Here's the log, Judy.
ComboFix 09-01-07.02 - Karl Johnson 2009-01-07 21:35:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1557 [GMT -8:00]
Running from: c:\documents and settings\Karl Johnson\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Karl Johnson\Application Data\.#
c:\documents and settings\Karl Johnson\Application Data\inst.exe
c:\windows\Downloaded Program Files\setup.inf
c:\windows\jestertb.dll
c:\windows\system32\au3305adc.dll
c:\windows\system32\cfx32.ocx
c:\windows\system32\qrqsvGgh.ini2
c:\windows\winhelp.ini
.
((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.
2009-01-07 07:02 . 2009-01-07 07:01 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
2009-01-07 06:44 . 2009-01-07 06:44 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 06:44 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-01-07 06:44 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-04 20:24 . 2009-01-04 20:29 <DIR> d-------- c:\program files\RegScrubXP
2009-01-02 22:28 . 2009-01-02 22:28 <DIR> d-------- c:\program files\Mattel Interactive
2009-01-02 12:03 . 2005-07-19 18:05 135,168 --a------ c:\windows\SYSTEM32\igfxres.dll
2009-01-02 11:29 . 2009-01-02 11:34 <DIR> d-------- c:\program files\SystemRequirementsLab
2009-01-02 11:29 . 2009-01-02 11:29 <DIR> d-------- c:\documents and settings\Karl Johnson\Application Data\SystemRequirementsLab
2009-01-02 10:43 . 2009-01-02 11:28 17 --a------ c:\windows\MovingPicture.ini
2009-01-02 10:42 . 2009-01-02 10:42 46 --a------ c:\windows\SYSTEM32\blue.SITENAME
2009-01-02 10:41 . 2009-01-02 10:45 455 --a------ c:\windows\VFO.VST
2008-12-31 20:50 . 2008-12-31 20:50 <DIR> d-------- c:\program files\proDAD
2008-12-31 20:37 . 2008-12-31 20:37 <DIR> d-------- c:\program files\AdorageI-SAL
2008-12-31 20:37 . 2008-12-31 20:39 <DIR> d-------- c:\program files\AdorageI-GfxDatas
2008-12-31 19:47 . 2008-12-31 19:47 <DIR> d-------- c:\program files\SmartSound Software
2008-12-31 19:47 . 2008-12-31 19:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2008-12-31 19:45 . 2009-01-02 11:28 1,208 --a------ c:\windows\VFO.INI
2008-12-31 19:44 . 2004-02-24 12:04 41,219 --a------ c:\windows\RSETPATH.exe
2008-12-31 19:44 . 2005-02-09 11:59 14,165 --a------ c:\windows\SYSTEM32\DRIVERS\Pclepci.sys
2008-12-31 19:41 . 2004-01-23 16:44 49,152 --a------ c:\windows\SYSTEM32\PCLEGetGuid.dll
2008-12-31 19:39 . 2009-01-02 10:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Pinnacle Studio
2008-12-31 19:34 . 2006-04-11 16:03 233,472 --------- c:\windows\SYSTEM32\DiskIO.dll
2008-12-31 19:34 . 2006-04-11 16:03 184,320 --------- c:\windows\SYSTEM32\RALMain.dll
2008-12-31 19:34 . 2005-06-02 19:28 171,008 --a------ c:\windows\SYSTEM32\DRIVERS\MarvinBus.sys
2008-12-31 19:34 . 2004-01-02 13:28 126,976 --------- c:\windows\SYSTEM32\AVIPrAx.dll
2008-12-31 19:34 . 2001-12-11 23:21 73,728 --------- c:\windows\SYSTEM32\MMAviAx.dll
2008-12-31 19:34 . 2006-07-06 14:32 39,936 --------- c:\windows\SYSTEM32\CacheX.dll
2008-12-31 19:34 . 2005-12-12 16:57 32,768 --------- c:\windows\SYSTEM32\MLPagAx.dll
2008-12-31 19:29 . 2008-12-31 19:49 <DIR> d-------- c:\program files\Pinnacle
2008-12-31 18:21 . 2009-01-02 10:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Pinnacle
2008-12-15 10:32 . 2008-12-15 10:32 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2008-12-13 15:35 . 2008-12-13 15:36 <DIR> d-------- c:\program files\iTunes
2008-12-13 15:35 . 2008-12-13 15:35 <DIR> d-------- c:\program files\iPod
2008-12-12 18:11 . 2008-12-12 18:11 <DIR> d-------- c:\program files\Microsoft Hardware
