Here are the new logs you asked for,
ComboFix 08-03-09.1 - Dustin 2008-03-09 23:13:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.85 [GMT -4:00]
Running from: C:\Documents and Settings\Dustin\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Dustin\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\29D.tmp
C:\WINDOWS\gnulcjkv.dll
C:\WINDOWS\kvmnovef.exe
C:\WINDOWS\lsduxqlo.exe
C:\WINDOWS\system32\L8918.tmp
C:\WINDOWS\system32\LA664.tmp
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\29D.tmp
C:\Program Files\180searchassistant
C:\Program Files\180searchassistant\saap.exe
C:\Program Files\180searchassistant\sac.exe
C:\Program Files\180solutions
C:\Program Files\180solutions\sais.exe
C:\Program Files\zango
C:\Program Files\zango\zango.exe
C:\WINDOWS\gnulcjkv.dll
C:\WINDOWS\kvmnovef.exe
C:\WINDOWS\lsduxqlo.exe
C:\WINDOWS\system32\L8918.tmp
C:\WINDOWS\system32\LA664.tmp
.
((((((((((((((((((((((((( Files Created from 2008-02-10 to 2008-03-10 )))))))))))))))))))))))))))))))
.
2008-03-09 21:43 . 2008-03-09 21:43 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-09 21:23 . 2008-03-09 22:05 <DIR> d-------- C:\SDFix
2008-03-09 16:15 . 2007-06-08 10:44 8,576 --a------ C:\WINDOWS\system32\drivers\rcpdllheusoe.sys
2008-03-09 15:36 . 2008-03-09 15:36 <DIR> d-------- C:\Program Files\180search assistant
2008-03-09 02:34 . 2007-06-05 11:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-09 02:32 . 2007-06-08 10:44 8,576 --a------ C:\WINDOWS\system32\drivers\tgifeboxdlju.sys
2008-03-09 01:33 . 2008-03-09 16:57 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-09 01:33 . 2008-03-09 15:49 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-09 01:33 . 2008-03-09 15:49 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-09 01:33 . 2008-03-09 15:49 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-09 00:26 . 2008-03-09 00:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-03-09 00:16 . 2008-03-09 00:16 <DIR> d-------- C:\Documents and Settings\Dustin\Application Data\Grisoft
2008-03-09 00:15 . 2008-03-09 00:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-09 00:15 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-08 21:58 . 2008-03-08 21:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-08 21:30 . 2008-03-08 21:30 <DIR> d-------- C:\Program Files\Sysmnt
2008-03-08 21:30 . 2008-03-08 21:30 <DIR> d-------- C:\Program Files\stc
2008-03-08 20:15 . 2008-03-08 20:39 <DIR> d-------- C:\Documents and Settings\Dustin\Application Data\Symantec
2008-03-08 20:12 . 2008-03-08 20:12 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-03-08 20:12 . 2008-03-09 16:34 <DIR> d-------- C:\Program Files\Norton 360
2008-03-08 20:12 . 2008-03-08 20:12 26,880 --a------ C:\WINDOWS\didduid.ini
2008-03-08 20:11 . 2008-03-08 20:14 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-08 20:11 . 2008-03-08 20:14 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-08 20:11 . 2008-03-08 20:14 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-08 20:11 . 2008-03-08 20:14 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-08 20:10 . 2008-03-08 20:14 <DIR> d-------- C:\Program Files\Symantec
2008-03-08 20:10 . 2008-03-09 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-08 19:33 . 2008-03-08 19:33 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-03-08 17:56 . 2007-12-06 22:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-08 17:56 . 2007-06-30 23:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-08 17:56 . 2007-06-30 23:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-08 17:56 . 2007-12-06 22:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-08 17:56 . 2007-12-06 22:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-08 17:56 . 2007-12-06 22:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-08 17:56 . 2007-12-06 22:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-08 17:56 . 2007-12-06 22:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-08 17:56 . 2007-12-06 07:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-08 17:47 . 2007-08-13 19:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-03-08 09:15 . 2006-08-21 05:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-03-08 09:15 . 2006-08-21 05:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-03-08 09:15 . 2006-08-21 08:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-03-08 07:47 . 2007-07-09 09:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-03-08 07:39 . 2008-03-08 07:39 22,272 --a------ C:\WINDOWS\apphelp32.dll
2008-03-08 07:39 . 2008-03-08 07:39 20,736 --a------ C:\WINDOWS\changeurl_30.dll
2008-03-08 07:31 . 2008-03-08 07:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-08 07:30 . 2008-03-09 21:45 <DIR> d-------- C:\WINDOWS\trwnrecd
2008-03-08 07:20 . 2008-03-08 23:26 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-08 06:46 . 2008-03-08 06:46 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-08 06:46 . 2008-03-08 06:46 169 --a------ C:\WINDOWS\RtlRack.ini
2008-03-08 06:30 . 2008-03-09 22:27 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-08 06:22 . 2008-03-08 06:22 <DIR> d-------- C:\WINDOWS\provisioning
2008-03-08 06:22 . 2008-03-08 06:22 <DIR> d-------- C:\WINDOWS\peernet
2008-03-08 06:20 . 2008-03-08 06:20 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-03-08 06:16 . 2006-09-06 18:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-08 06:14 . 2008-03-08 06:14 <DIR> d-------- C:\WINDOWS\EHome
