program files\AllToTray\AllToTray.exe" [2009-03-04 728576]
"Second Copy"="c:\program files\SecCopy\SecCopy.exe" [2007-10-17 2425856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"WinSys2"="c:\windows\system32\winsys2.exe" [2008-01-18 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"Recordpad"="c:\program files\NCH Swift Sound\Recordpad\recordpad.exe" [2009-03-20 577540]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-18 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-03-08 25214]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-02-28 114688]
Directrec Configuration Tool.lnk - c:\program files\Olympus\DSSPlayer\DirectrecConfig.exe [2009-02-28 122880]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Graboid\\GraboidVideo\\1.4.0.0\\DLManager\\GraboidDLManager.exe"=
"c:\\Program Files\\FTP Now\\FTPNow.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [2009-02-28 137216]
R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [2009-02-28 5248]
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2009-02-25 210224]
S2 hpdj00;hpdj00;c:\docume~1\NANCYG~1\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Deskjet 6500 Series -product=6500 --> c:\docume~1\NANCYG~1\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Deskjet 6500 Series -product=6500 [?]
S3 autorun;autorun;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-02-28 33752]
S3 hcdriver;EHCI;c:\windows\system32\drivers\hcdriver.sys [2009-04-01 50304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e0fbcfd-0866-11de-b4e8-0019dbcd1b0e}]
\Shell\AutoRun\command - O:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-04-08 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 06:43]
2009-04-07 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 06:43]
.
- - - - ORPHANS REMOVED - - - -
Notify-avgrsstarter - avgrsstx.dll
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/ig?gl=allmStart Page =
hxxp://www.google.com/ig?gl=alluInternet Settings,ProxyOverride = *.local
IE: Copy plain text for WhizFolders - c:\program files\WhizFolders Organizer Deluxe\copytool.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms -
file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar -
file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms -
file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} -
hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cabFF - ProfilePath - c:\documents and settings\NancyGail\Application Data\Mozilla\Firefox\Profiles\ldjw8pvk.default\
FF - component: c:\documents and settings\NancyGail\Application Data\Mozilla\Firefox\Profiles\ldjw8pvk.default\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}\components\rfproxy_27.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-07 19:26:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\autorun]
"ImagePath"="\??\c:\huadio.tmp"
.
Completion time: 2009-04-07 19:27:01
ComboFix-quarantined-files.txt 2009-04-08 02:26:59
ComboFix2.txt 2009-04-08 01:55:08
ComboFix3.txt 2009-04-08 01:44:58
Pre-Run: 67,553,652,736 bytes free
Post-Run: 67,544,166,400 bytes free
296 --- E O F --- 2009-03-20 10:23:10
ComboFix 09-04-04.01 - NancyGail 2009-04-07 18:53:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2476 [GMT -7:00]
Running from: c:\documents and settings\NancyGail\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2009-03-08 to 2009-04-08 )))))))))))))))))))))))))))))))
.
2009-04-07 18:29 . 2009-04-07 18:29 <DIR> d-------- c:\program files\ERUNT
2009-04-07 13:43 . 2009-04-07 13:43 <DIR> d-------- c:\program files\twhirl
2009-04-02 06:47 . 2009-04-02 06:47 43,585 --a------ C:\BillingTracker.elf
2009-04-01 18:46 . 2009-04-01 18:50 <DIR> d-------- c:\documents and settings\NancyGail\Application Data\Uniblue
2009-04-01 18:46 . 2009-04-01 18:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2009-04-01 18:23 . 2009-04-01 18:25 <DIR> d-------- c:\program files\USB-IF Test Suite
2009-04-01 18:23 . 2008-04-17 14:40 50,304 --a------ c:\windows\system32\drivers\hcdriver.sys
2009-03-31 10:42 . 2009-03-31 10:42 <DIR> d-------- c:\documents and settings\NancyGail\Application Data\Centered Systems
2009-03-31 10:36 . 2009-03-31 10:38 <DIR> d-------- c:\program files\SecCopy
2009-03-31 10:36 . 2006-12-21 15:18 497,496 --a------ c:\windows\system32\XceedZip.dll
2009-03-30 10:03 . 2009-03-30 10:03 <DIR> d-------- c:\program files\Trend Micro
2009-03-29 10:58 . 2009-03-29 10:58 <DIR> d-------- c:\program files\Fraps
2009-03-29 09:24 . 2009-04-04 06:56 <DIR> d-------- c:\program files\XoftSpySE
