i ran combofix and here is the log...------------------
ComboFix 09-05-02.4 - HP_Administrator 05/02/2009 7:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.269 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\47FA70A48C.dll
D:\Autorun.inf
----- BITS: Possible infected sites -----
hxxp://82.98.235.205.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IWINGAMESINSTALLER
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_iWinGamesInstaller
((((((((((((((((((((((((( Files Created from 2009-04-02 to 2009-05-02 )))))))))))))))))))))))))))))))
.
2009-04-26 03:55 . 2009-04-26 03:55 -------- d-----w c:\program files\Trend Micro
2009-04-26 03:23 . 2009-04-26 03:23 -------- d-----w c:\documents and settings\HP_Administrator\Local Settings\Application Data\PCHealth
2009-04-26 01:24 . 2004-10-17 04:46 178176 ----a-w c:\windows\system32\StellarProfile.dll
2009-04-26 01:24 . 2006-04-17 18:56 1207808 ----a-w c:\windows\system32\PhoenixDll.dll
2009-04-26 01:24 . 2009-04-26 03:02 -------- d-----w c:\program files\Stellar Phoenix Outlook PST Repair
2009-04-21 22:31 . 2009-04-21 22:32 -------- d-----w c:\program files\pdf24
2009-04-16 14:48 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-16 14:48 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 14:48 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-16 14:48 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 14:48 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 14:48 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 14:48 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 14:48 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 14:48 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 14:47 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-16 14:47 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-16 14:11 . 2009-04-16 14:11 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-04-16 14:11 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-16 14:11 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-16 14:11 . 2009-04-16 14:11 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-16 14:11 . 2009-05-01 15:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-14 19:46 . 2009-04-14 19:46 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-14 19:41 . 2009-04-14 19:41 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-04-14 19:41 . 2009-04-14 19:41 -------- d-----w c:\program files\NOS
2009-04-13 01:16 . 2009-04-13 01:16 50480 --sha-w c:\windows\system32\gumejisi.exe
2009-04-09 18:33 . 2009-04-09 18:33 -------- d-----r c:\program files\Skype
2009-04-08 22:12 . 2009-04-08 22:12 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Blackberry Desktop
2009-04-08 21:50 . 2009-04-25 14:46 256 ----a-w c:\windows\system32\pool.bin
2009-04-08 21:49 . 2009-04-08 21:49 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Research In Motion
2009-04-08 21:15 . 2007-01-18 17:24 26496 ----a-r c:\windows\system32\drivers\RimSerial.sys
2009-04-08 21:15 . 2009-04-16 21:58 -------- d-----w c:\program files\Common Files\Research In Motion
2009-04-08 21:15 . 2009-04-08 21:15 -------- d-----w c:\program files\Research In Motion
2009-04-08 05:07 . 2009-04-08 05:07 -------- d-----w c:\program files\iPod
2009-04-08 05:07 . 2009-04-08 05:07 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-05 03:31 . 2009-04-05 03:31 -------- d-----w c:\documents and settings\HP_Administrator\Local Settings\Application Data\Microsoft Corporation
2009-04-05 03:21 . 2009-04-27 14:12 -------- d-----w c:\program files\Microsoft Small Business
2009-04-05 03:14 . 2009-04-06 12:45 -------- d-----w c:\program files\Microsoft SQL Server
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 14:53 . 2009-01-05 13:43 486 ----a-w c:\windows\Tasks\SDMsgUpdate (TE).job
2009-05-02 14:53 . 2009-03-26 21:55 868 ----a-w c:\windows\Tasks\Google Software Updater.job
2009-05-02 14:52 . 2008-06-08 16:51 444 ---ha-w c:\windows\Tasks\User_Feed_Synchronization-{8F2F561B-2337-4E60-92EF-6A2E65DC15BB}.job
2009-05-02 14:52 . 2005-08-31 04:17 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-01 06:57 . 2008-07-18 03:34 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-05-01 00:23 . 2006-06-14 04:08 272016 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-28 19:54 . 2008-11-25 20:06 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-27 14:45 . 2006-06-14 04:18 -------- d-----w c:\program files\Microsoft Works
