ComboFix 08-07-11.1 - Owner 2008-07-11 23:04:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.82 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\smp.bat
C:\WINDOWS\BMb3022162.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\dsaip32b.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\atomvysi.dll
C:\WINDOWS\system32\awtUMCTl.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cfyxukka.ini
C:\WINDOWS\system32\cpaakwjd.dll
C:\WINDOWS\system32\dhbnja.dll
C:\WINDOWS\system32\dkuximfn.ini
C:\WINDOWS\system32\eavzvm.dll
C:\WINDOWS\system32\eyjibdsd.dll
C:\WINDOWS\system32\fobpnhec.ini
C:\WINDOWS\system32\geBtRlkk.dll
C:\WINDOWS\system32\gjwkvnxv.dll
C:\WINDOWS\system32\GQBLUvut.ini
C:\WINDOWS\system32\GQBLUvut.ini2
C:\WINDOWS\system32\gwcsqwkx.dll
C:\WINDOWS\system32\hcrxjfpq.dll
C:\WINDOWS\system32\hffemffw.ini
C:\WINDOWS\system32\iphglakl.dll
C:\WINDOWS\system32\ixqcdpft.ini
C:\WINDOWS\system32\jexean.dll
C:\WINDOWS\system32\jmbalamh.dll
C:\WINDOWS\system32\khfEtrQK.dll
C:\WINDOWS\system32\khfEVLEu.dll
C:\WINDOWS\system32\kklRtBeg.ini
C:\WINDOWS\system32\kklRtBeg.ini2
C:\WINDOWS\system32\knchaxyl.dll
C:\WINDOWS\system32\ktfdvsku.ini
C:\WINDOWS\system32\lfffnwpn.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mhmigsei.dll
C:\WINDOWS\system32\mpeisc.dll
C:\WINDOWS\system32\nibqjpix.dll
C:\WINDOWS\system32\njeuxy.dll
C:\WINDOWS\system32\obmphjtq.ini
C:\WINDOWS\system32\oeminfo.ini
C:\WINDOWS\system32\onaodfrr.dll
C:\WINDOWS\system32\pbpkjh.dll
C:\WINDOWS\system32\pesmoxdu.ini
C:\WINDOWS\system32\ptkjhv.dll
C:\WINDOWS\system32\qpfjxrch.ini
C:\WINDOWS\system32\quffbvsr.dll
C:\WINDOWS\system32\rermghas.dll
C:\WINDOWS\system32\rjolwe.dll
C:\WINDOWS\system32\rqRKEUmJ.dll
C:\WINDOWS\system32\stsqdbns.dll
C:\WINDOWS\system32\suxdgmvy.dll
C:\WINDOWS\system32\topouikp.dll
C:\WINDOWS\system32\uancvjyl.ini
C:\WINDOWS\system32\udxomsep.dll
C:\WINDOWS\system32\unbidxxv.dll
C:\WINDOWS\system32\uvdmtlje.dll
C:\WINDOWS\system32\wegmeibv.dll
C:\WINDOWS\system32\wqkvfj.dll
C:\WINDOWS\system32\wujske.dll
C:\WINDOWS\system32\wvgfayub.dll
C:\WINDOWS\system32\wyheba.dll
C:\WINDOWS\system32\xfxwgmsq.dll
C:\WINDOWS\system32\xjesgjgu.ini
C:\WINDOWS\system32\yhyoomoc.ini
C:\WINDOWS\system32\ypbavdtp.dll
D:\Autorun.inf
----- BITS: Possible infected sites -----
hxxp://www.graboid.com
.
((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 )))))))))))))))))))))))))))))))
.
2008-07-11 02:02 . 2008-07-11 02:02 22,371 --a------ C:\WINDOWS\b728x90.tmp
2008-07-11 01:31 . 2008-07-11 01:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-11 01:31 . 2008-07-11 01:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-05 02:50 . 2008-07-05 02:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Launcher
2008-07-04 22:34 . 2008-07-04 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Graboid Inc
2008-07-04 22:30 . 2008-07-04 22:30 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\MozillaControl
2008-07-04 22:29 . 2008-07-04 22:30 <DIR> d-------- C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-07-04 22:28 . 2008-07-04 22:30 <DIR> d-------- C:\Program Files\Graboid
2008-07-02 19:44 . 2008-07-02 19:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-02 19:32 . 2008-07-02 19:30 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-02 19:30 . 2008-07-02 19:32 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-07-02 19:18 . 2008-07-02 19:20 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AdwareAlert
2008-07-02 19:17 . 2008-07-04 11:43 <DIR> d-------- C:\Program Files\AdwareAlert
2008-06-25 11:32 . 2008-06-25 11:32 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-06-25 11:32 . 2002-08-20 01:41 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-06-25 11:32 . 2003-05-22 00:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2008-06-25 11:32 . 2003-05-22 00:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-06-25 11:32 . 2003-05-22 00:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2008-06-25 11:32 . 2004-02-04 22:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2008-06-25 11:32 . 2003-05-22 00:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2008-06-25 11:32 . 2000-03-14 21:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2008-06-25 11:19 . 2008-06-25 11:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\vlc
2008-06-25 10:57 . 2008-06-25 10:57 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-06-25 10:56 . 2008-06-25 10:56 <DIR> d-------- C:\Program Files\Raxco
2008-06-25 10:56 . 2008-06-25 10:56 <DIR> d-------- C:\Program Files\CA
2008-06-25 10:56 . 2008-06-25 10:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-06-25 10:55 . 2008-06-27 13:39 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-06-25 10:48 . 2008-06-25 10:48 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-25 10:14 . 2008-06-25 11:06 53,192 --a------ C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-06-25 10:13 . 2007-04-19 11:24 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys
2008-06-25 10:02 . 2008-06-25 10:02 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-06-25 08:52 . 2008-06-27 11:55 <DIR> d-------- C:\Program Files\Registry Mighty
2008-06-20 01:26 . 2008-06-13 09:10 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-20 01:26 . 2008-06-13 09:10 272,128 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 03:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\DNA
2008-07-12 03:02 8,148 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-06-30 19:04 --------- d-----w C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-06-28 18:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-06-28 17:26 --------- d-----w C:\Program Files\Audible
2008-06-26 00:48 --------- d-----w C:\Program Files\Accessdiver
2008-06-25 15:05 --------- d-----w C:\Documents and Settings\Owner\Application Data\AT&T
2008-06-25 14:54 --------- d-----w C:\Program Files\AT&T
