I have hijackthis, here the log list thing
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:18 PM, on 3/29/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Norman\Npm\bin\ZLH.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\VistaDriveIcon\DrvIcon.exe
C:\Program Files\glass2k\Glass2k.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Free Download Manager\fumoei.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\TrueTransparency\TrueTransparency.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\VistaDriveIcon\DrvIcon.exe
O4 - HKLM\..\Run: [Glass2k] C:\Program Files\glass2k\Glass2k.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [Messenger Sharing USN Journal Reader Service] rpqqop.exe
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\fumoei.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - HKCU\..\Run: [TrueTransparency] "C:\Program Files\TrueTransparency\TrueTransparency.exe"
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] c:\program files\common files\ahead\lib\nmbgmonitor.exe
O4 - HKCU\..\Run: [Washer] c:\program files\washer\washer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: MagicDisc.lnk.disabled
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\paltalk.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\user\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\fumiebtn.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - c:\program files\monopoly\images\stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....abs/tgctlsr.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1200166227625
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - c:\program files\monopoly\images\armhelper.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.sparkpea....s/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O20 - AppInit_DLLs: CLKERN.DLL
O23 - Service: A2omgicnc - - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 19417 bytes
and here's my combo fix log
ComboFix 08-03-27.3 - user 2008-03-29 12:33:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2746 [GMT 7:00]
Running from: D:\Back up Program Files\Back up Download\Software\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\OPTIONS\CABS\_desktop.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\khfEUljj.dll
C:\WINDOWS\system32\ljJBqqRj.dll
C:\WINDOWS\system32\nnnkJaxy.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pmnnLbYs.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\rqRHyyWO.dll
C:\WINDOWS\system32\ssqNEwVn.dll
C:\WINDOWS\system32\vtUOGVOf.dll
C:\WINDOWS\system32\wfxhelp22.dll
C:\WINDOWS\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_npf
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))))
.
2008-03-29 12:00 . 2008-03-29 12:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-29 10:56 . 2008-03-29 10:56 <DIR> d----c--- C:\VundoFix Backups
2008-03-29 03:26 . 2008-03-29 03:26 0 --a------ C:\WINDOWS\windowfx3.ini
2008-03-29 03:26 . 2008-03-29 03:26 0 --a------ C:\WINDOWS\windowfx2.ini
2008-03-29 03:26 . 2008-03-29 03:26 0 --------- C:\WINDOWS\WB.ini
2008-03-29 01:14 . 2008-03-29 01:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-29 01:14 . 2008-03-29 01:14 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-23 23:54 . 2008-03-23 23:54 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-03-23 20:01 . 2008-03-23 20:01 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-03-23 20:01 . 2008-03-23 20:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-23 20:01 . 2008-03-23 20:01 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-03-23 03:06 . 2008-03-23 03:06 <DIR> d-------- C:\Program Files\upload dumb
2008-03-22 19:45 . 2008-03-22 19:45 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-03-21 19:48 . 2008-03-21 19:48 <DIR> d-------- C:\Program Files\uTorrent
2008-03-21 19:48 . 2008-03-28 21:42 <DIR> d-------- C:\Documents and Settings\user\Application Data\uTorrent
2008-03-21 12:23 . 2008-03-21 12:23 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-03-21 12:20 . 2003-07-19 22:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-03-21 12:20 . 2005-01-03 13:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-03-16 13:39 . 2008-03-16 13:39 <DIR> d----c--- C:\Pluginlab
2008-03-16 12:47 . 2008-03-16 12:47 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-16 12:18 . 2008-03-16 12:18 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-13 23:22 . 2008-03-13 23:22 <DIR> d-------- C:\Program Files\MagicDisc
2008-03-13 23:22 . 2008-02-18 17:29 96,256 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-03-13 23:11 . 2008-03-13 23:13 <DIR> d-------- C:\Program Files\MagicISO