2008-12-12 18:09 . 2008-12-12 18:09 <DIR> d-------- c:\program files\Microsoft IntelliType Pro
2008-12-09 09:57 . 2008-12-09 09:57 <DIR> d-------- c:\program files\Common Files\Adobe AIR
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-01-07 23:50 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-07 15:01 --------- d-----w c:\program files\Java
2009-01-07 14:43 --------- d-----w c:\program files\Coupons
2009-01-07 14:15 --------- d-----w c:\program files\CCleaner
2009-01-07 14:12 --------- d-----w c:\documents and settings\Karl Johnson\Application Data\uTorrent
2009-01-06 23:08 --------- d-----w c:\program files\Trend Micro
2009-01-06 18:18 --------- d-----w c:\program files\EsetOnlineScanner
2009-01-05 04:47 --------- d-----w c:\program files\PowerArchiver
2009-01-05 03:35 --------- d-----w c:\documents and settings\Karl Johnson\Application Data\ImgBurn
2009-01-04 06:56 --------- d-----w c:\program files\Quicken
2009-01-04 06:46 --------- d-----w c:\program files\SilverMax Control Software
2009-01-04 06:46 --------- d-----w c:\program files\QuickControl
2009-01-04 06:44 --------- d-----w c:\program files\Citrix
2009-01-04 06:35 --------- d-----w c:\program files\SpywareBlaster
2009-01-02 23:17 --------- d-----w c:\program files\Password Safe
2009-01-01 03:55 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-01 03:45 --------- d-----w c:\program files\DivX
2008-12-19 04:26 --------- d-----w c:\program files\a-squared Anti-Malware
2008-12-18 18:43 --------- d-----w c:\program files\Google
2008-12-17 22:34 --------- d-----w c:\program files\Common Files\Palo Alto Software
2008-12-17 00:52 --------- d-----w c:\program files\Stamps.com Internet Postage
2008-12-16 18:42 --------- d-----w c:\program files\Common Files\Research In Motion
2008-12-15 18:33 --------- d-----w c:\program files\Roxio
2008-12-15 18:33 --------- d-----w c:\program files\Common Files\Roxio Shared
2008-12-15 18:32 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2008-12-13 23:35 --------- d-----w c:\program files\Common Files\Apple
2008-12-13 23:28 --------- d-----w c:\program files\QuickTime Alternative
2008-12-13 06:40 3,593,216 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-12-09 17:56 --------- d-----w c:\program files\Common Files\Adobe
2008-12-06 05:57 25,586 ----a-w C:\aem8.dat
2008-12-06 05:22 --------- d-----w c:\program files\Audio Edit Magic
2008-12-06 05:09 --------- d-----w c:\documents and settings\Karl Johnson\Application Data\AdobeUM
2008-12-05 22:17 --------- d-----w c:\program files\AnVir Task Manager
2008-12-04 03:00 --------- d-----w c:\documents and settings\Karl Johnson\Application Data\Vso
2008-11-30 05:02 --------- d-----w c:\documents and settings\Karl Johnson\Application Data\Roxio
2008-11-30 04:37 --------- d-----w c:\documents and settings\LocalService\Application Data\Roxio
2008-11-30 04:36 --------- d-----w c:\documents and settings\Karl Johnson\Application Data\Research In Motion
2008-11-30 02:58 --------- d-----w c:\documents and settings\All Users\Application Data\Sonic
2008-11-30 02:26 --------- d-----w c:\program files\Research In Motion
2008-11-29 05:25 --------- d-----w c:\program files\Defraggler
2008-11-26 16:47 --------- d-----w c:\documents and settings\Karl Johnson\Application Data\Stamps.com Internet Postage
2008-11-25 20:14 --------- d-----w c:\program files\BACKPACK
2008-11-24 01:16 --------- d-----w c:\program files\Avira
