Sorry for the attatchments!
Alright, I did what you said, and here are the two logs:
ComboFixComboFix 08-06-15.4 - Owner 2008-06-16 13:39:47.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.691 [GMT -6:00]
Running from: C:\Documents and Settings\Owner.CODY.001\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner.CODY.001\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\Ntf3.tmp
C:\Ntf4.tmp
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll
C:\WINDOWS\system32\iPWvwvut.ini
C:\WINDOWS\system32\pYJTCJlm.ini
C:\WINDOWS\system32\qtjcviqj.dll
C:\WINDOWS\system32\vbirgeis.dll
C:\WINDOWS\system32\VwvGOnpo.ini
C:\winupd.bat
D:\Info.exe
G:\Shared\LimeWire PROFESSIONAL EDITION 4.18.2 FINAL
H:\LaunchU3.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Ntf3.tmp
C:\Ntf4.tmp
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\iPWvwvut.ini
C:\WINDOWS\system32\pYJTCJlm.ini
C:\WINDOWS\system32\VwvGOnpo.ini
D:\Info.exe
G:\Shared\LimeWire PROFESSIONAL EDITION 4.18.2 FINAL
H:\LaunchU3.exe
.
((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))
.
2008-06-16 13:51 . 2008-06-16 13:51 67 --a--c--- C:\Ntf2.tmp
2008-06-16 13:51 . 2008-06-16 13:51 67 --a--c--- C:\Ntf1.tmp
2008-06-15 23:19 . 2008-06-15 23:19 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-15 23:19 . 2008-06-15 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-15 00:43 . 2008-06-16 13:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-15 00:43 . 2008-06-15 00:43 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-13 18:40 . 2008-06-13 18:38 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-13 18:38 . 2008-06-13 18:40 <DIR> d-------- C:\Documents and Settings\Owner.CODY.001\.housecall6.6
2008-06-12 22:10 . 2008-06-12 22:10 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-09 23:47 . 2008-06-09 23:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2008-06-09 19:26 . 2008-06-09 19:26 <DIR> d-------- C:\Documents and Settings\Owner.CODY.001\Application Data\TuneUp Software
2008-06-09 18:29 . 2008-06-09 18:29 <DIR> d-------- C:\WINDOWS\system32\drivex
2008-05-31 21:25 . 2008-05-31 21:25 <DIR> d--hsc--- C:\Diskeeper
2008-05-31 12:46 . 2008-05-31 12:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-05-30 20:27 . 2008-05-30 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-05-30 18:53 . 2008-06-14 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 19:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-16 04:28 --------- d-----w C:\Documents and Settings\Owner.CODY.001\Application Data\U3
2008-06-15 18:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 08:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-15 04:52 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-06-15 04:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-15 04:37 --------- d-----w C:\Program Files\Logitech
2008-06-15 04:33 --------- d-----w C:\Program Files\Java
2008-06-14 21:32 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-14 21:32 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-14 21:32 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-14 21:32 --------- d-----w C:\Program Files\Symantec
2008-06-12 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-10 00:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-10 00:12 --------- d-----w C:\Documents and Settings\Owner.CODY.001\Application Data\Bitcomet Turbo
2008-06-01 07:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-31 17:53 --------- d-----w C:\Program Files\Google
2008-05-31 17:52 --------- d-----w C:\Program Files\Norton 360
2008-05-31 02:28 --------- d-----w C:\Program Files\AIM6
2008-05-31 02:27 --------- d-----w C:\Program Files\Viewpoint
2008-05-31 02:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-31 01:09 --------- d-----w C:\Documents and Settings\Owner.CODY.001\Application Data\PlayFirst
2008-05-31 01:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-31 00:35 --------- d-----w C:\Documents and Settings\Owner.CODY.001\Application Data\Viewpoint
2008-05-31 00:23 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-13 22:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-10 15:36 --------- d-----w C:\Program Files\Zune
2008-05-10 15:28 0 -c-ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-05-10 15:28 0 -c-ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-05-10 06:43 --------- d-----w C:\Program Files\Common Files\logishrd
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-03 19:36 --------- d-----w C:\Program Files\HP
2008-05-01 20:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-30 22:04 65,549 -c--a-w C:\WINDOWS\BricoPackUninst.cmd
2008-04-30 22:04 6,128 -c--a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-30 01:39 40,704 -c--a-w C:\WINDOWS\system32\drivers\zumbus.sys
2008-04-28 02:35 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-28 02:27 --------- d-----w C:\Documents and Settings\Owner.CODY.001\Application Data\Symantec
2008-04-28 02:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-04-18 01:11 --------- d-----w C:\Program Files\Apple Software Update
2008-04-14 11:42 69,120 -c--a-w C:\WINDOWS\notepad.exe
2008-04-14 11:42 50,688 -c--a-w C:\WINDOWS\twain_32.dll