2008-03-12 17:38 . 2008-03-12 17:38 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Laconic Software
2008-03-12 17:33 . 2008-03-12 17:33 <DIR> d-------- C:\Program Files\Fire Heart
2008-03-12 10:30 . 2008-03-23 03:26 <DIR> d-------- C:\Program Files\WinFlip
2008-03-12 10:30 . 2008-03-12 10:30 <DIR> d-------- C:\Program Files\VisualTaskTips
2008-03-12 10:30 . 2008-03-12 10:30 <DIR> d-------- C:\Program Files\VistaDriveIcon
2008-03-12 10:30 . 2008-03-12 10:30 <DIR> d-------- C:\Program Files\TrueTransparency
2008-03-12 10:30 . 2008-03-12 10:56 <DIR> d-------- C:\Program Files\Thoosje Sidebar V2.3
2008-03-12 10:30 . 2008-03-12 10:30 <DIR> d-------- C:\Program Files\Styler
2008-03-12 10:30 . 2008-03-12 10:30 <DIR> d-------- C:\Program Files\glass2k
2008-03-12 10:30 . 2008-03-12 10:30 <DIR> d-------- C:\Program Files\Blaero Start Orb
2008-03-12 10:30 . 2008-03-12 10:30 8,294,454 --a------ C:\WINDOWS\startup.bmp
2008-03-12 10:30 . 2008-02-12 14:59 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-03-12 10:24 . 2008-03-12 10:30 <DIR> d-------- C:\WINDOWS\VistaMizer
2008-03-12 00:14 . 2008-03-12 00:14 <DIR> d-------- C:\Documents and Settings\user\Application Data\Virtual Mechanics
2008-03-12 00:14 . 2008-03-12 00:14 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Virtual Mechanics
2008-03-12 00:13 . 2008-03-12 00:13 <DIR> d-------- C:\Program Files\Virtual Mechanics
2008-03-10 23:22 . 2008-03-12 17:39 <DIR> d-------- C:\Program Files\Fantastic Flame Screensaver
2008-03-10 23:22 . 2008-03-12 17:32 470 --a------ C:\WINDOWS\Fantastic Flame Screensaver.ini
2008-03-10 14:43 . 2008-03-10 14:44 102,414,904 --a--c--- C:\SYM_REGISTRY_BACKUP.reg
2008-03-07 00:15 . 2008-03-07 00:15 <DIR> d-------- C:\Program Files\WinPcap
2008-03-06 22:05 . 2008-03-06 22:05 <DIR> d-------- C:\Program Files\Bazooka Scanner
2008-03-06 21:48 . 2008-03-24 21:40 134 --a------ C:\WINDOWS\rootkitno.ini
2008-03-06 00:36 . 2008-03-06 00:34 691,545 --a------ C:\WINDOWS\unins001.exe
2008-03-06 00:36 . 2008-03-06 00:36 2,540 --a------ C:\WINDOWS\unins001.dat
2008-03-03 21:33 . 2009-03-29 05:33 <DIR> d----c--- C:\RootkitNO
2008-03-03 21:10 . 2008-03-24 01:55 31,138 --a------ C:\WINDOWS\system32\drivers\Partizan.sys
2008-03-03 21:10 . 2008-03-24 02:02 25,600 --a------ C:\WINDOWS\system32\Partizan.exe
2008-03-03 21:09 . 2008-03-03 21:11 <DIR> d-------- C:\Program Files\UnHackMe
2008-03-03 21:09 . 2005-04-03 14:02 8,944 --a------ C:\WINDOWS\system32\drivers\UnHackMeDrv.sys
2008-03-03 21:09 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 22:38 --------- d-----w C:\Documents and Settings\user\Application Data\AVG7
2009-03-28 22:32 --------- d-----w C:\Documents and Settings\user\Application Data\TeraCopy
2009-03-03 09:39 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec
2009-03-03 09:02 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2009-03-03 09:02 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2009-03-03 09:02 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2009-03-03 09:02 --------- d-----w C:\Program Files\Symantec
2009-03-03 08:53 --------- dc----w C:\Documents and Settings\All Users\Application Data\Avg7
2009-03-02 13:34 --------- d-----w C:\Program Files\RocketDock
2009-03-02 13:18 --------- dc----w C:\Documents and Settings\All Users\Application Data\Avira
2009-03-02 13:18 --------- d-----w C:\Program Files\Avira
2009-03-02 11:03 --------- d-----w C:\Program Files\Picasa2
2009-03-02 10:28 --------- dc----w C:\Documents and Settings\All Users\Application Data\Grisoft
2009-03-02 10:28 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2009-03-02 07:41 --------- d-----w C:\Program Files\PC Tools Firewall Plus
2009-03-01 18:45 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-01 16:26 --------- d-----w C:\Program Files\Disk Investigator
2009-03-01 14:26 --------- d-----w C:\Program Files\Common Files\Webroot Shared
2009-02-27 20:25 --------- d-----w C:\Documents and Settings\user\Application Data\Nero
2009-02-27 20:23 --------- d-----w C:\Program Files\Common Files\Nero
2009-02-27 20:20 --------- dc----w C:\Documents and Settings\All Users\Application Data\Nero
2009-02-27 20:20 --------- d-----w C:\Program Files\Nero
2009-02-27 19:47 --------- d-----w C:\Program Files\AskTBar
2009-02-27 17:06 --------- d-----w C:\Program Files\Common Files\Ahead
2009-02-27 13:13 --------- dc----w C:\Documents and Settings\All Users\Application Data\WinZip
2009-02-26 15:09 --------- d-----w C:\Program Files\Windows Media Connect 2
2009-02-26 14:23 --------- d-----w C:\Documents and Settings\user\Application Data\Yahoo!