2009-03-28 09:47 . 2001-05-11 13:18 420,240 --a------ c:\windows\system32\mpg4c32.dll
2009-03-28 09:47 . 2001-05-16 17:54 309,616 --a------ c:\windows\system32\wmv8dmod.dll
2009-03-28 09:47 . 2001-03-26 04:41 245,760 --a------ c:\windows\system32\mp4sds32.ax
2009-03-28 09:45 . 2009-03-29 10:56 <DIR> d-------- c:\program files\Game Cam
2009-03-25 14:33 . 2009-03-25 14:51 <DIR> d-------- c:\program files\Game Cam V2
2009-03-24 14:54 . 2009-03-24 14:54 5,242,934 --ah----- c:\windows\system32\toyhide.bmp
2009-03-24 14:24 . 2009-03-24 14:24 187,072 --a------ c:\windows\walltoyUninst.exe
2009-03-23 10:36 . 2009-03-23 10:36 <DIR> d-------- c:\program files\IrfanView
2009-03-21 13:21 . 2009-03-21 13:21 <DIR> d-------- c:\program files\Hotkey CD Eject
2009-03-20 11:24 . 2009-03-20 11:24 <DIR> d-------- c:\program files\iTunes
2009-03-20 11:24 . 2009-03-20 11:24 <DIR> d-------- c:\program files\iPod
2009-03-20 11:24 . 2009-03-20 11:24 <DIR> d-------- c:\program files\Common Files\Apple
2009-03-20 11:24 . 2009-03-20 11:24 <DIR> d-------- c:\program files\Bonjour
2009-03-20 11:24 . 2009-03-20 11:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-20 11:24 . 2008-04-17 12:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-03-20 11:24 . 2009-01-15 12:19 23,848 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-20 11:02 . 2009-03-20 11:02 <DIR> d-------- c:\program files\NCH Software
2009-03-20 11:02 . 2009-03-20 11:02 <DIR> d-------- c:\documents and settings\NancyGail\Application Data\Recordpad
2009-03-20 11:02 . 2009-03-20 11:02 <DIR> d-------- c:\documents and settings\NancyGail\Application Data\NCH Swift Sound
2009-03-20 11:02 . 2009-03-20 11:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-03-20 11:01 . 2009-03-20 11:02 <DIR> d-------- c:\program files\NCH Swift Sound
2009-03-20 10:50 . 2009-03-20 11:11 <DIR> d-------- c:\program files\All Sound Recorder XP
2009-03-19 10:33 . 2009-03-19 10:33 <DIR> d-------- c:\program files\MAPILab Ltd
2009-03-19 10:13 . 2009-03-19 10:13 <DIR> dr-h----- C:\MSOCache
2009-03-19 10:13 . 2009-03-20 03:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-19 03:00 . 2009-03-19 03:00 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-18 10:49 . 2009-03-18 10:49 2,344 --a------ c:\windows\hpbvspst.his
2009-03-18 10:49 . 2009-03-18 10:49 414 --a------ c:\windows\hpbvspst.ini
2009-03-18 10:44 . 2009-04-03 17:16 50,895 --a------ c:\windows\hpdj6500.hi2
2009-03-18 10:44 . 2009-04-03 17:16 8,768 --a------ c:\windows\hpdj6500.bu2
2009-03-18 10:35 . 2003-12-11 11:15 626,960 -ra------ c:\windows\system32\hpvaut32.dll
2009-03-18 10:35 . 2003-12-11 11:15 487,424 -ra------ c:\windows\system32\hpvcp70.dll
2009-03-18 10:35 . 2003-12-11 11:15 344,064 -ra------ c:\windows\system32\hpvcr70.dll
2009-03-18 10:35 . 2003-12-11 11:15 44,544 -ra------ c:\windows\system32\MSXML4a.dll
2009-03-18 10:30 . 2009-04-03 17:18 42,237 --a------ c:\windows\hpdj6500.hi1
2009-03-18 10:30 . 2009-04-03 17:18 5,586 --a------ c:\windows\hpdj6500.bu1
2009-03-14 15:58 . 2009-03-14 15:58 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2009-03-12 09:11 . 2009-03-12 09:11 <DIR> d-------- c:\program files\Realtek Sound Manager
2009-03-12 09:11 . 2009-03-12 09:11 <DIR> d-------- c:\program files\Realtek AC97
2009-03-12 09:11 . 2009-03-12 09:11 <DIR> d-------- c:\program files\AvRack
2009-03-12 09:11 . 2006-03-22 16:23 10,524,672 --a------ c:\windows\system32\RTLCPL.exe
2009-03-12 09:11 . 2006-03-31 14:38 3,960,896 -ra------ c:\windows\system32\drivers\alcxwdm.sys
2009-03-12 09:11 . 2006-03-20 11:48 315,392 --a------ c:\windows\alcupd.exe
2009-03-12 09:11 . 2005-11-18 11:20 217,088 --a------ c:\windows\alcrmv.exe
2009-03-12 09:11 . 2002-02-05 13:54 141,016 --a------ c:\windows\system32\alsndmgr.wav
2009-03-12 09:11 . 2006-01-10 13:38 135,168 --a------ c:\windows\system32\RtlCPAPI.dll
2009-03-12 09:11 . 2001-07-06 00:19 164 --a------ c:\windows\avrack.ini
2009-03-10 10:15 . 2009-03-10 10:15 <DIR> d-------- c:\program files\MSECache
2009-03-08 13:11 . 2009-03-08 13:11 <DIR> d-------- c:\program files\FTP Now
2009-03-08 08:47 . 2009-03-08 08:47 <DIR> d-------- c:\documents and settings\NancyGail\Application Data\AdobeUM
2009-03-08 08:46 . 2009-03-08 08:46 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2009-03-08 08:46 . 2009-03-08 08:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 01:53 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-08 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-08 01:42 --------- d-----w c:\documents and settings\NancyGail\Application Data\nView_Wallpaper
