Solved Need help removing autorun.inf

[Resolved] Need help removing autorun.inf

I have a worm named autorun.inf that keeps appearing when I scan the computer with AVG. However, I cannot find it on the computer to delete it, nor can AVG remove it either. Can someone help please? Computer is running windows vista 32 bit with sp 1, and it is a HP m8300f with an AMD athlon 64 X2 Dual core processor 6000+ 3.00 GHZ and 3 GB of RAM. Thanks for your time and help.

 

HJT Logfile following previous post:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:40 PM, on 6/17/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Users\KishinX\GameSpot\GameSpotDownloadManager_Win32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\jusched.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\KishinX\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨Ã£¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! ¤u¨Ã£¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe "
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe "
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [isCfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = C:\Users\KishinX\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9323 bytes

 

Hi Tiny

It might be a good thing AVG can't remove that file. Being an HP machine, I would venture to say that autorun.inf file is on the Recovery partition and used by the system should you ever use the feature (restore the computer to factory delivered condition). Does AVG happen to tell you the location of the file?

 

yes, its on the C: drive.
the path name looks like this: C:\autorun.inf

 

Click Start and in the Start Search window, type or paste the following then hit enter.

notepad C:\autorun.inf

Copy the contents of the autorun.inf file and post it here.

 

[autorun]
shellexecute=Recycled\ctfmon.exe
shell\Open(&0)\command=Recycled\ctfmon.exe
shell=Open(&0)

 

Looks like AVG is right. Lets go after that file, and make sure it doesn't have friends hiding.

Download ComboFix by sUBs from here, saving the file to your desktop.


Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

ComboFix 08-06-16.5 - KishinX 2008-06-19 8:17:26.2 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.2186 [GMT -4:00]
Running from: C:\Users\KishinX\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
.