2008-11-24 01:16 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2008-11-23 22:02 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-23 22:01 --------- d-----w c:\documents and settings\Karl Johnson\Application Data\Symantec
2008-11-17 20:04 2,306,113 ----a-w c:\windows\SYSTEM32\GPhotos.scr
2008-11-10 07:05 --------- d-----w c:\documents and settings\Karl Johnson\Application Data\TechSmith
2008-10-30 04:17 47,360 ----a-w c:\documents and settings\Karl Johnson\Application Data\pcouffin.sys
2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 22:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 22:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
2008-10-16 22:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
2008-07-25 15:12 6,147 ----a-w c:\program files\PCLICSB.DAT
2008-06-25 16:27 60,744 ----a-w c:\documents and settings\Karl Johnson\g2mdlhlpx.exe
2007-10-19 17:25 0 ----a-w c:\program files\Common Files\dht342126
2007-05-07 14:37 307,200 ----a-w c:\documents and settings\Karl Johnson\wccapp00.dll
2007-03-06 15:39 87,608 ----a-w c:\documents and settings\Karl Johnson\Application Data\ezpinst.exe
2006-12-18 18:42 0 ----a-w c:\program files\Common Files\dht342
2006-03-13 17:26 87 ----a-w c:\documents and settings\Karl Johnson\INFO.DAT
2005-05-20 03:25 258 ------w c:\program files\Common Files\LMF.DAT
2006-04-20 20:08 28,672 ----a-w c:\program files\mozilla firefox\plugins\atgpcdec.dll
2007-09-29 02:57 6,275,816 ----a-w c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2008-06-30 20:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-12-17 21:59 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 21:59 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 21:59 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 21:59 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 21:59 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-05-28 18:27 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008052820080 529\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-09-11 1739264]
"AnVir Task Manager"="c:\program files\AnVir Task Manager\AnVir.exe" [2008-11-30 2733280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2004-03-04 211828]
"a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2008-11-26 2780816]
"ShellLess"="c:\program files\ShellLess\ShellLess.exe" [2008-09-02 2198528]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-21 94208]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-08 236016]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvC heck.exe" [2004-03-11 406016]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-07 136600]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-10-28 24576]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-08-08 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"RichVideo"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"<NO NAME>"=
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"TomcatStartup 2.5"=c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe
"StatusClient 2.6"=c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\SYSTEM32\DRIVERS\pssnap.sys [2008-05-20 15328]
R1 bpfinder;BACKPACK Finder;c:\windows\SYSTEM32\DRIVERS\bpfinder.sys [2000-09-12 60407]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\SYSTEM32\DRIVERS\VCdRom.sys [2007-02-14 8576]
R3 bpflt;BACKPACK Filter;c:\windows\SYSTEM32\DRIVERS\bpflt.sys [2000-09-12 4538]
R4 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2008-06-02 216032]
S3 AdWatchDrv;AW Realtime Driver;\??\c:\windows\system32\drivers\AWRTPD.sys --> c:\windows\system32\drivers\AWRTPD.sys [?]