2009-02-26 14:22 --------- dc----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-02-26 14:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-02-26 14:07 1,169 ----a-w C:\Documents and Settings\user\validate.reg
2009-02-26 11:21 --------- d-----w C:\Program Files\Java
2009-02-26 11:07 --------- d-----w C:\Program Files\VistaMagicPack
2009-02-25 20:42 --------- d-----w C:\Program Files\CursorXP
2009-02-25 20:34 --------- d-----w C:\Program Files\Yahoo!
2009-02-25 18:25 --------- d-----w C:\Program Files\Microsoft Virtual PC
2009-02-25 13:33 --------- d-----w C:\Program Files\Avant Browser
2009-02-24 14:07 --------- d-----w C:\Program Files\Stardock
2009-02-24 11:37 --------- d-----w C:\Program Files\WinCustomize
2009-02-24 09:59 --------- d-----w C:\Program Files\UselessCreations
2009-02-23 20:58 --------- d-----w C:\Documents and Settings\user\Application Data\aicon
2008-11-30 09:24 --------- dc----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-11-30 09:24 --------- d-----w C:\Documents and Settings\user\Application Data\Ubisoft
2008-11-30 08:39 --------- d-----w C:\Program Files\Corel
2008-11-30 08:39 --------- d-----w C:\Program Files\Borland
2008-03-29 05:43 --------- d-----w C:\Program Files\Norman
2008-03-29 05:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-29 05:30 --------- d-----w C:\Documents and Settings\user\Application Data\Free Download Manager
2008-03-29 04:55 --------- d-----w C:\Program Files\Microsoft Works
2008-03-26 18:25 --------- d-----w C:\Program Files\Pandora Recovery
2008-03-25 16:12 --------- d-----w C:\Program Files\Aicon
2008-03-25 16:08 --------- d-----w C:\Program Files\Greenfish Icon Editor Pro 1.5
2008-03-24 11:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-23 12:08 --------- d-----w C:\Program Files\Winamp
2008-03-16 05:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-13 16:40 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-03-13 16:38 --------- d-----w C:\Program Files\DAEMON Tools
2008-03-12 17:46 --------- d-----w C:\Documents and Settings\user\Application Data\Free Upload Manager
2008-03-12 10:04 163,712 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys
2008-03-12 09:54 6,122,496 ----a-w C:\WINDOWS\system32\logonuiX.exe
2008-03-10 15:09 --------- d-----w C:\Program Files\The KMPlayer
2008-03-06 15:57 --------- d-----w C:\Program Files\IMVU
2008-03-06 15:57 --------- d-----w C:\Documents and Settings\user\Application Data\IMVU
2008-03-05 17:56 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-05 17:53 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-03 12:33 --------- d-----w C:\Program Files\Common Files\Stardock
2008-03-03 11:45 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-03-03 11:35 --------- d-----w C:\Program Files\Norton Internet Security
2008-02-23 16:38 --------- dc----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-02-23 16:38 --------- d-----w C:\Program Files\Webroot
2008-02-23 16:38 --------- d-----w C:\Documents and Settings\user\Application Data\Webroot
2008-02-23 14:51 --------- d-----w C:\Program Files\Online TV Player 3
2008-02-22 20:57 --------- dc----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-02-18 13:04 --------- dc----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-02-18 13:04 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-02-17 17:36 --------- d-----w C:\Documents and Settings\user\Application Data\GanymedeNet
2008-02-17 16:27 --------- d-----w C:\Program Files\TweakNow RegCleaner Std
2008-02-17 16:25 --------- d-----w C:\Program Files\Ganymede
2008-02-17 15:52 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-02-17 15:52 22,328 ----a-w C:\Documents and Settings\user\Application Data\PnkBstrK.sys
2008-02-17 10:07 --------- d-----w C:\Documents and Settings\user\Application Data\Autodesk
2008-02-17 09:53 --------- d-----w C:\Program Files\turbo squid tentacles
2008-02-17 09:50 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-02-17 09:50 --------- d-----w C:\Program Files\Autodesk
2008-02-12 09:04 3,556,352 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-02-12 07:59 99,840 ----a-w C:\WINDOWS\system32\telnet.exe
2008-02-12 07:58 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-02-12 07:57 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-02-12 07:57 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-02-12 07:55 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-02-12 07:55 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-02-12 07:55 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-02-12 07:55 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-02-12 03:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-02-12 03:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-02-12 03:20 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-02-12 03:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-02-12 03:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-02-12 03:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-02-12 03:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-02-12 03:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
.