2008-06-17 21:31 . 2008-06-17 21:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-17 21:31 . 2007-11-27 22:51 35,216 --a------ C:\Windows\System32\drivers\TMPassthru.sys
2008-06-15 18:31 . 2008-04-23 00:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-15 18:31 . 2008-04-23 00:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-15 18:31 . 2008-04-23 00:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-15 18:31 . 2008-04-23 00:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-12 00:15 . 2008-04-24 22:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-12 00:15 . 2008-04-26 04:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-12 00:15 . 2008-04-25 00:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-12 00:15 . 2008-05-09 21:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-05-28 10:38 . 2008-06-19 08:00 <DIR> d-------- C:\Users\KishinX\AppData\Roaming\AVG7
2008-05-28 10:32 . 2008-05-28 10:32 <DIR> d-------- C:\Users\All Users\Grisoft
2008-05-28 10:32 . 2008-05-28 12:13 <DIR> d-------- C:\Users\All Users\avg7
2008-05-28 10:32 . 2008-05-28 10:32 <DIR> d-------- C:\ProgramData\Grisoft
2008-05-28 10:32 . 2008-05-28 12:13 <DIR> d-------- C:\ProgramData\avg7
2008-05-28 10:32 . 2008-05-28 10:32 53,768 --a------ C:\Windows\System32\drivers\avgwfp.sys
2008-05-28 10:32 . 2008-05-28 10:32 9,216 --a------ C:\Windows\System32\avgwlntf.dll
2008-05-28 10:30 . 2008-05-28 10:30 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-27 16:40 . 2008-03-07 22:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-27 16:40 . 2008-03-08 00:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-23 23:06 . 2007-11-14 15:18 553 --a------ C:\Windows\USetup.iss
2008-05-23 23:05 . 2008-05-23 23:05 <DIR> d-------- C:\Users\KishinX\AppData\Roaming\WinBatch
2008-05-23 23:05 . 2008-01-15 11:26 4,874,240 --a------ C:\Windows\RtHDVCpl.exe
2008-05-23 23:05 . 2008-01-15 19:19 2,047,576 --a------ C:\Windows\System32\drivers\RTKVHDA.sys
2008-05-23 23:05 . 2007-11-07 17:31 1,191,936 --a------ C:\Windows\RtlUpd.exe
2008-05-23 23:05 . 2008-01-09 18:52 636,416 --a------ C:\Windows\System32\RtkPgExt.dll
2008-05-23 23:05 . 2007-11-13 12:35 532,480 --a------ C:\Windows\System32\RTSndMgr.cpl
2008-05-22 14:35 . 2005-12-03 15:29 7,225,344 --a------ C:\Users\KishinX\Hero Editor.exe
2008-05-22 13:49 . 2008-05-23 17:18 43,520 --a------ C:\Windows\System32\CmdLineExt03.dll
2008-05-22 13:39 . 2008-05-22 13:39 94,208 --a------ C:\Windows\DIIUnin.exe
2008-05-22 13:39 . 2008-05-22 13:49 36,414 --a------ C:\Windows\DIIUnin.dat
2008-05-22 13:39 . 2008-05-22 13:39 2,829 --a------ C:\Windows\DIIUnin.pif
2008-05-22 13:22 . 2008-05-26 12:33 <DIR> d-------- C:\Program Files\Diablo II
2008-05-21 22:17 . 2008-05-21 22:17 <DIR> d-------- C:\Windows\solcache
2008-05-21 22:14 . 2008-05-21 22:14 <DIR> d-------- C:\SIERRA
2008-05-21 22:14 . 1998-01-23 12:22 304,128 --a------ C:\Windows\IsUninst.exe
2008-05-21 22:14 . 2008-05-21 22:17 265 --a------ C:\Windows\SIERRA.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 01:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-16 19:02 --------- d-----w C:\Users\KishinX\AppData\Roaming\LimeWire
2008-06-12 07:07 --------- d-----w C:\Program Files\Windows Mail
2008-05-28 07:08 351,783 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-05-27 03:02 --------- d-----w C:\ProgramData\Symantec
2008-05-24 03:21 --------- d-----w C:\Program Files\HP
2008-05-24 03:05 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-05-14 14:22 --------- d-----w C:\Program Files\iTunes
2008-05-14 14:22 --------- d-----w C:\Program Files\iPod
2008-05-14 14:21 --------- d-----w C:\Program Files\QuickTime
2008-05-14 14:15 --------- d-----w C:\Program Files\Apple Software Update
2008-05-10 14:36 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-07 20:46 --------- d-----w C:\Program Files\LimeWire
2008-05-06 18:59 89,770 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2008_05_06_13_05_59_small.dmp.zip
2008-05-03 16:42 --------- d-----w C:\ProgramData\NVIDIA
2008-05-03 16:39 174 --sha-w C:\Program Files\desktop.ini
2008-05-03 16:30 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-03 16:30 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-03 16:30 --------- d-----w C:\Program Files\Windows Journal
2008-05-03 16:30 --------- d-----w C:\Program Files\Windows Defender
2008-05-03 16:30 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-03 16:30 --------- d-----w C:\Program Files\Windows Calendar
2008-05-03 16:00 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-03 16:00 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-27 23:20 --------- d-----w C:\Users\KishinX\AppData\Roaming\Snapfish
2008-03-30 02:06 98,304 ----a-w C:\Windows\system32CmdLineExt.dll
2008-03-29 15:47 94,208 ----a-w C:\Windows\ScUnin.exe
2006-12-21 19:22 217,088 ----a-w C:\Program Files\PetroLauncher.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-18_22.51.15.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-18 13:55:05 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-19 11:30:36 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-19 02:50:39 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-19 12:21:37 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-19 12:21:37 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-18 13:55:12 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-19 11:45:36 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-18 13:55:12 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-19 11:45:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-18 13:55:12 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-19 11:45:36 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-18 01:24:40 262,200 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-06-19 11:30:38 264,354 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 09:51 316784 --a------ c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-01 18:08 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]
"Aim6 "=" " []
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\hp\support\hpsysdrv.exe" [2007-04-18 11:01 65536]
"KBD "= "C:\HP\KBD\KbdStub.EXE" [2006-12-08 12:16 65536]
"OsdMaestro "= "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 07:59 118784]
"RtHDVCpl "= "RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe]
"HP Health Check Scheduler "= "[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"SunJavaUpdateReg "= "C:\Windows\system32\jureg.exe" [2007-04-07 06:56 54936]
"ccApp "= "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"isCfgWiz "= "c:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" [2007-08-23 15:49 607624]
"avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37 79224]
"NvSvc "= "C:\Windows\system32\nvsvc.dll" [2007-12-26 18:34 86016]
"NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [2007-12-26 18:34 8530464]
"NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [2007-12-26 18:34 81920]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-05-29 14:26 579584]
"TMRUBottedTray "= "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2007-12-19 00:18 288088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM "= "C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 16:32 8699904]
"AVG7_Run "= "C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-05-28 10:32 219136]