2009-04-24 15:57 . 2008-11-25 20:10 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-24 15:57 . 2008-11-25 20:10 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-24 15:57 . 2008-11-25 20:10 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-04-24 15:57 . 2008-11-25 20:10 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-16 14:20 . 2009-04-16 14:20 89088 ---h--w c:\windows\system32\BIT11.tmp
2009-04-13 09:00 . 2008-04-29 04:16 644 ----a-w c:\windows\Tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job
2009-04-08 05:07 . 2006-11-05 03:11 -------- d-----w c:\program files\iTunes
2009-04-08 05:07 . 2007-08-12 05:19 -------- d-----w c:\program files\Common Files\Apple
2009-04-05 03:18 . 2006-06-14 04:19 -------- d-----w c:\program files\Microsoft.NET
2009-04-05 03:06 . 2006-06-14 04:32 -------- d-----w c:\program files\Google
2009-04-05 02:44 . 2006-11-05 06:30 4232 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-04-05 02:44 . 2006-11-05 06:30 168 --sh--r c:\windows\system32\7C218E6431.sys
2009-04-01 10:58 . 2008-01-23 18:29 -------- d-----w c:\program files\GamesBar
2009-03-31 22:40 . 2009-02-12 22:51 -------- d-----w c:\program files\American Airlines DealFinder
2009-03-31 22:39 . 2006-11-05 03:10 -------- d-----w c:\program files\QuickTime
2009-03-29 00:27 . 2008-07-29 15:21 -------- d-----w c:\program files\Safari
2009-03-22 23:38 . 2006-06-14 03:53 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-22 23:38 . 2009-03-22 23:38 -------- d-----w c:\program files\Rockstar Games
2009-03-20 06:40 . 2009-03-20 06:40 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-19 23:32 . 2008-01-29 19:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-18 09:54 . 2008-04-09 19:57 -------- d-----w c:\program files\Stamps.com Internet Postage
2009-03-16 17:13 . 2009-03-16 17:00 -------- d-----w c:\program files\ClockIt
2009-03-16 17:11 . 2009-03-16 17:11 -------- d-----w c:\program files\Constant Contact
2009-03-06 14:22 . 2004-08-10 04:00 284160 ------w c:\windows\system32\pdh.dll
2009-03-06 06:59 . 2009-03-29 00:06 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 06:59 . 2008-11-14 16:04 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2004-08-10 04:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-10 04:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-10 04:00 729088 ------w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-10 11:00 714752 ------w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-10 04:00 617472 ------w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-10 04:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-10 04:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2004-08-10 04:00 110592 ------w c:\windows\system32\services.exe
2009-02-06 11:06 . 2006-11-06 11:00 2145280 ------w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-10 04:00 35328 ------w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2006-11-06 11:00 2023936 ------w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2004-08-10 04:00 56832 ----a-w c:\windows\system32\secur32.dll
2008-05-06 06:57 . 2008-05-06 06:57 0 ----a-w c:\program files\temp01
2007-08-24 04:18 . 2007-08-24 04:18 774144 ----a-w c:\program files\RngInterstitial.dll
1999-01-15 17:51 . 2008-01-24 04:11 266 ----a-w c:\program files\internet explorer\plugins\Efile.dll
2009-01-13 01:16 . 2009-01-13 01:16 6680 --sha-w c:\windows\system32\tosikuli.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-01-06 17:05 . 2005-02-03 00:44 61440 c:\hp\KBD\bak\KBD.EXE
2007-05-11 10:06 . 2007-05-11 10:06 40048 c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
2007-01-30 06:57 . 2007-01-30 06:57 5039696 c:\program files\AIM\AIM Pro\bak\aimpro.exe
2005-08-12 00:30 . 2005-08-12 00:30 81920 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
2007-08-29 00:43 . 2007-08-29 00:43 73728 c:\program files\Common Files\InstallShield\UpdateService\issch.exe
2005-08-12 00:30 . 2005-08-12 00:30 249856 c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
2007-08-30 17:50 . 2007-08-30 17:50 205480 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
2006-06-14 04:08 . 2006-06-14 04:08 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
2008-10-02 08:51 . 2008-10-02 08:51 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
