I had to restart after combofix was completed, So I ran it again after restart to produce a log, also posting a new HJT log. Thanks a bunch for the help.
HJT--
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:03 PM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zon...1/GAME_UNO1.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1206095937234O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://crucial.com/c.../cpcScanner.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab56907.cabO20 - AppInit_DLLs: C:\WINDOWS\system32\pmai.dll
O20 - Winlogon Notify: PremierOpinion - C:\WINDOWS\system32\pmls.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 3892 bytes
ComboFix Log--
ComboFix 08-04-08.10 - Fred 2008-04-09 14:11:05.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1718 [GMT -4:00]
Running from: C:\Documents and Settings\Fred\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\pmai.dll
C:\WINDOWS\system32\pmls.dll
C:\WINDOWS\system32\pmph.dll
C:\WINDOWS\system32\pmxf.dll
.
((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.
2008-04-08 21:51 . 2008-04-08 21:51 <DIR> d-------- C:\Program Files\SpywareGuard
2008-04-08 21:49 . 2008-04-09 10:04 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-08 21:49 . 2008-04-09 10:04 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-08 21:49 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-04-08 21:31 . 2008-04-08 21:31 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-04-08 21:14 . 2008-04-08 21:14 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Malwarebytes
2008-04-08 21:14 . 2008-04-08 21:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-08 21:09 . 2008-04-08 21:09 <DIR> d-------- C:\Program Files\InCode Solutions
2008-04-07 13:28 . 2008-04-07 13:28 <DIR> d-------- C:\Program Files\iPod
2008-04-07 13:22 . 2008-04-09 11:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-07 13:22 . 2008-04-07 13:22 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-03 04:35 . 2008-04-08 21:27 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-03 04:35 . 2008-04-08 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-03 02:55 . 2008-04-03 02:55 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Grisoft
2008-04-03 02:55 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-03 02:54 . 2008-04-03 02:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-03 02:49 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-03 02:49 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-03 02:38 . 2008-04-08 21:29 <DIR> d-------- C:\Program Files\Comodo
2008-04-03 02:38 . 2007-11-26 10:38 238,848 --a------ C:\WINDOWS\UNBOC.EXE
2008-04-03 02:38 . 2007-05-08 17:01 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
2008-04-03 02:38 . 2006-02-28 08:00 22,528 --a------ C:\WINDOWS\system32\wsock32.dlb
2008-04-03 02:02 . 2008-04-03 02:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-03 01:57 . 2008-04-03 03:07 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-04-03 01:53 . 2008-04-03 01:53 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-03 01:53 . 2003-03-18 16:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-04-03 01:28 . 2008-04-03 01:28 164 --a------ C:\install.dat
2008-04-02 19:26 . 2008-04-02 19:26 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-01 03:48 . 2003-05-07 13:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2008-03-31 01:04 . 2008-04-08 22:34 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Yahoo!
2008-03-29 22:58 . 2008-04-08 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-29 22:57 . 2008-04-08 22:34 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-29 22:43 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-03-29 22:43 . 2004-08-04 00:56 90,624 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-03-29 22:43 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-03-29 22:43 . 2004-08-04 00:56 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-03-29 22:43 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-03-29 22:43 . 2004-08-04 00:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-03-29 22:43 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-03-29 22:43 . 2004-08-04 00:56 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-03-29 22:43 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-03-29 22:43 . 2004-08-04 00:56 28,672 --a--c--- C:\WINDOWS\system32\dllcache\vidcap.ax
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-27 18:35 . 2008-03-27 18:35 268 --ah----- C:\sqmdata02.sqm
2008-03-27 18:35 . 2008-03-27 18:35 244 --ah----- C:\sqmnoopt02.sqm
2008-03-25 19:39 . 2006-02-28 08:00 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2008-03-25 19:37 . 2008-03-25 19:37 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\NPLUTO Corporation
2008-03-25 19:32 . 2001-08-17 22:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2008-03-25 18:19 . 2008-04-03 01:15 <DIR> d-------- C:\Program Files\DriftCity
2008-03-24 20:46 . 2008-03-24 20:46 31 --a------ C:\WINDOWS\GunzLauncher.INI
2008-03-24 18:22 . 2008-03-24 18:22 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-03-24 18:22 . 2003-07-17 05:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-03-24 18:22 . 2004-12-31 20:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-03-24 15:38 . 2008-03-24 15:38 <DIR> d-------- C:\ijji
2008-03-24 15:38 . 2008-03-25 10:32 <DIR> d--h----- C:\Documents and Settings\Fred\Application Data\ijjigame
2008-03-23 15:57 . 2008-03-23 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-03-23 15:56 . 2008-03-29 22:43 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-03-23 15:56 . 2007-11-15 10:06 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-03-23 15:56 . 2008-03-23 15:56 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-03-20 10:40 . 2008-03-20 10:40 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-03-19 16:47 . 2008-03-19 16:47 <DIR> d-------- C:\Program Files\CCleaner
2008-03-13 19:12 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-03-13 19:12 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-03-12 20:58 . 2008-03-12 20:58 <DIR> d-------- C:\WINDOWS\PaltalkScene
2008-03-12 20:58 . 2008-04-08 22:34 <DIR> d-------- C:\Program Files\Paltalk Messenger
2008-03-12 20:58 . 2008-04-08 22:34 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Paltalk
2008-03-11 13:04 . 2008-03-11 13:04 268 --ah----- C:\sqmdata01.sqm
2008-03-11 13:04 . 2008-03-11 13:04 244 --ah----- C:\sqmnoopt01.sqm
2008-03-10 14:38 . 2008-03-10 14:38 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-03-10 14:35 . 2008-03-10 14:35 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-03-10 14:35 . 2008-01-18 03:36 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-03-10 14:29 . 2008-03-10 14:29 268 --ah----- C:\sqmdata00.sqm
2008-03-10 14:29 . 2008-03-10 14:29 244 --ah----- C:\sqmnoopt00.sqm