2009-04-08 00:56 --------- d-----w c:\documents and settings\NancyGail\Application Data\UseNeXT
2009-04-07 23:13 --------- d-----w c:\program files\BillingTracker Pro 4
2009-04-06 12:35 --------- d-----w c:\documents and settings\NancyGail\Application Data\ZoomBrowser EX
2009-04-06 12:35 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-04-05 19:54 --------- d-----w c:\documents and settings\NancyGail\Application Data\U3
2009-04-02 23:37 --------- d-----w c:\program files\World of Warcraft
2009-04-01 00:35 5,014 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-03-29 17:56 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-25 21:33 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-24 17:18 --------- d-----w c:\program files\UseNeXT
2009-03-20 18:25 --------- d-----w c:\documents and settings\NancyGail\Application Data\Apple Computer
2009-03-20 18:24 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-19 17:34 --------- d-----w c:\program files\Rules Manager
2009-03-18 17:50 --------- d-----w c:\program files\HP
2009-03-18 17:50 --------- d-----w c:\program files\Hewlett-Packard
2009-03-17 19:52 --------- d-----w c:\program files\WhizFolders Organizer Deluxe
2009-03-15 19:47 --------- d-----w c:\program files\Maxthon2
2009-03-08 15:46 --------- d-----w c:\program files\Common Files\Adobe
2009-03-05 00:20 --------- d-----w c:\program files\Amara - Flash Photo Animation Software
2009-03-04 23:45 --------- d-----w c:\program files\FastStone Photo Resizer
2009-03-04 23:45 --------- d-----w c:\documents and settings\NancyGail\Application Data\FastStone
2009-03-04 22:51 --------- d-----w c:\program files\Flash Slideshow Maker Professional
2009-03-04 22:48 --------- d-----w c:\program files\Microsoft Student
2009-03-04 19:43 --------- d-----w c:\documents and settings\NancyGail\Application Data\ColorCop
2009-03-04 19:18 --------- d-----w c:\program files\AllToTray
2009-03-04 02:57 --------- d-----w c:\program files\Cool MP3 Splitter
2009-03-03 22:35 --------- d-----w c:\program files\Common Files\AVSMedia
2009-03-03 22:35 --------- d-----w c:\program files\AVS4YOU
2009-03-03 21:12 --------- d-----w c:\documents and settings\NancyGail\Application Data\vlc
2009-03-03 19:56 --------- d-----w c:\program files\Canon
2009-03-03 17:13 --------- d-----w c:\documents and settings\NancyGail\Application Data\AVS4YOU
2009-03-03 17:13 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-03-03 03:09 --------- d-----w c:\program files\Graboid
2009-03-03 03:03 --------- d-----w c:\documents and settings\NancyGail\Application Data\Graboid Inc
2009-03-02 19:02 --------- d-----w c:\program files\Collectorz.com
2009-03-02 16:56 --------- d-----w c:\documents and settings\NancyGail\Application Data\Rules Manager
2009-03-02 01:50 --------- d-----w c:\program files\D-Tools
2009-03-02 00:25 --------- d-----w c:\program files\Unlocker
2009-03-01 21:59 --------- d-----w c:\program files\Mozilla ActiveX Control v1.7.12
2009-03-01 21:59 --------- d-----w c:\documents and settings\NancyGail\Application Data\MozillaControl
2009-03-01 21:59 --------- d-----w c:\documents and settings\All Users\Application Data\Graboid Inc
2009-03-01 16:21 --------- d-----w c:\documents and settings\NancyGail\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-03-01 04:55 --------- d-----w c:\program files\eMule
2009-03-01 03:48 --------- d-----w c:\program files\VideoLAN
2009-03-01 03:44 --------- d-----w c:\program files\NOS
2009-03-01 03:44 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-03-01 02:51 --------- d-----w c:\program files\MSBuild
2009-03-01 02:50 --------- d-----w c:\program files\Reference Assemblies
2009-03-01 02:48 --------- d-----w c:\program files\MSXML 4.0
2009-03-01 02:27 121,887 ----a-w c:\windows\File Renamer - Basic Uninstaller.exe
2009-03-01 02:27 --------- d-----w c:\program files\File Renamer
2009-03-01 01:36 --------- d-----w c:\program files\Lakefront Software
2009-03-01 01:17 --------- d-----w c:\documents and settings\All Users\Application Data\WEBREG
2009-03-01 01:15 --------- d-----w c:\program files\Common Files\HP
2009-03-01 01:15 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-03-01 01:15 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-03-01 01:14 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-03-01 01:07 --------- d-----w c:\program files\PDFCreator
2009-03-01 00:44 --------- d-----w c:\documents and settings\NancyGail\Application Data\AvniTech
2009-03-01 00:39 --------- d-----w c:\program files\Color_Cop
