For some reason I'm not allowed to move any icon's down to the bar at the bottom of my desktop for a one-click
option like I used to be able too. I can move them, but they wont stay there.
And can I or should remove WUFix, Kaspersky, xp_exe_fix, and ComboFix ?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:55 PM, on 2/6/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ImageIt\ItRun.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\VIA\VIA Sound Player\mixer\AudioDeck_bmp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinIt] C:\Program Files\ImageIt\ItRun.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA\VIA Sound Player\mixer\AudioDeck_bmp.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1132860876384
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132860863406
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
--
End of file - 7485 bytes
--------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------
ComboFix 09-02-06.01 - Gordon Wilder 2009-02-06 17:34:09.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.511.207 [GMT -8:00]
Running from: c:\documents and settings\Gordon Wilder\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Gordon Wilder\Desktop\CFScript.txt
AV: AVG *On-access scanning disabled* (Outdated)
* Created a new restore point
FILE ::
c:\documents and settings\Gordon Wilder\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-3d129422
c:\documents and settings\Gordon Wilder\Application Data\Sun\Java\Deployment\cache\6.0\32\41acce0-5748b680
c:\documents and settings\Gordon Wilder\Application Data\Sun\Java\Deployment\cache\6.0\49\49820371-6e916594
c:\documents and settings\Gordon Wilder\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-65f5312c.zip
c:\documents and settings\Gordon Wilder\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4e1040f8-7f7dc040.zip
c:\documents and settings\Gordon Wilder\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-177d477e.zip
c:\windows\system32\drivers\ip6fw.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Gordon Wilder\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-3d129422
c:\documents and settings\Gordon Wilder\Application Data\Sun\Java\Deployment\cache\6.0\32\41acce0-5748b680
c:\documents and settings\Gordon Wilder\Application Data\Sun\Java\Deployment\cache\6.0\49\49820371-6e916594
c:\documents and settings\Gordon Wilder\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-65f5312c.zip
c:\documents and settings\Gordon Wilder\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4e1040f8-7f7dc040.zip
c:\documents and settings\Gordon Wilder\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-177d477e.zip
c:\windows\system32\_000228_.tmp.dll
c:\windows\system32\drivers\ip6fw.sys
.
((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 )))))))))))))))))))))))))))))))
.
2009-02-06 16:58 . 2009-02-06 16:58 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-02-06 16:49 . 2009-02-06 17:09 <DIR> d-------- c:\program files\NOS
2009-02-06 16:49 . 2009-02-06 17:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-02-06 13:16 . 2009-02-06 13:16 <DIR> d-------- c:\program files\Trend Micro
2009-02-05 21:44 . 2004-08-03 14:03 167,704 --a------ c:\windows\system32\wuaucpl.cpl
2009-02-05 16:39 . 2009-02-06 17:34 <DIR> d-------- c:\windows\system32\CatRoot2
2009-02-05 16:35 . 2009-02-05 16:35 <DIR> d-------- c:\windows\Sdold
2009-02-05 15:40 . 2009-02-05 15:40 <DIR> d-------- c:\documents and settings\Gordon Wilder\Application Data\Malwarebytes
2009-02-05 15:39 . 2009-02-05 15:39 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-05 15:39 . 2009-02-05 15:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-05 15:39 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-05 15:39 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-04 20:43 . 2007-06-28 23:43 123,602 --a------ c:\windows\system32\nvapps.nvb
2009-02-04 20:34 . 2001-08-23 04:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2009-02-04 20:33 . 2001-08-23 04:00 10,096,640 --a--c--- c:\windows\system32\dllcache\hwxcht.dll