2008-04-14 11:42 34,816 -c--a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-14 11:42 33,280 -c--a-w C:\WINDOWS\Help\sstub.dll
2008-04-14 11:42 32,866 -c----w C:\WINDOWS\slrundll.exe
2008-04-14 11:42 283,648 -c--a-w C:\WINDOWS\winhlp32.exe
2008-04-14 11:42 279,040 -c--a-w C:\WINDOWS\Help\tshoot.dll
2008-04-14 11:42 146,432 -c--a-w C:\WINDOWS\regedit.exe
2008-04-14 11:42 10,752 -c--a-w C:\WINDOWS\hh.exe
2008-04-14 11:42 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 11:41 451,072 -c--a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 11:41 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 11:41 245,248 -c--a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 11:41 141,312 -c--a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 11:41 116,224 -c--a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 11:41 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2008-01-02 02:06 24 -c--a-w C:\Documents and Settings\Owner.CODY.001\mylist.dat
2007-12-25 03:14 110 -c--a-w C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin
2006-09-11 05:03 321 -c--a-w C:\Documents and Settings\Owner.CODY.001\Application Data\DelAll.bat
2006-05-29 09:23 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
2002-09-11 14:26 63,730 -c--a-w C:\Program Files\viewsonicinstruct_xp.pdf
2004-06-02 23:19 32 -csha-w C:\WINDOWS\{03AAC30D-64D9-415E-8F3E-4E7430538CB8}.dat
2005-02-15 02:19 32 -csha-w C:\WINDOWS\{64C285D4-8C97-4EEF-8C21-B41A03E42AD1}.dat
.
((((((((((((((((((((((((((((( snapshot@2008-06-15_23.10.33.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-16 04:47:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-16 19:49:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-05-24 18:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 21:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 21:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-06-16 19:51:00 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-02-23 20:08 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{683DD0DD-BD18-44B3-AAA2-FEACF520E43C}]
C:\WINDOWS\system32\nnnlmNHW.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-27 20:36 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7376942D-9121-45D3-A648-01A83F19BA5C}]
C:\WINDOWS\system32\efcAPHXr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B09327E-4522-40C6-AF2A-11DEFBC21282}]
C:\Documents and Settings\Owner.CODY.001\Local Settings\Temporary Internet Files\Content.IE5\RU9KNAIA\3077ahntdksr[1].dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OfficeFiles]
@=
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@={4433A54A-1AC8-432F-90FC-85F045CF383C}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@={F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@={476D0EA3-80F9-48B5-B70B-05E677C9C148}
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 02:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 02:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 02:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-30 21:05 344064]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 21:13 98304]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 12:01 1037736]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 12:13 988584]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="G:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="G:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 13:37 51048]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 08:50 988512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SSOExec]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2005-08-05 15:08 67160 G:\Program Files\ AIM\aim.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a--c--- 2008-05-29 15:26 50528 C:\Program Files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 05:42 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\devenv]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\filehippo.com]
--a------ 2008-04-30 06:50 136704 G:\Program Files\filehippo.com\UpdateChecker.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a--c--- 2004-11-02 08:59 126976 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a--c--- 2004-11-02 09:03 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a--c--- 2007-10-25 16:33 563984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 16:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a--c--- 2008-04-14 05:42 1695232 C:\PROGRAM FILES\MESSENGER\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCOAgent]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCODelayModule]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 G:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCAutoLiveUpdate]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystemTray]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 2006-08-25 16:53 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoraiPodConverter]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a--c--- 2008-04-29 19:56 158624 C:\Program Files\Zune\ZuneLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"UserAccess7"=2 (0x2)
"AOL ACS"=2 (0x2)