2009-03-01 00:37 6,144 ----a-w c:\windows\system32\drivers\NTIDrvr.sys
2009-03-01 00:37 --------- d-----w c:\program files\NewTech Infosystems
2009-03-01 00:37 --------- d-----w c:\program files\Common Files\NewTech Infosystems
2009-03-01 00:37 --------- d-----w c:\program files\Common Files\muvee Technologies
2009-03-01 00:31 --------- d-----w c:\program files\TweetDeck
2009-03-01 00:31 --------- d-----w c:\documents and settings\NancyGail\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-02-28 23:26 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-28 23:26 --------- d-----w c:\documents and settings\NancyGail\Application Data\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
2009-02-28 23:17 --------- d-----w c:\program files\MediaMonkey
2009-02-28 23:11 --------- d-----w c:\program files\Olympus
2009-02-28 23:09 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-28 23:07 --------- d-----w c:\program files\Common Files\Canon
2009-02-28 23:00 --------- d-----w c:\program files\Microsoft IntelliType Pro
2009-02-28 22:55 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-02-28 22:55 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-02-28 22:50 --------- d-----w c:\program files\AVG
2009-02-28 22:45 --------- d-----w c:\program files\Corel
2009-02-28 22:45 --------- d-----w c:\program files\Common Files\Corel
2009-02-28 22:45 --------- d-----w c:\documents and settings\NancyGail\Application Data\Corel
2009-02-28 22:45 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-02-28 22:18 --------- d-----w c:\documents and settings\All Users\Application Data\Corel
2009-02-28 22:15 --------- d-----w c:\documents and settings\NancyGail\Application Data\InstallShield
2009-02-28 22:00 --------- d-----w c:\program files\Macromedia
2009-02-28 22:00 --------- d-----w c:\program files\Common Files\Macromedia
2009-02-28 21:50 --------- d-----w c:\program files\QuickTime
2009-02-28 21:49 --------- d-----w c:\program files\Apple Software Update
2009-02-28 21:49 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-02-28 20:43 --------- d-----w c:\documents and settings\NancyGail\Application Data\MxBoost
2009-02-28 20:40 --------- d-----w c:\program files\TechHit.com
2009-02-28 19:31 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-28 19:31 --------- d-----w c:\program files\Windows Live
2009-02-28 19:31 --------- d-----w c:\program files\Microsoft
2009-02-28 19:30 --------- d-----w c:\program files\Microsoft.NET
2009-02-28 19:30 --------- d-----w c:\program files\Microsoft ActiveSync
2009-02-28 19:27 --------- d-----w c:\program files\Common Files\Windows Live
2009-02-28 19:11 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-02-28 19:02 --------- d-----w c:\program files\Setup Files
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-28 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"L09AXLRD_139214234"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" [2008-06-03 351000]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"Hotkey CD Eject"="c:\program files\Hotkey CD Eject\cdeject.exe" [2003-02-20 597504]
"AllToTray"="c:\program files\AllToTray\AllToTray.exe" [2009-03-04 728576]
"Second Copy"="c:\program files\SecCopy\SecCopy.exe" [2007-10-17 2425856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"WinSys2"="c:\windows\system32\winsys2.exe" [2008-01-18 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"Recordpad"="c:\program files\NCH Swift Sound\Recordpad\recordpad.exe" [2009-03-20 577540]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-18 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-03-08 25214]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-02-28 114688]
Directrec Configuration Tool.lnk - c:\program files\Olympus\DSSPlayer\DirectrecConfig.exe [2009-02-28 122880]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Graboid\\GraboidVideo\\1.4.0.0\\DLManager\\GraboidDLManager.exe"=
"c:\\Program Files\\FTP Now\\FTPNow.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [2009-02-28 137216]
R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [2009-02-28 5248]
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2009-02-25 210224]
R4 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys --> c:\windows\system32\Drivers\avgrkx86.sys [?]
S2 hpdj00;hpdj00;c:\docume~1\NANCYG~1\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Deskjet 6500 Series -product=6500 --> c:\docume~1\NANCYG~1\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Deskjet 6500 Series -product=6500 [?]