2006-03-16 09:12 . 2006-03-16 09:12 1077248 c:\program files\DISC\bak\DISCover.exe
2006-03-16 09:11 . 2006-03-16 09:11 61440 c:\program files\DISC\bak\DiscUpdMgr.exe
2006-12-06 01:44 . 2006-12-06 01:44 366400 c:\program files\Google\Picasa3\bak\PicasaMediaDetector.exe
2006-02-16 05:34 . 2006-02-16 05:34 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
2006-06-14 03:27 . 2005-06-02 06:35 49152 c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe
2005-12-16 01:18 . 2005-12-16 01:18 49152 c:\program files\HP\HP Software Update\bak\HPwuSchd2.exe
2006-03-20 16:05 . 2006-03-20 16:05 90112 c:\program files\HP DigitalMedia Archive\bak\DMAScheduler.exe
2006-06-14 03:53 . 2005-10-13 02:30 139264 c:\program files\Intel\Intel Matrix Storage Manager\bak\iaanotif.exe
2006-10-30 17:36 . 2006-10-30 17:36 256576 c:\program files\iTunes\bak\iTunesHelper.exe
2009-04-02 23:11 . 2009-04-02 23:11 342312 c:\program files\iTunes\iTunesHelper.exe
2007-09-22 15:55 . 2007-03-14 10:43 83608 c:\program files\Java\jre1.6.0_01\bin\bak\jusched.exe
2007-06-29 13:24 . 2007-06-29 13:24 286720 c:\program files\QuickTime\bak\qttask.exe
2009-01-05 23:18 . 2009-01-05 23:18 413696 c:\program files\QuickTime\QTTask.exe
2006-04-06 08:55 . 2006-04-06 08:55 77892 c:\program files\WordPerfect Office X3\Programs\bak\QFSCHD130.EXE
2006-06-14 04:20 . 2004-12-14 09:23 663552 c:\windows\CREATOR\bak\Remind_XP.exe
2004-08-10 10:04 . 2005-09-30 04:01 67584 c:\windows\ehome\bak\ehtray.exe
2004-08-10 10:04 . 2005-08-06 03:56 64512 c:\windows\ehome\ehtray.exe
2006-06-14 04:20 . 2005-07-23 05:14 237568 c:\windows\SMINST\bak\RECGUARD.EXE
2004-08-10 04:00 . 2004-08-10 04:00 15360 c:\windows\system32\bak\ctfmon.exe
2004-08-10 04:00 . 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe
2006-06-14 03:51 . 2006-02-07 15:36 77824 c:\windows\system32\bak\hkcmd.exe
2006-06-14 03:51 . 2006-02-07 15:40 118784 c:\windows\system32\bak\igfxpers.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 10:43 501400 ----a-w c:\program files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2009-01-22 03:15 251504 ----a-w c:\program files\Google\Google Toolbar\GoogleToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
2006-05-30 19:20 208896 ------w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2009-03-26 21:55 668656 ----a-w c:\program files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
2009-01-22 03:15 522224 ----a-w c:\program files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-07-28 10:47 160496 ----a-w c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\yt.dll" [2008-07-28 882416]
[HKEY_CLASSES_ROOT\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\yt.dll" [2008-07-28 882416]
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"= "c:\windows\system32\ieframe.dll" [2009-02-20 6066176]
[HKEY_CLASSES_ROOT\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand]
[HKEY_CLASSES_ROOT\clsid\{f2cf5485-4e02-4f68-819c-b92de9277049}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-04 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-24 1947928]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-02 185896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"= {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - c:\windows\system32\webcheck.dll [2009-02-20 233472]
"WPDShServiceObj"= {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll [2006-10-19 133632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-24 15:57 11952 ----a-w c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Symantec RemoteAssist"=3 (0x3)
"Pml Driver HPZ12"=0 (0x0)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"IAANTMon"=2 (0x2)
"gusvc"=2 (0x2)
"ELService"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"MyWebSearchService"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVCOMSer"=2 (0x2)
"iWinGamesInstaller"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"InstallShield Licensing Service"=3 (0x3)
"idsvc"=3 (0x3)
"getPlus(R) Helper"=3 (0x3)
"Bonjour Service"=2 (0x2)
"BcmSqlStartupSvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-04-24 12552]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-24 325896]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-24 108552]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-24 298776]
S2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
.