------- Sigcheck -------
2007-10-11 12:57 666112 80d660a49e0d118144423099b2a9f5da C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
2007-10-11 06:47 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 07:44 666112 085a7c37f9c6ede1ba870b7dbec06399 C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
2007-12-07 09:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2004-08-04 00:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-08-03 23:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
2007-10-11 13:13 659456 2005ad86a22aee68e21ee59f9ccb77f2 C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
2007-12-07 08:07 659456 57d1b5150cf6331fac6b3e04c1fcb966 C:\WINDOWS\ie7\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 06:56 824832 30c1e0f34ad2972c72a01db5c74ab065 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 09:21 926208 9b50cd7e6dec497900cc06ea328d93ad C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2007-12-07 09:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\SoftwareDistribution\Download\8befe715852785f9b4f0ded848fd9c0d\SP2GDR\wininet.dll
2007-12-07 09:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\SoftwareDistribution\Download\8befe715852785f9b4f0ded848fd9c0d\SP2QFE\wininet.dll
2007-10-11 06:56 824832 30c1e0f34ad2972c72a01db5c74ab065 C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\wininet.dll
2007-10-11 06:47 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\wininet.dll
2007-12-07 09:21 926208 9b50cd7e6dec497900cc06ea328d93ad C:\WINDOWS\system32\wininet.dll
2007-12-07 09:21 926208 9b50cd7e6dec497900cc06ea328d93ad C:\WINDOWS\system32\dllcache\wininet.dll
2007-12-07 09:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\VistaMizer\old\wininet.dll
2004-08-03 23:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-02-12 15:00 547328 3cd502371bcc02470c6db974fd26cf50 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-02-12 15:00 547328 3cd502371bcc02470c6db974fd26cf50 C:\WINDOWS\system32\winlogon.exe
2008-02-12 15:00 507904 57021a062c8e266c0a2a636450364b43 C:\WINDOWS\VistaMizer\old\winlogon.exe
2005-03-02 07:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 16:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2007-02-28 15:38 2015744 a58ac1c6199ef34228abee7fc057ae09 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-04 00:05 2015232 fb142b7007ca2eea76966c6c5cc12150 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 07:34 2015232 3cd941e472ddf3534e53038535719771 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2008-02-12 03:05 2280960 138900e515ef4fdd3c8b95b93441798a C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-02-12 03:05 2280960 138900e515ef4fdd3c8b95b93441798a C:\WINDOWS\system32\ntkrnlpa.exe
2008-02-12 03:05 2023936 68dda4f7bd9970ddc6eaf22d6cccb6a8 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe
2005-03-02 08:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 16:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2007-02-28 16:08 2136064 1220faf071dea8653ee21de7dcda8bfd C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-03 22:18 2148352 626309040459c3915997ef98ec1c8d40 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 07:57 2135552 48b3e89af7074cee0314a3e0c7faffdb C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2008-02-12 04:00 2402304 96e912537c1e435834a6afd11a316b78 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2008-02-12 04:00 2402304 96e912537c1e435834a6afd11a316b78 C:\WINDOWS\system32\ntoskrnl.exe
2008-02-12 04:00 2145280 195f611681e17255415fb64dc29e38df C:\WINDOWS\VistaMizer\old\ntoskrnl.exe
2008-02-12 14:59 1551872 28311d6c594f0f54406a0d8f7ab9565b C:\WINDOWS\explorer.exe
2007-06-13 18:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 17:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-03 23:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-02-12 14:59 1551872 28311d6c594f0f54406a0d8f7ab9565b C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-02-12 14:59 1033728 cb7c9e2ba846da0afabd19de6b6f2006 C:\WINDOWS\VistaMizer\old\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 23:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 23:49 1185120]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 23:49 1185120]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\fumoei.exe" [2007-06-10 19:02 40960]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-12 14:59 25088]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2007-11-26 14:47 1206600]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:34 128000]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"UnHackMe Monitor"="C:\Program Files\UnHackMe\hackmon.exe" [2007-09-17 15:37 228352]