S3 autorun;autorun;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-02-28 33752]
S3 hcdriver;EHCI;c:\windows\system32\drivers\hcdriver.sys [2009-04-01 50304]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - HPDJ00
*Deregistered* - AvgLdx86
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e0fbcfd-0866-11de-b4e8-0019dbcd1b0e}]
\Shell\AutoRun\command - O:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-04-08 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 06:43]
2009-04-07 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 06:43]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/ig?gl=allmStart Page =
hxxp://www.google.com/ig?gl=alluInternet Settings,ProxyOverride = *.local
IE: Copy plain text for WhizFolders - c:\program files\WhizFolders Organizer Deluxe\copytool.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms -
file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar -
file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms -
file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} -
hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cabFF - ProfilePath - c:\documents and settings\NancyGail\Application Data\Mozilla\Firefox\Profiles\ldjw8pvk.default\
FF - component: c:\documents and settings\NancyGail\Application Data\Mozilla\Firefox\Profiles\ldjw8pvk.default\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}\components\rfproxy_27.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-07 18:54:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\autorun]
"ImagePath"="\??\c:\huadio.tmp"
.
Completion time: 2009-04-07 18:55:06
ComboFix-quarantined-files.txt 2009-04-08 01:55:04
ComboFix2.txt 2009-04-08 01:44:58
Pre-Run: 67,436,482,560 bytes free
Post-Run: 67,419,357,184 bytes free
298 --- E O F --- 2009-03-20 10:23:10
ComboFix 09-04-04.01 - NancyGail 2009-04-07 18:34:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2243 [GMT -7:00]
Running from: c:\documents and settings\NancyGail\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\adetuled.ini
c:\windows\system32\AutoRun.inf
c:\windows\system32\ayizales.ini
c:\windows\system32\egeyuzut.ini
c:\windows\system32\igetavip.ini
c:\windows\system32\otobarub.ini
c:\windows\system32\ujabizeg.ini
c:\windows\system32\unomugos.ini
.
((((((((((((((((((((((((( Files Created from 2009-03-08 to 2009-04-08 )))))))))))))))))))))))))))))))
.
2009-04-07 18:29 . 2009-04-07 18:29 <DIR> d-------- c:\program files\ERUNT
2009-04-07 13:43 . 2009-04-07 13:43 <DIR> d-------- c:\program files\twhirl
2009-04-02 06:47 . 2009-04-02 06:47 43,585 --a------ C:\BillingTracker.elf
2009-04-01 18:46 . 2009-04-01 18:50 <DIR> d-------- c:\documents and settings\NancyGail\Application Data\Uniblue
2009-04-01 18:46 . 2009-04-01 18:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2009-04-01 18:23 . 2009-04-01 18:25 <DIR> d-------- c:\program files\USB-IF Test Suite
2009-04-01 18:23 . 2008-04-17 14:40 50,304 --a------ c:\windows\system32\drivers\hcdriver.sys
2009-03-31 10:42 . 2009-03-31 10:42 <DIR> d-------- c:\documents and settings\NancyGail\Application Data\Centered Systems
2009-03-31 10:36 . 2009-03-31 10:38 <DIR> d-------- c:\program files\SecCopy
2009-03-31 10:36 . 2006-12-21 15:18 497,496 --a------ c:\windows\system32\XceedZip.dll
2009-03-30 10:03 . 2009-03-30 10:03 <DIR> d-------- c:\program files\Trend Micro
2009-03-29 10:58 . 2009-03-29 10:58 <DIR> d-------- c:\program files\Fraps
2009-03-29 09:24 . 2009-04-04 06:56 <DIR> d-------- c:\program files\XoftSpySE
2009-03-28 09:47 . 2001-05-11 13:18 420,240 --a------ c:\windows\system32\mpg4c32.dll
2009-03-28 09:47 . 2001-05-16 17:54 309,616 --a------ c:\windows\system32\wmv8dmod.dll
2009-03-28 09:47 . 2001-03-26 04:41 245,760 --a------ c:\windows\system32\mp4sds32.ax
2009-03-28 09:45 . 2009-03-29 10:56 <DIR> d-------- c:\program files\Game Cam
2009-03-25 14:33 . 2009-03-25 14:51 <DIR> d-------- c:\program files\Game Cam V2
2009-03-24 14:54 . 2009-03-24 14:54 5,242,934 --ah----- c:\windows\system32\toyhide.bmp
2009-03-24 14:24 . 2009-03-24 14:24 187,072 --a------ c:\windows\walltoyUninst.exe
2009-03-23 10:36 . 2009-03-23 10:36 <DIR> d-------- c:\program files\IrfanView
2009-03-21 13:21 . 2009-03-21 13:21 <DIR> d-------- c:\program files\Hotkey CD Eject
2009-03-20 11:24 . 2009-03-20 11:24 <DIR> d-------- c:\program files\iTunes
2009-03-20 11:24 . 2009-03-20 11:24 <DIR> d-------- c:\program files\iPod
2009-03-20 11:24 . 2009-03-20 11:24 <DIR> d-------- c:\program files\Common Files\Apple
2009-03-20 11:24 . 2009-03-20 11:24 <DIR> d-------- c:\program files\Bonjour
2009-03-20 11:24 . 2009-03-20 11:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-20 11:24 . 2008-04-17 12:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-03-20 11:24 . 2009-01-15 12:19 23,848 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-20 11:02 . 2009-03-20 11:02 <DIR> d-------- c:\program files\NCH Software