C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk - C:\Users\KishinX\GameSpot\GameSpotDownloadManager_Win32.exe [2008-02-19 16:26:52 876544]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-05-07 14:35:56 1273856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-05-28 10:32 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp "= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify "=dword:00000001
"InternetSettingsDisableNotify "=dword:00000001
"AutoUpdateDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{513F49D9-DEC0-453D-B7A0-C65598DB05BC} "= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{9BA15A6E-4E0B-4D9F-8C79-53151AC4C090} "= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{193089D4-6C8D-4048-B95C-930BA4CF71C6} "= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4E5AAE45-E992-45C2-A01E-701B399C4711} "= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E618680C-E7E7-45A1-9C28-277EE3BF4A9C} "= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5A04FE40-8868-4EC3-8DA9-E19BFF50A414} "= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{817CAE7A-B2EC-4D37-B7C6-879FE7098451} "= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E345AEFD-FCD1-42DC-BD05-0FEE6C7FBFBB} "= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{752B202C-1EA7-431B-B8DB-7FD474879A5E} "= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{17C0F440-9E7F-4FC8-B207-F2378156CEEC} "= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B994FD89-3AB5-4635-9386-4E6C81049DBA} "= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8B2E6E8D-8A17-49D5-A683-206447C4F545} "= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{26C4278E-91EF-41E8-807E-0264F73E295C} "= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{BDDB5E89-53C2-496B-9F26-44FAEFA257B2} "= UDP:C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
"{A9FB4BB3-0C08-4A13-AE21-564C80E80170} "= TCP:C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
"{AC81D646-5E4B-48DC-A6A4-F866B56FAE46} "= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{206912AA-EE01-4D3C-BAC4-DD7B403AFB50} "= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{2117A30F-F243-4492-850B-306F126A0F72} "= Disabled:UDP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{09CDC58C-14CE-452D-BF04-8514755863CB} "= Disabled:TCP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{CDE1D5C8-6B75-43F3-9463-762E5A0635FD} "= UDP:C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:Star Wars(R): Empire at War(TM): Forces of Corruption(TM)
"{6B3BDF5A-6D24-4E49-9872-EF133CB6C42D} "= TCP:C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:Star Wars(R): Empire at War(TM): Forces of Corruption(TM)
"{2B657F2E-6F83-4A42-A3CE-501F8DF2EC9D} "= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire 4.16.6
"{2B7A7C27-3D37-4AA4-9CC7-3132372E28B0} "= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire 4.16.6
"{852CB0B5-9297-4BC3-900E-6315A2F38A49} "= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{49BF7E48-5A03-42F7-8EA3-CB5B71A52EC1} "= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe "= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 14:31]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080523.004\IDSvix86.sys [2008-02-13 12:18]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 14:32]
R2 LiveUpdate Notice;LiveUpdate Notice; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 RUBotted;Trend Micro RUBotted Service; "C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe" [2007-12-19 00:18]
R2 Viewpoint Manager Service;Viewpoint Manager Service; "C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-05-28 10:32]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2007-10-01 05:21]
R3 TMPassthruMP;TMPassthruMP;C:\Windows\system32\DRIVERS\TMPassthru.sys [2007-11-27 22:51]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 GameConsoleService;GameConsoleService; "C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-23 19:33]
S3 TMPassthru;Trend Micro Passthru Ndis Service;C:\Windows\system32\DRIVERS\TMPassthru.sys [2007-11-27 22:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74e06f34-db2e-11dc-88bb-806e6f6e6963}]
\shell\AutoRun\command - F:\SETUP.EXE

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-28 19:24:08 C:\Windows\Tasks\HPCeeScheduleForKishinX.job "
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 08:21:42
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-19 8:23:09
ComboFix-quarantined-files.txt 2008-06-19 12:22:45
ComboFix2.txt 2008-06-19 02:52:17

Pre-Run: 224,238,120,960 bytes free
Post-Run: 224,204,922,880 bytes free

221 --- E O F --- 2008-06-18 01:26:38

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:30 AM, on 6/19/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\hp\kbd\kbd.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\KishinX\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨Ã£¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! ¤u¨Ã£¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe "
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe "
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [isCfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe "
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = C:\Users\KishinX\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9083 bytes

 

Hmmm, it appears you ran ComboFix twice. I need to see the first log. It is located at C:\Qoobox\ComboFix2.txt

 

ComboFix 08-06-16.5 - KishinX 2008-06-18 22:48:15.1 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.1672 [GMT -4:00]
Running from: C:\Users\KishinX\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Windows\system32\jusched.exe
D:\Autorun.inf
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
.