S3 bppccard;BACKPACK PC Card;c:\windows\SYSTEM32\DRIVERS\bppccard.sys [2000-09-12 5653]
S3 bppnpdrv;BACKPACK Driver;c:\windows\SYSTEM32\DRIVERS\bppnpdrv.sys [2000-09-12 18454]
S3 bpusbdrv;BACKPACK USB 1 Cable;c:\windows\SYSTEM32\DRIVERS\bpusbdrv.sys [2000-10-11 109708]
S3 brfilt;Brother MFC Filter Driver;c:\windows\SYSTEM32\DRIVERS\BrFilt.sys [2004-12-13 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\SYSTEM32\DRIVERS\BrSerWdm.sys [2004-12-13 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\SYSTEM32\DRIVERS\BrUsbMdm.sys [2000-02-24 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\SYSTEM32\DRIVERS\BrUsbScn.sys [2000-02-24 10368]
S3 TNET1130x;Wireless-G Notebook Adapter v.2.0;c:\windows\SYSTEM32\DRIVERS\TNET1130x.sys [2005-07-21 385536]
S3 USA19;USA19;c:\windows\SYSTEM32\DRIVERS\usa192k.sy s [2005-06-07 308460]
S3 USA192KP;Keyspan MPR Serial Port Driver;c:\windows\SYSTEM32\DRIVERS\usa192kp.sys [2005-06-07 40868]
S4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S4 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S4 mrtRate;mrtRate; [x]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{55663798-16bf-11dd-9f64-0011435cb569}]
\Shell\AutoRun\command - m:\wd_windows_tools\Setup.exe
.
Contents of the 'Scheduled Tasks' folder
2009-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-PCLEUSBTip - c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.weightwatchers.com/index.aspx
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.dell4me.com/mywaybiz
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: www.wireless.att.com
Trusted Zone: support.dell.com
Trusted Zone: quicken.intuit.com
Trusted Zone: www.linearindustries.com
Trusted Zone: www.lintechmotion.com
Trusted Zone: www.morganstanleyclientserv.com
Trusted Zone: *.turbotax.com
Trusted Zone: www.usmmaaa.com
Trusted Zone: www.weightwatchers.com
TCP: {96B0D052-CB4B-416D-8D0E-25CA7986CB77} = 192.168.1.1
TCP: {DE1A3451-D0CE-4B03-84C9-495B6C1FC483} = 192.168.1.1
c:\windows\Downloaded Program Files\AxCtp2.dll - O16 -: PackageCab
hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
c:\windows\Downloaded Program Files\OSD2EA.OSD
- c:\windows\Downloaded Program Files\ScriptX.inf
c:\windows\Downloaded Program Files\ContentCleanup3Proj1.ocx - O16 -: {234B7457-1A7E-4268-BA71-9936F0C78BEC}
hxxp://www.herman-street.com/d/Content_Cleanup/includes/ContentCleanup3Proj1.cab
O16 -: {84FBD09D-921E-460C-9652-ECDC8B4EE1B7} - hxxp://www.learnmate.com/downloads/LearnmateAgent.exe
c:\windows\Downloaded Program Files\WebconcentralLauncher.dll - O16 -: {980495B4-1CC6-40E5-8CBD-6F7A6E514691}
hxxp://login.webconcentral.com/code/xp-launcher/1.0.0.103/WebConCentral.cab
c:\windows\Downloaded Program Files\WebconcentralLauncher.inf
FF - ProfilePath - c:\documents and settings\Karl Johnson\Application Data\Mozilla\Firefox\Profiles\pmsm73fm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.esd.wa.gov/uibenefits/index.php|https://www.pongoresume.com/resumes....oginError=True