2009-03-20 11:02 . 2009-03-20 11:02 <DIR> d-------- c:\documents and settings\NancyGail\Application Data\Recordpad
2009-03-20 11:02 . 2009-03-20 11:02 <DIR> d-------- c:\documents and settings\NancyGail\Application Data\NCH Swift Sound
2009-03-20 11:02 . 2009-03-20 11:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-03-20 11:01 . 2009-03-20 11:02 <DIR> d-------- c:\program files\NCH Swift Sound
2009-03-20 10:50 . 2009-03-20 11:11 <DIR> d-------- c:\program files\All Sound Recorder XP
2009-03-19 10:33 . 2009-03-19 10:33 <DIR> d-------- c:\program files\MAPILab Ltd
2009-03-19 10:13 . 2009-03-19 10:13 <DIR> dr-h----- C:\MSOCache
2009-03-19 10:13 . 2009-03-20 03:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-19 03:00 . 2009-03-19 03:00 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-18 10:49 . 2009-03-18 10:49 2,344 --a------ c:\windows\hpbvspst.his
2009-03-18 10:49 . 2009-03-18 10:49 414 --a------ c:\windows\hpbvspst.ini
2009-03-18 10:44 . 2009-04-03 17:16 50,895 --a------ c:\windows\hpdj6500.hi2
2009-03-18 10:44 . 2009-04-03 17:16 8,768 --a------ c:\windows\hpdj6500.bu2
2009-03-18 10:35 . 2003-12-11 11:15 626,960 -ra------ c:\windows\system32\hpvaut32.dll
2009-03-18 10:35 . 2003-12-11 11:15 487,424 -ra------ c:\windows\system32\hpvcp70.dll
2009-03-18 10:35 . 2003-12-11 11:15 344,064 -ra------ c:\windows\system32\hpvcr70.dll
2009-03-18 10:35 . 2003-12-11 11:15 44,544 -ra------ c:\windows\system32\MSXML4a.dll
2009-03-18 10:30 . 2009-04-03 17:18 42,237 --a------ c:\windows\hpdj6500.hi1
2009-03-18 10:30 . 2009-04-03 17:18 5,586 --a------ c:\windows\hpdj6500.bu1
2009-03-14 15:58 . 2009-03-14 15:58 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2009-03-12 09:11 . 2009-03-12 09:11 <DIR> d-------- c:\program files\Realtek Sound Manager
2009-03-12 09:11 . 2009-03-12 09:11 <DIR> d-------- c:\program files\Realtek AC97
2009-03-12 09:11 . 2009-03-12 09:11 <DIR> d-------- c:\program files\AvRack
2009-03-12 09:11 . 2006-03-22 16:23 10,524,672 --a------ c:\windows\system32\RTLCPL.exe
2009-03-12 09:11 . 2006-03-31 14:38 3,960,896 -ra------ c:\windows\system32\drivers\alcxwdm.sys
2009-03-12 09:11 . 2006-03-20 11:48 315,392 --a------ c:\windows\alcupd.exe
2009-03-12 09:11 . 2005-11-18 11:20 217,088 --a------ c:\windows\alcrmv.exe
2009-03-12 09:11 . 2002-02-05 13:54 141,016 --a------ c:\windows\system32\alsndmgr.wav
2009-03-12 09:11 . 2006-01-10 13:38 135,168 --a------ c:\windows\system32\RtlCPAPI.dll
2009-03-12 09:11 . 2001-07-06 00:19 164 --a------ c:\windows\avrack.ini
2009-03-10 10:15 . 2009-03-10 10:15 <DIR> d-------- c:\program files\MSECache
2009-03-08 13:11 . 2009-03-08 13:11 <DIR> d-------- c:\program files\FTP Now
2009-03-08 08:47 . 2009-03-08 08:47 <DIR> d-------- c:\documents and settings\NancyGail\Application Data\AdobeUM
2009-03-08 08:46 . 2009-03-08 08:46 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2009-03-08 08:46 . 2009-03-08 08:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 01:42 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-08 01:42 --------- d-----w c:\documents and settings\NancyGail\Application Data\nView_Wallpaper
2009-04-08 00:56 --------- d-----w c:\documents and settings\NancyGail\Application Data\UseNeXT
2009-04-07 23:13 --------- d-----w c:\program files\BillingTracker Pro 4
2009-04-06 12:59 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-06 12:35 --------- d-----w c:\documents and settings\NancyGail\Application Data\ZoomBrowser EX
2009-04-06 12:35 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-04-05 19:54 --------- d-----w c:\documents and settings\NancyGail\Application Data\U3
2009-04-02 23:37 --------- d-----w c:\program files\World of Warcraft
2009-03-29 17:56 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-25 21:33 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-24 17:18 --------- d-----w c:\program files\UseNeXT
2009-03-20 18:25 --------- d-----w c:\documents and settings\NancyGail\Application Data\Apple Computer
2009-03-20 18:24 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-19 17:34 --------- d-----w c:\program files\Rules Manager
2009-03-18 17:50 --------- d-----w c:\program files\HP
2009-03-18 17:50 --------- d-----w c:\program files\Hewlett-Packard
2009-03-17 19:52 --------- d-----w c:\program files\WhizFolders Organizer Deluxe
2009-03-17 15:24 325,640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-03-15 19:47 --------- d-----w c:\program files\Maxthon2
2009-03-08 15:46 --------- d-----w c:\program files\Common Files\Adobe
2009-03-05 00:20 --------- d-----w c:\program files\Amara - Flash Photo Animation Software
2009-03-04 23:45 --------- d-----w c:\program files\FastStone Photo Resizer
2009-03-04 23:45 --------- d-----w c:\documents and settings\NancyGail\Application Data\FastStone
2009-03-04 22:51 --------- d-----w c:\program files\Flash Slideshow Maker Professional