2008-06-17 21:31 . 2008-06-17 21:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-17 21:31 . 2007-11-27 22:51 35,216 --a------ C:\Windows\System32\drivers\TMPassthru.sys
2008-06-15 18:31 . 2008-04-23 00:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-15 18:31 . 2008-04-23 00:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-15 18:31 . 2008-04-23 00:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-15 18:31 . 2008-04-23 00:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-12 00:15 . 2008-04-24 22:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-12 00:15 . 2008-04-26 04:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-12 00:15 . 2008-04-25 00:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-12 00:15 . 2008-05-09 21:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-05-28 10:38 . 2008-06-18 09:57 <DIR> d-------- C:\Users\KishinX\AppData\Roaming\AVG7
2008-05-28 10:32 . 2008-05-28 10:32 <DIR> d-------- C:\Users\All Users\Grisoft
2008-05-28 10:32 . 2008-05-28 12:13 <DIR> d-------- C:\Users\All Users\avg7
2008-05-28 10:32 . 2008-05-28 10:32 <DIR> d-------- C:\ProgramData\Grisoft
2008-05-28 10:32 . 2008-05-28 12:13 <DIR> d-------- C:\ProgramData\avg7
2008-05-28 10:32 . 2008-05-28 10:32 53,768 --a------ C:\Windows\System32\drivers\avgwfp.sys
2008-05-28 10:32 . 2008-05-28 10:32 9,216 --a------ C:\Windows\System32\avgwlntf.dll
2008-05-28 10:30 . 2008-05-28 10:30 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-27 16:40 . 2008-03-07 22:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-27 16:40 . 2008-03-08 00:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-23 23:06 . 2007-11-14 15:18 553 --a------ C:\Windows\USetup.iss
2008-05-23 23:05 . 2008-05-23 23:05 <DIR> d-------- C:\Users\KishinX\AppData\Roaming\WinBatch
2008-05-23 23:05 . 2008-01-15 11:26 4,874,240 --a------ C:\Windows\RtHDVCpl.exe
2008-05-23 23:05 . 2008-01-15 19:19 2,047,576 --a------ C:\Windows\System32\drivers\RTKVHDA.sys
2008-05-23 23:05 . 2007-11-07 17:31 1,191,936 --a------ C:\Windows\RtlUpd.exe
2008-05-23 23:05 . 2008-01-09 18:52 636,416 --a------ C:\Windows\System32\RtkPgExt.dll
2008-05-23 23:05 . 2007-11-13 12:35 532,480 --a------ C:\Windows\System32\RTSndMgr.cpl
2008-05-22 14:35 . 2005-12-03 15:29 7,225,344 --a------ C:\Users\KishinX\Hero Editor.exe
2008-05-22 13:49 . 2008-05-23 17:18 43,520 --a------ C:\Windows\System32\CmdLineExt03.dll
2008-05-22 13:39 . 2008-05-22 13:39 94,208 --a------ C:\Windows\DIIUnin.exe
2008-05-22 13:39 . 2008-05-22 13:49 36,414 --a------ C:\Windows\DIIUnin.dat
2008-05-22 13:39 . 2008-05-22 13:39 2,829 --a------ C:\Windows\DIIUnin.pif
2008-05-22 13:22 . 2008-05-26 12:33 <DIR> d-------- C:\Program Files\Diablo II
2008-05-21 22:17 . 2008-05-21 22:17 <DIR> d-------- C:\Windows\solcache
2008-05-21 22:14 . 2008-05-21 22:14 <DIR> d-------- C:\SIERRA
2008-05-21 22:14 . 1998-01-23 12:22 304,128 --a------ C:\Windows\IsUninst.exe
2008-05-21 22:14 . 2008-05-21 22:17 265 --a------ C:\Windows\SIERRA.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 01:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-16 19:02 --------- d-----w C:\Users\KishinX\AppData\Roaming\LimeWire
2008-06-12 07:07 --------- d-----w C:\Program Files\Windows Mail
2008-05-28 07:08 351,783 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-05-27 03:02 --------- d-----w C:\ProgramData\Symantec
2008-05-24 03:21 --------- d-----w C:\Program Files\HP
2008-05-24 03:05 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-05-14 14:22 --------- d-----w C:\Program Files\iTunes
2008-05-14 14:22 --------- d-----w C:\Program Files\iPod
2008-05-14 14:21 --------- d-----w C:\Program Files\QuickTime
2008-05-14 14:15 --------- d-----w C:\Program Files\Apple Software Update
2008-05-10 14:36 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-07 20:46 --------- d-----w C:\Program Files\LimeWire
2008-05-06 18:59 89,770 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2008_05_06_13_05_59_small.dmp.zip
2008-05-03 16:42 --------- d-----w C:\ProgramData\NVIDIA
2008-05-03 16:39 174 --sha-w C:\Program Files\desktop.ini
2008-05-03 16:30 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-03 16:30 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-03 16:30 --------- d-----w C:\Program Files\Windows Journal
2008-05-03 16:30 --------- d-----w C:\Program Files\Windows Defender
2008-05-03 16:30 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-03 16:30 --------- d-----w C:\Program Files\Windows Calendar
2008-05-03 16:00 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-03 16:00 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-27 23:20 --------- d-----w C:\Users\KishinX\AppData\Roaming\Snapfish
2008-03-30 02:06 98,304 ----a-w C:\Windows\system32CmdLineExt.dll
2008-03-29 15:47 94,208 ----a-w C:\Windows\ScUnin.exe
2006-12-21 19:22 217,088 ----a-w C:\Program Files\PetroLauncher.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 09:51 316784 --a------ c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-01 18:08 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]
"Aim6 "=" " []
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\hp\support\hpsysdrv.exe" [2007-04-18 11:01 65536]
"KBD "= "C:\HP\KBD\KbdStub.EXE" [2006-12-08 12:16 65536]
"OsdMaestro "= "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 07:59 118784]
"RtHDVCpl "= "RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe]
"HP Health Check Scheduler "= "[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"SunJavaUpdateReg "= "C:\Windows\system32\jureg.exe" [2007-04-07 06:56 54936]
"ccApp "= "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"isCfgWiz "= "c:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" [2007-08-23 15:49 607624]
"avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37 79224]
"NvSvc "= "C:\Windows\system32\nvsvc.dll" [2007-12-26 18:34 86016]
"NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [2007-12-26 18:34 8530464]
"NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [2007-12-26 18:34 81920]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-05-29 14:26 579584]
"TMRUBottedTray "= "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2007-12-19 00:18 288088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM "= "C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 16:32 8699904]
"AVG7_Run "= "C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-05-28 10:32 219136]