2008-03-08 05:45 . 2004-08-04 01:56 11,776 --a------ C:\WINDOWS\system32\spnpinst.exe
2008-03-08 05:45 . 2004-08-02 15:20 7,208 --a------ C:\WINDOWS\system32\secupd.sig
2008-03-08 05:45 . 2004-08-02 15:20 4,569 --a------ C:\WINDOWS\system32\secupd.dat
2008-03-08 05:06 . 2005-05-23 10:34 2,920,448 --------- C:\WINDOWS\UNNMP.exe
2008-03-08 05:06 . 2005-11-14 07:11 49,870 --------- C:\WINDOWS\UNNMP.cfg
2008-03-08 05:05 . 2008-03-09 16:32 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-03-08 05:04 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-03-08 05:03 . 2008-03-08 05:03 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-03-08 05:02 . 2008-03-08 05:02 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-03-08 05:02 . 2008-03-08 05:05 <DIR> d-------- C:\Program Files\Ahead
2008-03-08 05:02 . 2008-03-08 05:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-03-08 04:53 . 2008-03-08 04:53 <DIR> d-------- C:\Program Files\VIA
2008-03-08 04:53 . 2006-06-14 04:47 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-03-08 04:53 . 2006-02-14 20:22 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-03-08 04:53 . 2006-06-14 05:00 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-03-08 04:53 . 2003-06-12 06:31 75,904 -ra------ C:\WINDOWS\system32\drivers\viasraid.sys
2008-03-08 04:53 . 2004-08-04 02:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-03-08 04:53 . 2001-08-17 15:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-03-08 04:53 . 2001-08-17 15:00 54,272 --a--c--- C:\WINDOWS\system32\dllcache\swmidi.sys
2008-03-08 04:53 . 2004-08-04 02:07 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2008-03-08 04:53 . 2006-06-14 04:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-03-08 04:53 . 2004-08-04 02:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-03-08 04:53 . 2008-03-08 04:53 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
2008-03-08 04:52 . 2008-03-08 04:52 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2008-03-08 04:52 . 2008-03-08 04:52 <DIR> d-------- C:\Program Files\Gigabyte
2008-03-08 04:52 . 2008-03-08 04:52 <DIR> d-------- C:\Program Files\AvRack
2008-03-08 04:50 . 2001-08-17 14:58 35,840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2008-03-08 04:50 . 2001-08-17 14:58 35,840 --a--c--- C:\WINDOWS\system32\dllcache\isapnp.sys
2008-03-08 04:50 . 2001-10-18 00:00 6,144 -ra------ C:\WINDOWS\system32\drivers\viaidexp.sys
2008-03-08 04:46 . 2008-03-08 04:53 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-03-08 04:46 . 2008-03-08 04:53 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-03-08 04:46 . 2008-03-08 04:47 <DIR> d-------- C:\Program Files\ATI Technologies
2008-03-08 04:40 . 2001-08-17 14:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-03-08 04:40 . 2001-08-17 14:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-03-08 04:40 . 2001-08-17 15:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-03-08 04:40 . 2001-08-17 15:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-03-08 02:00 . 2004-08-04 03:56 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2008-03-08 02:00 . 2004-08-04 03:56 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2008-03-08 02:00 . 2004-08-04 03:56 265,728 --a------ C:\WINDOWS\system32\h323.tsp
2008-03-08 02:00 . 2004-08-04 03:56 77,312 --a------ C:\WINDOWS\system32\browser.dll
2008-03-08 02:00 . 2007-03-08 11:36 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2008-03-07 19:22 . 2007-03-19 12:18 104,064 --a------ C:\WINDOWS\system32\drivers\viamraid.sys
2008-02-19 21:06 . 2008-02-19 21:06 579,464 --a------ C:\WINDOWS\system32\SymNeti.dll
2008-02-19 21:06 . 2008-02-19 21:06 207,240 --a------ C:\WINDOWS\system32\SymRedir.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 21:43 31,408 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys
2008-02-06 21:43 13,021 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2008-02-05 19:34 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2008-02-05 19:34 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2008-02-05 19:34 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2008-02-05 19:34 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2008-02-05 19:34 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2008-02-05 19:34 188,464 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2008-02-05 19:34 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2008-02-05 19:34 1,612 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2008-02-04 20:27 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2008-02-04 20:27 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2008-02-04 20:27 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2008-02-01 22:55 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2008-02-01 22:55 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2008-02-01 22:55 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2008-02-01 01:51 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2008-02-01 01:51 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2008-02-01 01:51 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2008-01-29 17:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2008-01-29 17:01 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-01-15 17:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 13:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-13 02:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- C:\WINDOWS\system32\drivers\rcpdllheusoe.sys ----