2009-03-04 22:48 --------- d-----w c:\program files\Microsoft Student
2009-03-04 19:43 --------- d-----w c:\documents and settings\NancyGail\Application Data\ColorCop
2009-03-04 19:18 --------- d-----w c:\program files\AllToTray
2009-03-04 02:57 --------- d-----w c:\program files\Cool MP3 Splitter
2009-03-03 22:35 --------- d-----w c:\program files\Common Files\AVSMedia
2009-03-03 22:35 --------- d-----w c:\program files\AVS4YOU
2009-03-03 21:12 --------- d-----w c:\documents and settings\NancyGail\Application Data\vlc
2009-03-03 19:56 --------- d-----w c:\program files\Canon
2009-03-03 17:13 --------- d-----w c:\documents and settings\NancyGail\Application Data\AVS4YOU
2009-03-03 17:13 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-03-03 03:09 --------- d-----w c:\program files\Graboid
2009-03-03 03:03 --------- d-----w c:\documents and settings\NancyGail\Application Data\Graboid Inc
2009-03-02 19:02 --------- d-----w c:\program files\Collectorz.com
2009-03-02 16:56 --------- d-----w c:\documents and settings\NancyGail\Application Data\Rules Manager
2009-03-02 01:50 --------- d-----w c:\program files\D-Tools
2009-03-02 00:25 --------- d-----w c:\program files\Unlocker
2009-03-01 21:59 --------- d-----w c:\program files\Mozilla ActiveX Control v1.7.12
2009-03-01 21:59 --------- d-----w c:\documents and settings\NancyGail\Application Data\MozillaControl
2009-03-01 21:59 --------- d-----w c:\documents and settings\All Users\Application Data\Graboid Inc
2009-03-01 16:21 --------- d-----w c:\documents and settings\NancyGail\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-03-01 04:55 --------- d-----w c:\program files\eMule
2009-03-01 03:48 --------- d-----w c:\program files\VideoLAN
2009-03-01 03:44 --------- d-----w c:\program files\NOS
2009-03-01 03:44 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-03-01 02:51 --------- d-----w c:\program files\MSBuild
2009-03-01 02:50 --------- d-----w c:\program files\Reference Assemblies
2009-03-01 02:48 --------- d-----w c:\program files\MSXML 4.0
2009-03-01 02:27 121,887 ----a-w c:\windows\File Renamer - Basic Uninstaller.exe
2009-03-01 02:27 --------- d-----w c:\program files\File Renamer
2009-03-01 01:36 --------- d-----w c:\program files\Lakefront Software
2009-03-01 01:17 --------- d-----w c:\documents and settings\All Users\Application Data\WEBREG
2009-03-01 01:15 --------- d-----w c:\program files\Common Files\HP
2009-03-01 01:15 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-03-01 01:15 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-03-01 01:14 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-03-01 01:07 --------- d-----w c:\program files\PDFCreator
2009-03-01 00:44 --------- d-----w c:\documents and settings\NancyGail\Application Data\AvniTech
2009-03-01 00:39 --------- d-----w c:\program files\Color_Cop
2009-03-01 00:37 6,144 ----a-w c:\windows\system32\drivers\NTIDrvr.sys
2009-03-01 00:37 --------- d-----w c:\program files\NewTech Infosystems
2009-03-01 00:37 --------- d-----w c:\program files\Common Files\NewTech Infosystems
2009-03-01 00:37 --------- d-----w c:\program files\Common Files\muvee Technologies
2009-03-01 00:31 --------- d-----w c:\program files\TweetDeck
2009-03-01 00:31 --------- d-----w c:\documents and settings\NancyGail\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-02-28 23:26 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-28 23:26 --------- d-----w c:\documents and settings\NancyGail\Application Data\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
2009-02-28 23:17 --------- d-----w c:\program files\MediaMonkey
2009-02-28 23:11 --------- d-----w c:\program files\Olympus
2009-02-28 23:09 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-28 23:07 --------- d-----w c:\program files\Common Files\Canon
2009-02-28 23:00 --------- d-----w c:\program files\Microsoft IntelliType Pro
2009-02-28 22:55 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-02-28 22:55 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-02-28 22:55 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-02-28 22:50 --------- d-----w c:\program files\AVG
2009-02-28 22:45 --------- d-----w c:\program files\Corel
2009-02-28 22:45 --------- d-----w c:\program files\Common Files\Corel
2009-02-28 22:45 --------- d-----w c:\documents and settings\NancyGail\Application Data\Corel
2009-02-28 22:45 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-02-28 22:18 --------- d-----w c:\documents and settings\All Users\Application Data\Corel
2009-02-28 22:15 --------- d-----w c:\documents and settings\NancyGail\Application Data\InstallShield
2009-02-28 22:00 --------- d-----w c:\program files\Macromedia
2009-02-28 22:00 --------- d-----w c:\program files\Common Files\Macromedia
2009-02-28 21:50 --------- d-----w c:\program files\QuickTime