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 21:39:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3930235716-1587244406-413513056-1007\Software\Microsoft\SystemCertificates\Address Book*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-3930235716-1587244406-413513056-1007\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{1ADE22BC-7EAA-E3CC-7D14-B72CBB157271}*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"bbhedkdpajelkhdhpgahhnjegafhhfnihppm"=hex:6a,61,6 3,6a,65,69,64,63,65,6f,6e,65,\
6d,6f,68,69,6d,61,6e,67,00,dd
"abjdnaomaiimdgjbkddjplnbjhdddmldik"=hex:6a,61,63, 6a,6b,68,6e,62,63,67,64,66,\
64,6e,64,6e,66,65,6f,6e,00,cd
"iahedkdpajelkhdhpg"=hex:61,61,00,00
"hajdnaomaiimdgjb"=hex:61,61,00,00
"iaddlnokdpdpjjakcf"=hex:61,61,00,00
[HKEY_USERS\S-1-5-21-3930235716-1587244406-413513056-1007\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{8F121BBF-41D8-09F3-36EE-5451A2BB1468}*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abjfdflcfojjaalcnejmigijhcajjjgkmj"=hex:65,62,6a, 66,6f,68,70,66,6d,6f,6c,6f,\
6f,6f,6c,70,6d,67,6d,6d,65,63,70,67,62,62,67,70,6c ,69,63,64,6d,6a,6a,61,61,\
69,6e,6c,6f,65,00,00
"bbjfdflcfojjaalcneekhgpefobnppaldoen"=hex:61,62,6 1,66,69,6e,6b,65,69,6e,6a,67,\
61,69,6b,6d,63,6f,63,69,6c,61,6f,6a,6f,62,6f,62,67 ,6a,6e,66,66,62,00,61
[HKEY_USERS\S-1-5-21-3930235716-1587244406-413513056-1007\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{B94686AB-0D67-9E97-274C-8DC66158CDFE}*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"bbfadgjollbfnoanfdbdjnhgemfhdjopanea"=hex:6a,61,6 9,66,62,70,6f,6d,61,62,70,6c,\
68,62,6d,69,65,6d,67,69,00,00
"ablmjngdcafcdidgfebnopfjldoeccgbmh"=hex:6a,61,69, 66,62,70,6f,6d,61,62,70,6c,\
68,62,6d,69,65,6d,67,69,00,00
"iafadgjollbfnoanfd"=hex:61,61,00,01
"halmjngdcafcdidg"=hex:61,61,00,01
"iajpmbgkapcdffeelm"=hex:61,61,00,01
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4 B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af ,b0,29,a3,98,e6,0c,31,86,61,\
7e,ce,c8,e2,63,26,f1,3f,c8,ff,68,84,b3,c1,c6,f0,96 ,69,48,e2,63,26,f1,3f,c8,\
ff,68,c1,70,d0,bb,9d,50,b5,6a,c8,28,51,af,b0,29,a3 ,98,4c,4b,77,c5,fa,cf,bd,\
1a,2f,4d,77,56
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98 A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66 ,8b,46,0d,96,bc,07,e5,03,9b,\
e9,59,94,6a,9c,d6,61,af,45,84,18,88,85,1a,96,4a,2e ,0e,cd,6a,9c,d6,61,af,45,\
84,18,78,93,06,3a,b0,5b,54,8d,6a,9c,d6,61,af,45,84 ,18,5f,33,17,a7,f2,ec,53,\
ef,ec,cf,65,8f
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373F B-9CD8-4e47-B990-5A4466C16034}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e ,55,20,c9,26,de,04,27,b8,d9,\
6f,96,33,ff,7c,85,e0,43,d4,0e,fe,84,1c,be,43,55,9e ,9a,4e,ff,7c,85,e0,43,d4,\
0e,fe,74,62,f0,eb,0b,94,97,9d,7a,45,05,fd,91,e8,6f ,31,a9,20,b6,f2,3a,0f,b7,\
2a,64,f3,9e,f3
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CC D-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01 ,be,91,eb,e7,59,4f,10,5b,85,\
fd,df,49,86,8c,21,01,be,91,eb,e7,3d,96,10,38,46,3b ,1b,64,86,8c,21,01,be,91,\