Company: Panda Software International
File Description: Anti-malware Driver Support
File Version: 1, 0, 0, 5
Product Name: RKPavProc Driver
Copyright: Copyright © Panda Software 2007
Original file name: RKPavProc.sys
---- C:\WINDOWS\system32\drivers\tgifeboxdlju.sys ----
Company: Panda Software International
File Description: Anti-malware Driver Support
File Version: 1, 0, 0, 5
Product Name: RKPavProc Driver
Copyright: Copyright © Panda Software 2007
Original file name: RKPavProc.sys
---- Directory of C:\Program Files\stc ----
2008-03-08 21:30 24576 --a------ C:\Program Files\stc\csv5p070.exe
---- Directory of C:\Program Files\Sysmnt ----
2008-03-08 21:30 31232 --a------ C:\Program Files\Sysmnt\Ssmgr.exe
---- Directory of C:\WINDOWS\trwnrecd ----
2008-03-08 07:38 49152 --a------ C:\WINDOWS\trwnrecd\Thumbs.db
((((((((((((((((((((((((((((( snapshot@2008-03-09_22.32.05.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-10 02:27:56 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_648.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-02-23 22:08 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-08 20:13 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll" [2008-02-23 22:08 349552]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-02-23 22:08 349552]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@={4433A54A-1AC8-432F-90FC-85F045CF383C}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@={F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@={476D0EA3-80F9-48B5-B70B-05E677C9C148}
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Trpm"="C:\DOCUME~1\Dustin\MYDOCU~1\DOBE~1\mmc.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 22:10 335872]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 14:54 65536 C:\WINDOWS\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 04:58 65536]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 15:37 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2008-03-08 04:53:49 561152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"helpsvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-06-12 06:31]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-06 17:43]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 22:32]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-06 17:43]
*Newly Created Service* - COMHOST
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-09 23:15:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-09 23:16:11
ComboFix-quarantined-files.txt 2008-03-10 03:16:02
ComboFix2.txt 2008-03-10 02:32:39
.
2008-03-09 04:07:30 --- E O F ---
Malwarebytes' Anti-Malware 1.08
Database version: 474
Scan type: Quick Scan
Objects scanned: 26779
Time elapsed: 2 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\xflock (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PostInstallC (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\All Users\Application Data\Rabio\Search Enhancer (Adware.SearchEnhancer) -> Quarantined and deleted successfully.
Files Infected:
(No malicious items detected)
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, March 10, 2008 1:40:13 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/03/2008
Kaspersky Anti-Virus database records: 621256
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
E:\
Scan Statistics:
Total number of scanned objects: 29342
Number of viruses found: 5
Number of infected objects: 41
Number of suspicious objects: 0
Duration of the scan process: 00:22:36
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\ccSubSDK\submissions.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{3A11AA18-C1EE-4997-B173-D36DDB1B7C1E}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{C4F1FEDD-7FAB-4D92-B6BE-31B754DDF3FA}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-03-10_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{F6B61E27-8F32-4B14-B81A-B77D0184EB24}\{97B20B1A-4FF5-49C6-8782-AB5B462B5979}.qbi Infected: VirTool.DOS.TPE skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{1FA5E0DF-DB4D-4A44-ADD5-EEF42634160D}.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{1FA5E0DF-DB4D-4A44-ADD5-EEF42634160D}.sds Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\LightningSand.CFD Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\1BD44311.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\3C8B79F9.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\4087956D.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\Dustin\Application Data\Symantec\NPMDataStore\CIMStore.xml Object is locked skipped
C:\Documents and Settings\Dustin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dustin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dustin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dustin\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dustin\Local Settings\Temp\~DF329B.tmp Object is locked skipped
C:\Documents and Settings\Dustin\Local Settings\Temp\~DF32B1.tmp Object is locked skipped
C:\Documents and Settings\Dustin\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Dustin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dustin\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dustin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton 360\Log\AutoProtect.log Object is locked skipped
C:\Program Files\Norton 360\Log\AVContext.log Object is locked skipped
C:\Program Files\Norton 360\Log\AVManual.log Object is locked skipped