2009-02-04 20:32 . 2001-05-22 21:15 872,557 --a--c--- c:\windows\system32\dllcache\fp4awel.dll
2009-02-04 20:27 . 2001-08-23 04:00 3,346,432 --a--c--- c:\windows\system32\dllcache\msgr3en.dll
2009-02-04 20:27 . 2001-08-23 04:00 794,686 --a--c--- c:\windows\system32\dllcache\srchui.dll
2009-02-04 20:27 . 2001-08-23 04:00 405,504 --a--c--- c:\windows\system32\dllcache\swflash.ocx
2009-02-04 20:27 . 2001-08-23 04:00 106,562 --a--c--- c:\windows\system32\dllcache\srchctls.dll
2009-02-04 20:27 . 2009-02-04 20:27 749 -rah----- c:\windows\WindowsShell.Manifest
2009-02-04 20:27 . 2009-02-04 20:27 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-02-04 20:27 . 2009-02-04 20:27 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-02-04 20:27 . 2009-02-04 20:27 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-02-04 20:27 . 2009-02-04 20:27 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-02-04 20:27 . 2009-02-04 20:27 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-02-04 20:25 . 2001-08-23 04:00 1,266,688 --a--c--- c:\windows\system32\dllcache\cimwin32.dll
2009-02-04 20:23 . 2001-08-17 13:59 50,048 --a------ c:\windows\system32\drivers\DMusic.sys
2009-02-04 20:23 . 2001-08-17 14:00 5,632 --a------ c:\windows\system32\drivers\splitter.sys
2009-02-04 20:22 . 2001-08-17 13:51 55,808 --a------ c:\windows\system32\drivers\redbook.sys
2009-02-04 20:20 . 2001-08-17 13:50 181,632 --a------ c:\windows\system32\drivers\rdpdr.sys
2009-02-04 20:20 . 2001-08-17 22:38 37,896 --a------ c:\windows\system32\drivers\termdd.sys
2009-02-04 16:53 . 2009-02-04 16:53 <DIR> d-------- c:\documents and settings\Gordon Wilder\Application Data\AVGTOOLBAR
2009-02-03 21:31 . 2009-02-03 21:31 26,624 --a------ c:\windows\system32\drivers\fsbts.sys
2009-01-28 17:37 . 2009-01-28 17:37 <DIR> d-------- C:\Temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 20:46 --------- d-----w c:\documents and settings\Gordon Wilder\Application Data\Lavasoft
2009-02-05 00:50 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-02-04 00:16 --------- d-----w c:\program files\PokerStars
2009-02-03 03:39 --------- d-----w c:\program files\Full Tilt Poker
2009-01-30 00:21 --------- d-----w c:\program files\SpywareBlaster
2009-01-20 05:00 --------- d-----w c:\program files\SpywareGuard
2008-12-22 19:27 --------- d-----w c:\program files\Google
2008-12-16 02:21 --------- d-----w c:\program files\Java
2008-12-10 03:10 --------- d-----w c:\documents and settings\All Users\Application Data\IM
2008-12-10 03:09 --------- d-----w c:\documents and settings\All Users\Application Data\IncrediMail
2007-04-11 05:26 32 -c--a-r c:\documents and settings\All Users\hash.dat
.
((((((((((((((((((((((((((((( snapshot@2009-02-04_23.27.22.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 04:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2005-12-02 13:30:59 478,208 ----a-w c:\windows\system32\aswBoot.exe
+ 2008-11-26 17:21:30 1,236,208 ----a-w c:\windows\system32\aswBoot.exe
- 2005-12-02 13:24:16 90,112 ----a-w c:\windows\system32\AVASTSS.scr
+ 2008-11-26 17:15:10 97,480 ----a-w c:\windows\system32\AVASTSS.scr
- 2001-08-23 12:00:00 9,728 ----a-w c:\windows\system32\cdm.dll
+ 2004-08-03 22:00:12 71,448 ----a-w c:\windows\system32\cdm.dll
- 2009-02-05 04:39:37 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-06 05:38:06 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-05 04:39:37 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-06 05:38:06 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-05 07:16:54 262,144 ----a-w c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-02-06 20:51:45 262,144 ----a-w c:\windows\system32\config\systemprofile\ntuser.dat
- 2001-08-23 12:00:00 9,728 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2004-08-03 22:00:12 71,448 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2001-08-23 12:00:00 60,928 -c--a-w c:\windows\system32\dllcache\iuctl.dll
+ 2002-05-23 18:52:40 100,712 -c--a-w c:\windows\system32\dllcache\iuctl.dll
- 2001-08-23 12:00:00 128,512 -c--a-w c:\windows\system32\dllcache\iuengine.dll
+ 2004-08-03 22:04:40 185,624 -c--a-w c:\windows\system32\dllcache\iuengine.dll