eb,e7,fa,06,df,72,20,07,22,41,86,8c,21,01,be,91,eb ,e7,d7,61,ed,5e,66,7c,87,\
ef,8e,60,ef,a8
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F 9-A916-4339-B91B-DED8E83632C0}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73 ,a8,13,5c,05,a7,92,8c,b1,40,\
b2,64,31,f5,1d,4d,73,a8,13,5c,05,cb,40,91,1a,fe,84 ,36,51,f5,1d,4d,73,a8,13,\
5c,05,cb,96,c9,c2,2e,ba,d2,d0,f5,1d,4d,73,a8,13,5c ,05,4f,a9,b2,72,81,4e,41,\
72,c2,63,f1,7c
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E 8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62 ,78,6b,cf,c8,0d,61,a2,01,fd,\
cb,77,55,df,20,58,62,78,6b,cf,c8,12,71,37,56,29,3c ,ae,d8,df,20,58,62,78,6b,\
cf,c8,82,7f,2d,7d,d2,66,b8,0f,df,20,58,62,78,6b,cf ,c8,39,cb,9a,7e,50,65,90,\
b5,d2,90,aa,47
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a ,c7,f1,35,ee,2e,cd,1d,85,73,\
43,fa,63,fb,a7,78,e6,12,2f,9a,ea,10,f1,c3,36,a6,3e ,8f,78,fb,a7,78,e6,12,2f,\
9a,ea,6a,ba,16,26,8b,6f,de,96,31,77,e1,ba,b1,f8,68 ,02,e6,58,f3,62,07,d6,7b,\
ff,9d,77,e0,78
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654C A-EB84-4df9-915B-37E957082D6D}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc ,e8,04,4a,f1,70,77,12,9a,8a,\
f2,0b,aa,01,3a,48,fc,e8,04,4a,f1,0d,86,c0,72,33,30 ,6a,4d,01,3a,48,fc,e8,04,\
4a,f1,72,31,12,e2,a4,6f,ca,09,01,3a,48,fc,e8,04,4a ,f1,a7,f0,b2,aa,15,d4,24,\
b2,c1,82,5c,f4
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E 8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91 ,28,9e,14,cc,b3,a6,05,3f,85,\
fa,8c,cd,f6,0f,4e,58,98,5b,89,c9,bd,88,d1,9a,29,17 ,f1,37,f6,0f,4e,58,98,5b,\
89,c9,62,d0,e8,33,15,df,3c,32,f6,0f,4e,58,98,5b,89 ,c9,41,0a,ad,a5,24,15,cd,\
ce,91,a8,22,cf
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE 5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26 ,2d,45,aa,78,a0,fd,bb,26,c9,\
2e,c0,07,3d,ce,ea,26,2d,45,aa,78,c0,3a,23,f8,6a,44 ,25,fb,3d,ce,ea,26,2d,45,\
aa,78,5c,8b,87,24,d6,97,60,c7,3d,ce,ea,26,2d,45,aa ,78,79,60,cc,fd,f5,7e,81,\
6e,26,fa,3d,37
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02AD D-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5 ,b9,7f,41,e7,b9,9b,b6,17,34,\
7b,f9,3c,2a,b7,cc,b5,b9,7f,41,e7,55,04,2f,dd,5e,97 ,d2,6b,2a,b7,cc,b5,b9,7f,\
41,e7,23,d8,9d,c2,05,be,5d,10,f8,31,0f,a9,5f,a0,ec ,fb,d6,42,b3,ee,8a,0d,51,\
3e,1b,b3,f1,58
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE 2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e ,aa,22,2f,9c,b0,b4,95,4c,41,\
bf,ab,6a,6c,43,2d,1e,aa,22,2f,9c,ed,79,36,3d,c0,3d ,76,ae,6c,43,2d,1e,aa,22,\
2f,9c,ae,a1,ca,1f,5f,83,30,e3,fa,ea,66,7f,d4,3b,6b ,70,43,a0,49,e2,ec,80,26,\
8f,90,1f,6f,46
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment* NULL*]
"Licence"="01F0B9B-A54A-7221-4154-B912"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(728)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2009-01-07 21:45:29
ComboFix-quarantined-files.txt 2009-01-08 05:44:54
Pre-Run: 4,101,705,728 bytes free
Post-Run: 4,078,919,680 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect
458 --- E O F --- 2008-12-18 21:26:20
Reply With Quote