2008-03-09 23:16 . 2008-03-09 23:16 <DIR> d-------- C:\Documents and Settings\Fred\Contacts
2008-03-09 23:13 . 2008-03-09 23:15 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-09 23:12 . 2008-03-09 23:15 <DIR> d-------- C:\Program Files\Windows Live
2008-03-09 23:12 . 2008-03-09 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-09 23:08 . 2008-03-09 23:08 1,024 --a------ C:\.rnd
2008-03-09 21:13 . 2008-04-09 11:02 <DIR> d-------- C:\Program Files\Xfire
2008-03-09 21:13 . 2008-04-09 14:07 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Xfire
2008-03-09 19:23 . 2008-04-08 22:34 <DIR> d-------- C:\Program Files\NCSoft
2008-03-09 18:21 . 2008-03-09 19:21 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\GetRightToGo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 16:38 --------- d-----w C:\Program Files\SwiftKit
2008-04-09 15:26 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-09 15:25 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-09 02:36 --------- d-----w C:\Program Files\Electronic Arts
2008-04-09 02:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-07 22:38 --------- d-----w C:\Program Files\WarRock
2008-04-07 17:28 --------- d-----w C:\Program Files\iTunes
2008-04-07 17:27 --------- d-----w C:\Program Files\QuickTime
2008-04-05 00:27 --------- d-----w C:\Documents and Settings\Fred\Application Data\LimeWire
2008-04-03 06:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-03 05:14 --------- d-----w C:\Documents and Settings\Fred\Application Data\Apple Computer
2008-03-30 18:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-23 19:56 --------- d-----w C:\Program Files\Common Files\Logitech
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-11 17:03 --------- d-----w C:\Program Files\Steam
2008-03-06 16:59 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-03-06 16:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-03-06 15:15 --------- d-----w C:\Documents and Settings\Fred\Application Data\InstallShield
2008-03-05 00:58 --------- d-----w C:\Program Files\Midway Home Entertainment
2008-02-27 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-21 19:45 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-21 19:45 --------- d--h--r C:\Documents and Settings\Fred\Application Data\SecuROM
2008-02-21 19:45 --------- d-----w C:\Program Files\GameSpy
2008-02-21 19:41 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-02-21 19:41 22,328 ----a-w C:\Documents and Settings\Fred\Application Data\PnkBstrK.sys
2008-02-21 07:20 --------- d-----w C:\Program Files\Disney
2008-02-21 07:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-21 07:00 --------- d-----w C:\Documents and Settings\Fred\Application Data\acccore
2008-02-21 06:55 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-02-21 06:55 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-02-20 23:52 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-02-20 23:34 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-02-20 23:34 --------- d-----w C:\Documents and Settings\Fred\Application Data\SystemRequirementsLab
2008-02-20 22:28 --------- d-----w C:\Program Files\Realtek
2008-02-20 22:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-20 22:02 --------- d-----w C:\Documents and Settings\Fred\Application Data\Ventrilo
2008-02-20 22:01 --------- d-----w C:\Program Files\Ventrilo
2008-02-20 22:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-20 22:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SwiftKit
2008-02-20 21:59 --------- d-----w C:\Program Files\Apple Software Update
2008-02-20 21:58 --------- d-----w C:\Program Files\VentSrv
2008-02-20 21:58 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-20 21:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-20 21:57 --------- d-----w C:\Program Files\LimeWire
2008-02-20 21:57 --------- d-----w C:\Program Files\Java
2008-02-20 21:55 --------- d-----w C:\Program Files\Common Files\Java
2008-02-20 21:54 --------- d-----w C:\Documents and Settings\Fred\Application Data\Logitech
2008-02-20 21:53 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-02-20 21:53 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-02-20 21:52 --------- d-----w C:\Program Files\Logitech
2008-02-20 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-02-20 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-20 21:36 --------- d-----w C:\Program Files\Viewpoint
2008-02-20 21:36 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-20 21:36 --------- d-----w C:\Program Files\AIM6
2008-02-20 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-20 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-20 21:25 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-29 16:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PremierOpinion]
C:\WINDOWS\system32\pmls.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\pmai.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Fred^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Fred\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Fred^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\Fred\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 05:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 06:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
-r------- 2006-04-24 22:52 385024 C:\WINDOWS\system32\JMRaidTool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayNC Launcher]
C:\program files\ncsoft\launcher\NCLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PremierOpinion]
c:\windows\system32\pmropn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxCSI]
C:\Program Files\PrevxCSI\prevxcsi.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoveIT Pro XT]
C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-06-28 02:54 16248320 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeekmoOE]
C:\Program Files\Seekmo\bin\10.0.406.0\OEAddOn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeekmoSA]
C:\Program Files\Seekmo\bin\10.0.406.0\SeekmoSA.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 06:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-05 22:13 1266936 C:\Program Files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 04:42 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\Lost Planet Extreme Condition\\LostPlanetDx10.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\WarRock\\WRLauncher.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 AGR1310_51;Agere Systems ET-13xx PCI-E Ethernet Adapter XP Driver;C:\WINDOWS\system32\DRIVERS\AGR1310_51.sys [2006-02-12 22:15]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-02 12:26:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-09 14:12:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-09 14:12:42
ComboFix-quarantined-files.txt 2008-04-09 18:12:38
ComboFix2.txt 2008-04-09 15:21:15
Pre-Run: 139,778,408,448 bytes free
Post-Run: 139,765,993,472 bytes free
.
2008-04-04 04:25:03 --- E O F ---