2008-06-25 14:53 --------- d-----w C:\Program Files\InstallShield Installation Information
2008-06-25 14:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\AT&T
2008-06-25 13:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\Motive
2008-06-18 22:43 --------- d-----w C:\Program Files\xchat
2008-06-18 22:27 --------- d-----w C:\Program Files\BigFix
2008-06-10 18:36 --------- d-----w C:\Program Files\DivX
2008-06-06 17:34 --------- d-----w C:\Documents and Settings\Owner\Application Data\DivX
2008-06-06 05:24 --------- d-----w C:\Program Files\Tor
2008-05-30 04:04 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-29 15:41 --------- d-----w C:\Program Files\Microsoft Works
2008-05-29 03:45 --------- d-----w C:\Program Files\Common Files\ASCOM
2008-05-29 03:44 --------- d-----w C:\Program Files\ASCOM
2008-05-29 03:04 --------- d-----w C:\Program Files\Microsoft Research
2008-03-29 01:32 53,934 ----a-w C:\Program Files\INSTALL.LOG
2008-02-16 18:47 0 -c-ha-w C:\Documents and Settings\Owner\hpothb07.dat
2007-11-08 01:32 43,752 -c--a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2006-04-30 23:55 164 -c-ha-w C:\Documents and Settings\All Users\hpothb07.dat
2005-03-03 01:03 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-09 03:07 289088]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-18 14:30 3628080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-01-29 22:13 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-01-29 22:13 118784]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 16:42 212992]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-03 21:00 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"HelpCenter4.1"="C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-06-28 19:02 198184]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"RegistryMighty.exe"="C:\Program Files\Registry Mighty\RegistryMighty.exe" [2008-05-22 19:28 3256832]
"ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 13:12 2061816]
"AT&T Internet Security Suite"="C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe" [2007-06-28 16:09 310000]
"-FreedomNeedsReboot"="C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe" [2007-06-28 16:09 13552]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-02 22:08:34 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 21:56:10 40960]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-10-26 04:09:52 811008]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\att-nap\\McciBrowser.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
R2 McciCMService;McciCMService;C:\Program Files\Common Files\Motive\McciCMService.exe [2008-01-28 16:56]
S3 2d5d50c5-c60f-4a7f-82d6-372f0bee9b2f;2d5d50c5-c60f-4a7f-82d6-372f0bee9b2f;E:\CDS300\cds300.dll []
S3 krdpdre;krdpdre;C:\DOCUME~1\Owner\LOCALS~1\Temp\krdpdre.sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-01-28 16:56]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-01-28 16:56]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 Radialpoint Security Services;AT&T Internet Security Suite;C:\WINDOWS\system32\dllhost.exe [2004-08-04 15:00]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 15:00]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{362dc7c1-3718-11d9-8bd0-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a976d37-371b-11d9-8bd3-00038a000015}]
\Shell\AutoRun\command - G:\Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a461a84-e54d-11db-9b1e-001111a802a3}]
\Shell\AutoRun\command - F:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca11b496-3d04-11dc-9b50-001111a802a3}]
\Shell\AutoRun\command - F:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb095743-3723-11d9-805e-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f087f49d-3761-11d9-84dc-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder
"2008-07-11 07:00:01 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
- C:\Program Files\AdwareAlert
"2008-05-21 23:09:46 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1203187297.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2005-02-27 23:20:25 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2005-02-27 23:20:25 C:\WINDOWS\Tasks\ISP signup reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2005-02-27 23:20:25 C:\WINDOWS\Tasks\ISP signup reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
- - - - ORPHANS REMOVED - - - -
BHO-{E995073E-28F6-4621-A82B-2A5F87E35620} - C:\WINDOWS\system32\tuvULBQG.dll
HKCU-Run-MoneyAgent - C:\Program Files\Microsoft Money\System\mnyexpr.exe
HKCU-Run-AdwareAlert - C:\Program Files\AdwareAlert\AdwareAlert.exe
HKLM-Run-b03112fe - C:\WINDOWS\system32\udxomsep.dll
HKLM-Run-BMb3022162 - C:\WINDOWS\system32\wvgfayub.dll
Notify-tuvULBQK - tuvULBQK.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 23:22:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterr.exe
.
**************************************************************************
.
Completion time: 2008-07-11 23:33:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-12 03:32:59
Pre-Run: 30,152,781,824 bytes free
Post-Run: 32,422,420,480 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
266 --- E O F --- 2008-06-20 07:16:31
HIJIACK THIS LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:12 PM, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RegistryMighty.exe] C:\Program Files\Registry Mighty\RegistryMighty.exe
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [AT&T Internet Security Suite] "C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Startup: Chris Sawyer's Locomotion Registration.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\{2EEDFE55-86BD-4EE0-8931-548181D4CDFF}\{77F45E76-E897-42CA-A9FE-5F56817D875C}\ATR1.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {705EC6D4-B138-4079-A307-EF13E40C2416} (InstallerWeb Control) - https://txdalas01.cl...ies/instweb.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 7170 bytes
Thanks for the help