2009-02-28 21:49 --------- d-----w c:\program files\Apple Software Update
2009-02-28 21:49 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-02-28 20:43 --------- d-----w c:\documents and settings\NancyGail\Application Data\MxBoost
2009-02-28 20:40 --------- d-----w c:\program files\TechHit.com
2009-02-28 19:31 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-28 19:31 --------- d-----w c:\program files\Windows Live
2009-02-28 19:31 --------- d-----w c:\program files\Microsoft
2009-02-28 19:30 --------- d-----w c:\program files\Microsoft.NET
2009-02-28 19:30 --------- d-----w c:\program files\Microsoft ActiveSync
2009-02-28 19:27 --------- d-----w c:\program files\Common Files\Windows Live
2009-02-28 19:11 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-28 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"L09AXLRD_139214234"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" [2008-06-03 351000]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"Hotkey CD Eject"="c:\program files\Hotkey CD Eject\cdeject.exe" [2003-02-20 597504]
"AllToTray"="c:\program files\AllToTray\AllToTray.exe" [2009-03-04 728576]
"Second Copy"="c:\program files\SecCopy\SecCopy.exe" [2007-10-17 2425856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"WinSys2"="c:\windows\system32\winsys2.exe" [2008-01-18 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-17 1932568]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"Recordpad"="c:\program files\NCH Swift Sound\Recordpad\recordpad.exe" [2009-03-20 577540]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-18 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-03-08 25214]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-02-28 114688]
Directrec Configuration Tool.lnk - c:\program files\Olympus\DSSPlayer\DirectrecConfig.exe [2009-02-28 122880]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-17 08:24 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Graboid\\GraboidVideo\\1.4.0.0\\DLManager\\GraboidDLManager.exe"=
"c:\\Program Files\\FTP Now\\FTPNow.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-02-28 12552]
R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [2009-02-28 137216]
R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [2009-02-28 5248]
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2009-02-25 210224]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-28 325640]
S2 hpdj00;hpdj00;c:\docume~1\NANCYG~1\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Deskjet 6500 Series -product=6500 --> c:\docume~1\NANCYG~1\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Deskjet 6500 Series -product=6500 [?]
S3 autorun;autorun;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-02-28 33752]
S3 hcdriver;EHCI;c:\windows\system32\drivers\hcdriver.sys [2009-04-01 50304]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - HPDJ00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e0fbcfd-0866-11de-b4e8-0019dbcd1b0e}]
\Shell\AutoRun\command - O:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-04-08 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 06:43]
2009-04-07 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 06:43]
.
- - - - ORPHANS REMOVED - - - -
BHO-{3419acba-553c-445e-a7e8-5c10b2db2b44} - c:\windows\system32\ralavepe.dll
HKLM-Run-melurayeto - c:\windows\system32\huhasuso.dll
HKLM-Run-1ca3a4ba - c:\windows\system32\selaziya.dll
HKLM-Run-CPM1f909726 - c:\windows\system32\rutefori.dll
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/ig?gl=allmStart Page =
hxxp://www.google.com/ig?gl=alluInternet Settings,ProxyOverride = *.local
IE: Copy plain text for WhizFolders - c:\program files\WhizFolders Organizer Deluxe\copytool.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms -
file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar -
file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms -
file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} -
hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cabFF - ProfilePath - c:\documents and settings\NancyGail\Application Data\Mozilla\Firefox\Profiles\ldjw8pvk.default\
FF - component: c:\documents and settings\NancyGail\Application Data\Mozilla\Firefox\Profiles\ldjw8pvk.default\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}\components\rfproxy_27.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-07 18:42:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\autorun]
"ImagePath"="\??\c:\huadio.tmp"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Olympus\DeviceDetector\DM1Service.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Maxthon2\Maxthon.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2009-04-07 18:44:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-08 01:44:54
Pre-Run: 65,819,119,616 bytes free
Post-Run: 67,320,266,752 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
345 --- E O F --- 2009-03-20 10:23:10
I