Contents of the 'Scheduled Tasks' folder
2009-05-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2009-05-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-13 21:55]
2009-05-02 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-01-05 14:29]
2009-05-02 c:\windows\Tasks\User_Feed_Synchronization-{8F2F561B-2337-4E60-92EF-6A2E65DC15BB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:36]
.
- - - - ORPHANS REMOVED - - - -
BHO-{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
Toolbar-{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
WebBrowser-{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
SharedTaskScheduler-{8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
ShellExecuteHooks-{AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
SSODL-PostBootReminder-{7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page =
hxxp://www.myofficeinmotion.com/esuite/control/mainmStart Page =
hxxp://home.sweetim.comuInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://www.google.com/keyword/%s
IE: &Search - ?p=ZKxdm021YYUS
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Lance Norris\Start Menu\Programs\Accessories\IMVU\Run IMVU.lnk
IE: {{E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
IE: {{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
IE: {{92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\MICROS~4\Office12\REFIEBAR.DLL
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} -
Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - c:\progra~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: http\
0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: https\
0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: ipp\
0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\AVG\AVG8\avgpp.dll
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: msdaipp\
0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} -
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} -
hxxps://www.taxsimple.org/tsweb/msrdp.cabDPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} -
hxxp://vsp.closetmaid.com/vsp/cmaidctl_ ... loader.cabDPF: {87587503-20F0-4FF5-8DA3-0106C4C03FDC} -
hxxp://www.vibephone.com/vm/vmdata/down ... uncher.cabDPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} -
hxxp://web1.shutterfly.com/downloads/Uploader.cabDPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
hxxp://www.adobe.com/products/acrobat/nos/gp.cabDPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
hxxps://pc.mywebexpc.com/pc/mywebex/too ... eatgpc.cabFF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j34ozj15.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-yff2&p=FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://www.myofficeinmotion.com/esuite/control/mainFF - prefs.js: keyword.URL -
hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-yff2&p=FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-02 07:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1832)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-05-02 8:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-02 15:01
Pre-Run: 125,211,160,576 bytes free
Post-Run: 125,221,302,272 bytes free
407 --- E O F --- 2009-04-29 10:01
------------------------------------
Also new hijack this log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:52 AM, on 5/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.myofficeinmotion.com/esuite/control/mainR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://home.sweetim.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZKxdm021YYUS
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Lance Norris\Start Menu\Programs\Accessories\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/download/ipixx.cabO16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) -
http://zone.msn.com/bingame/trix/defaul ... 0.0.87.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://photo.walgreens.com/WalgreensActivia.cabO16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) -
http://www.symantec.com/techsupp/asa/ss ... gctlsr.cabO16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) -
https://www.select2perform.com/cabs/QOLCheck.ocxO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cabO16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) -
https://www.taxsimple.org/tsweb/msrdp.cabO16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) -
http://zone.msn.com/bingame/amun/defaul ... uncher.cabO16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) -
http://vsp.closetmaid.com/vsp/cmaidctl_ ... loader.cabO16 - DPF: {87587503-20F0-4FF5-8DA3-0106C4C03FDC} (vmLaunch Class) -
http://www.vibephone.com/vm/vmdata/down ... uncher.cabO16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) -
http://web1.shutterfly.com/downloads/Uploader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v ... b56649.cabO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://www.adobe.com/products/acrobat/nos/gp.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
https://pc.mywebexpc.com/pc/mywebex/too ... eatgpc.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9493 bytes
------------------------------------------
A few things were different when I started the combofix. It gave me an option to close AVG, and the spybot was opened??? Not sure I did this exatly right.
Thanks