"TrueTransparency"="C:\Program Files\TrueTransparency\TrueTransparency.exe" [2007-10-28 22:44 133120]
"VisualTaskTips"="C:\Program Files\VisualTaskTips\VisualTaskTips.exe" [2007-09-06 00:20 36352]
"Styler"="C:\Program Files\Styler\Styler.exe" [2007-04-15 17:58 307200]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\common files\ahead\lib\nmbgmonitor.exe" [ ]
"Washer"="c:\program files\washer\washer.exe" [ ]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 19:44 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2007-02-06 19:08 1953792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2007-04-28 08:13 2610744]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"Norman ZANDA"="C:\Program Files\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:40 183352]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2009-03-02 17:29 579072]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-17 19:49 249896]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 04:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 06:11 771704]
"DrvIcon"="C:\Program Files\VistaDriveIcon\DrvIcon.exe" [2007-07-05 02:59 45056]
"Glass2k"="C:\Program Files\glass2k\Glass2k.exe" [2007-10-17 06:04 56325]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Messenger Sharing USN Journal Reader Service"="rpqqop.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2009-03-02 17:28 219136]
C:\Documents and Settings\user\Start Menu\Programs\Startup\
MagicDisc.lnk.disabled [2008-03-13 23:22:39 658]
PowerReg Scheduler.exe [2007-09-29 16:17:27 225280]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-01-27 22:39:26 3450608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJBqqRj]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=CLKERN.DLL
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
"Uniblue ProcessQuickLink 2"="C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" /autostart
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"Aim6"=
"Steam"="C:\Program Files\Steam\Steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Win Base 4 Download"=c:\documents and settings\all users\application data\browse dent win base\download stop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Program Files\\Downloaded Game files\\Offline Games\\ASSCREED Files\\ASSCREED1\\ASSCREED Game\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"E:\\Program Files\\Downloaded Game files\\Offline Games\\ASSCREED Files\\ASSCREED1\\ASSCREED Game\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"E:\\Program Files\\Downloaded Game files\\Offline Games\\Lost via Domus Files\\Ubisoft\\Lost Via Domus\\Yeti_Final_Win32.exe"=
"E:\\Program Files\\Downloaded Game files\\Offline Games\\Lost via Domus Files\\Ubisoft\\Lost Via Domus\\gu.exe"=
"E:\\Program Files\\Downloaded Game files\\Offline Games\\Lost via Domus Files\\Ubisoft\\Lost Via Domus\\detection\\Launcher.exe"=
R2 Ndiskio;Ndiskio;C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 14:47]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 14:56]
R3 nvcoas;Norman Virus Control on-access component;C:\Program Files\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys [2008-03-24 01:55]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-03-03 18:45]
S3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 05:45]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fbe5626-6d9a-11dc-9935-806d6172696f}]
\shell\open\command - %SystemRoot%\Explorer.exe /idlist,%I,%L
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91f70630-6dd1-11dc-993f-001a4d506fce}]
\Shell\Auto\command - Thumbs.db.com
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Thumbs.db.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de7fac6c-cb3d-11dc-9a7f-000000000000}]
\Shell\AutoRun\command - M:\9n1k0g6t.cmd
\Shell\explore\Command - M:\9n1k0g6t.cmd
\Shell\open\Command - M:\9n1k0g6t.cmd
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-20 09:55:45 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-29 05:00:00 C:\WINDOWS\Tasks\B512C91F918974E3.job"
- c:\docume~1\user\applic~1\upload~1\idol nurb tool.exe
"2008-03-29 05:11:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2009-03-03 09:39:08 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - user.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 12:45:45
Windows 5.1.2600 Service Pack 3, v.3311 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
-> C:\Program Files\VisualTaskTips\VttHooks.dll
-> C:\Program Files\TrueTransparency\TrueTransparencyHook.dll
-> C:\Program Files\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\Ati2evxx.exe