"Bonjour Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"G:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"G:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1195796204\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"G:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"G:\\Nexon\\MapleStory\\MapleStory.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"G:\\Program Files\\iTunes\\iTunes.exe"=
"G:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Java\\jre1.6.0_06\\bin\\javaw.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22987:TCP"= 22987:TCP:BitComet 22987 TCP
"22987:UDP"= 22987:UDP:BitComet 22987 UDP
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39]
R2 ZuneBusEnum;Zune Bus Enumerator;C:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 19:56]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 00:17]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2006-07-26 21:57]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;C:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56]
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-13 23:15:03 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- G:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-06-15 05:05:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-15 05:42:19 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
"2007-11-15 05:42:19 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- C:\Program Files\Microsoft IntelliType Pro\itype.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-16 13:51:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
G:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-06-16 14:17:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-16 20:16:53
ComboFix2.txt 2008-06-16 05:11:42
Pre-Run: 8,962,691,072 bytes free
Post-Run: 8,970,022,912 bytes free
324 --- E O F --- 2008-06-11 16:58:34
HiJackThisLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:19:37 PM, on 6/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
G:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\SOUNDMAN.EXE
G:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
http://localhost:0/proxy.pacO2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: (no name) - {683DD0DD-BD18-44B3-AAA2-FEACF520E43C} - C:\WINDOWS\system32\nnnlmNHW.dll (file missing)
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {7376942D-9121-45D3-A648-01A83F19BA5C} - C:\WINDOWS\system32\efcAPHXr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {9B09327E-4522-40C6-AF2A-11DEFBC21282} - C:\Documents and Settings\Owner.CODY.001\Local Settings\Temporary Internet Files\Content.IE5\RU9KNAIA\3077ahntdksr[1].dll (file missing)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: (no name) - {A6790AA5-1213-4BCF-A46D-0FDAC4EA90EB} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: AutorunsDisabled
O8 - Extra context menu item: &OffSurf Proxy - res://I:\OffSurf\OffSurf.dll/MENUSEARCH.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) -
https://support.micr...veX/MSDcode.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://pcpitstop.com...p/PCPitStop.CABO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
http://www.musicnote...ad/mnviewer.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) -
https://support.micr...ActiveX/odc.cabO16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} -
https://www-secure.s...rl/SymAData.cabO16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) -
https://www-secure.s...trl/tgctlsi.cabO16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) -
https://www-secure.s...trl/tgctlsr.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....ploader1006.cabO16 - DPF: {49232000-16E4-426C-A231-62846947304B} -
http://ipgweb.cce.hp...ads/sysinfo.cabO16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) -
http://aolsvc.aol.co...h2.1.0.0.48.cabO16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) -
http://support.f-sec...3beta/fscax.cabO16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) -
http://h20270.www2.h...ctDetection.cabO16 - DPF: {6D263CCF-3819-4474-A800-69E5AE6F7CFE} (PCPal Content Update) -
http://symantec.gtwe...ll/gtdownpc.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1124172395359O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) -
http://u3.sandisk.co...LPInstaller.CABO16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) -
http://h30155.www3.h...edsolutions.cabO16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) -
http://www.superadbl...ivex/sabspx.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/...ro.cab34246.cabO16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) -
http://simcity.ea.co...ty4PatcherX.cabO16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) -
http://gamedownload....GPlugin9USA.cabO16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) -
http://gameadvisor.f...bal/msc3121.cabO16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) -
http://www.driverage...driveragent.cabO16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) -
http://www.shockwave...sh.1.0.0.47.cabO20 - Winlogon Notify: SSOExec - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - G:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 12778 bytes