- 2001-08-23 12:00:00 112,128 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-03 22:02:20 113,944 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2001-08-23 12:00:00 95,744 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2004-08-03 22:07:38 1,081,112 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-11-26 17:15:35 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
+ 2008-11-26 17:17:25 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
+ 2008-11-26 17:18:25 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys
+ 2008-11-26 17:18:18 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys
- 2005-12-02 14:04:36 16,352 -c--a-w c:\windows\system32\drivers\aswRdr.sys
+ 2008-11-26 17:16:29 23,152 -c--a-w c:\windows\system32\drivers\aswRdr.sys
+ 2008-11-26 17:17:36 111,184 ----a-w c:\windows\system32\drivers\aswSP.sys
+ 2008-11-26 17:16:38 50,864 ----a-w c:\windows\system32\drivers\aswTdi.sys
- 2001-08-23 12:00:00 60,928 ----a-w c:\windows\system32\iuctl.dll
+ 2002-05-23 18:52:40 100,712 ----a-w c:\windows\system32\iuctl.dll
- 2001-08-23 12:00:00 128,512 ----a-w c:\windows\system32\iuengine.dll
+ 2004-08-03 22:04:40 185,624 ----a-w c:\windows\system32\iuengine.dll
- 2009-02-05 07:19:31 59,780 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-06 21:32:31 59,780 ----a-w c:\windows\system32\perfc009.dat
- 2009-02-05 07:19:31 397,560 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-06 21:32:31 397,560 ----a-w c:\windows\system32\perfh009.dat
- 2001-08-23 12:00:00 112,128 ----a-w c:\windows\system32\wuauclt.exe
+ 2004-08-03 22:02:20 113,944 ----a-w c:\windows\system32\wuauclt.exe
- 2001-08-23 12:00:00 95,744 ----a-w c:\windows\system32\wuaueng.dll
+ 2004-08-03 22:07:38 1,081,112 ----a-w c:\windows\system32\wuaueng.dll
+ 2009-02-07 01:38:48 16,384 ----atw c:\windows\temp\Perflib_Perfdata_590.dat
+ 2009-02-07 01:38:55 16,384 ----atw c:\windows\temp\Perflib_Perfdata_700.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 81920]
"ctfmon.exe"="c:\windows\System32\ctfmon.exe" [2001-08-23 13312]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinIt"="c:\program files\ImageIt\ItRun.EXE" [2003-06-25 434176]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AudioDeck.lnk - c:\program files\VIA\VIA Sound Player\mixer\AudioDeck_bmp.exe [2005-11-19 466944]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-02-03 26624]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-06 111184]
R2 FSHOOK;FSHOOK;c:\windows\system32\drivers\FSHOOK.SYS [2005-11-19 7040]
R3 EUCR;ENE USB Mass Storage;c:\windows\system32\drivers\EUCR6SK.sys [2007-06-22 42240]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-06 20560]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\documents and settings\Gordon Wilder\Local Settings\Temp\{63F0F3BD-5B45-44E3-AF18-0003C5DD213D}\fsgk.sys --> c:\documents and settings\Gordon Wilder\Local Settings\Temp\{63F0F3BD-5B45-44E3-AF18-0003C5DD213D}\fsgk.sys [?]
S3 iteio;iteio;c:\windows\system32\drivers\Iteio.sys [2005-11-19 3680]
S3 Vsp;Vsp;c:\windows\system32\drivers\VSP.sys [2005-11-19 3351]
.
Contents of the 'Scheduled Tasks' folder
2007-03-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
Trusted Zone: download.microsoft.com
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: update.microsoft.com
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.microsoft.com
FF - ProfilePath - c:\documents and settings\Gordon Wilder\Application Data\Mozilla\Firefox\Profiles\tc11s4m1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 17:39:24
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\ODBC32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
- - - - - - - > 'lsass.exe'(692)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\System32\dssenh.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2009-02-06 17:43:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-07 01:42:31
ComboFix2.txt 2009-02-06 21:00:46
ComboFix3.txt 2009-02-05 23:21:52
ComboFix4.txt 2009-02-05 07:29:21
Pre-Run: 94,989,860,864 bytes free
Post-Run: 95,047,577,600 bytes free
237 --- E O F --- 2009-01-14 06:12:48