C:\Program Files\Norton 360\Log\Backup.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetPageViewHistory.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetSearchHistory.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetTempFiles.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUWindowsTempFiles.log Object is locked skipped
C:\Program Files\Norton 360\Log\EmailScan.log Object is locked skipped
C:\Program Files\Norton 360\Log\HomeNetworking.log Object is locked skipped
C:\Program Files\Norton 360\Log\InternetSecurity.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISIntrusionPrevented.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISIOTraffic.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISNewNetwork.log Object is locked skipped
C:\Program Files\Norton 360\Log\LiveUpdate.log Object is locked skipped
C:\Program Files\Norton 360\Log\NCO.log Object is locked skipped
C:\Program Files\Norton 360\Log\RegClean.log Object is locked skipped
C:\Program Files\Norton 360\Log\VABrowserSettings.log Object is locked skipped
C:\Program Files\Norton 360\Log\VAIPAddresses.log Object is locked skipped
C:\Program Files\Norton 360\Log\WDFScanner.log Object is locked skipped
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\mdalqzwp.dll.vir Infected: Trojan.Win32.Obfuscated.gx skipped
C:\QooBox\Quarantine\C\Documents and Settings\Dustin\My Documents\DOBE~1\mmc.exe.vir Infected: Trojan-Downloader.Win32.Agent.kwg skipped
C:\QooBox\Quarantine\C\WINDOWS\cfcjqbup.dll.vir Infected: Trojan.Win32.Obfuscated.gx skipped
C:\QooBox\Quarantine\C\WINDOWS\gnulcjkv.dll.vir Infected: Trojan.Win32.Obfuscated.gx skipped
C:\QooBox\Quarantine\C\WINDOWS\kvmnovef.exe.vir Infected: not-virus:Hoax.Win32.Renos.bbw skipped
C:\QooBox\Quarantine\C\WINDOWS\lsduxqlo.exe.vir Infected: Trojan.Win32.Obfuscated.gx skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\awtqr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcca.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddccc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddccy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcyv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gebcc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\geede.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mljjg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mllji.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnlj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqpp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-03-09_222808.57.zip/rqrommk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-03-09_222808.57.zip/sstqo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-03-09_222808.57.zip ZIP: infected - 2 skipped
C:\SDFix\backups_old1\mgmrwmrv.exe Infected: not-virus:Hoax.Win32.Renos.bbw skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{637E1112-A559-4E72-970F-FA49D9C4E8AA}\RP3\A0000024.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{637E1112-A559-4E72-970F-FA49D9C4E8AA}\RP3\A0002042.exe Infected: not-virus:Hoax.Win32.Renos.bbw skipped
C:\System Volume Information\_restore{637E1112-A559-4E72-970F-FA49D9C4E8AA}\RP3\A0002095.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{637E1112-A559-4E72-970F-FA49D9C4E8AA}\RP4\A0002175.dll Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{637E1112-A559-4E72-970F-FA49D9C4E8AA}\RP4\A0002176.dll Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{637E1112-A559-4E72-970F-FA49D9C4E8AA}\RP4\A0002177.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{637E1112-A559-4E72-970F-FA49D9C4E8AA}\RP4\A0002178.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{637E1112-A559-4E72-970F-FA49D9C4E8AA}\RP4\A0002179.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{637E1112-A559-4E72-970F-FA49D9C4E8AA}\RP4\A0002180.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{637E1112-A559-4E72-970F-FA49D9C4E8AA}\RP4\A0002181.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{637E1112-A559-4E72-970F-FA49D9C4E8AA}\RP4\A0002182.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{637E1112-A559-4E72-970F-FA49D9C4E8AA}\RP4\A0002183.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{637E1112-A559-4E72-970F-FA49D9C4E8AA}\RP4\A0002185.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{637E1112-A559-4E72-970F-FA49D9C4E8AA}\RP4\A0002186.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{637E1112-A559-4E72-970F-FA49D9C4E8AA}\RP4\A0002187.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{637E1112-A559-4E72-970F-FA49D9C4E8AA}\RP4\A0002188.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{637E1112-A559-4E72-970F-FA49D9C4E8AA}\RP5\A0002257.dll Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{637E1112-A559-4E72-970F-FA49D9C4E8AA}\RP5\A0002258.exe Infected: not-virus:Hoax.Win32.Renos.bbw skipped
C:\System Volume Information\_restore{637E1112-A559-4E72-970F-FA49D9C4E8AA}\RP5\A0002259.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{637E1112-A559-4E72-970F-FA49D9C4E8AA}\RP5\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{A803FE0D-1568-4C76-8D37-E5263B66CFDE}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JET6E88.tmp Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_65c.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:43:48 AM, on 3/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Trpm] "C:\DOCUME~1\Dustin\MYDOCU~1\DOBE~1\mmc.exe" -vt yazb
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1204955462212O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 5680 bytes