C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk - C:\Users\KishinX\GameSpot\GameSpotDownloadManager_Win32.exe [2008-02-19 16:26:52 876544]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-05-07 14:35:56 1273856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-05-28 10:32 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp "= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify "=dword:00000001
"InternetSettingsDisableNotify "=dword:00000001
"AutoUpdateDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{513F49D9-DEC0-453D-B7A0-C65598DB05BC} "= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{9BA15A6E-4E0B-4D9F-8C79-53151AC4C090} "= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{193089D4-6C8D-4048-B95C-930BA4CF71C6} "= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4E5AAE45-E992-45C2-A01E-701B399C4711} "= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E618680C-E7E7-45A1-9C28-277EE3BF4A9C} "= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5A04FE40-8868-4EC3-8DA9-E19BFF50A414} "= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{817CAE7A-B2EC-4D37-B7C6-879FE7098451} "= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E345AEFD-FCD1-42DC-BD05-0FEE6C7FBFBB} "= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{752B202C-1EA7-431B-B8DB-7FD474879A5E} "= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{17C0F440-9E7F-4FC8-B207-F2378156CEEC} "= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B994FD89-3AB5-4635-9386-4E6C81049DBA} "= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8B2E6E8D-8A17-49D5-A683-206447C4F545} "= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{26C4278E-91EF-41E8-807E-0264F73E295C} "= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{BDDB5E89-53C2-496B-9F26-44FAEFA257B2} "= UDP:C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
"{A9FB4BB3-0C08-4A13-AE21-564C80E80170} "= TCP:C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
"{AC81D646-5E4B-48DC-A6A4-F866B56FAE46} "= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{206912AA-EE01-4D3C-BAC4-DD7B403AFB50} "= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{2117A30F-F243-4492-850B-306F126A0F72} "= Disabled:UDP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{09CDC58C-14CE-452D-BF04-8514755863CB} "= Disabled:TCP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{CDE1D5C8-6B75-43F3-9463-762E5A0635FD} "= UDP:C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:Star Wars(R): Empire at War(TM): Forces of Corruption(TM)
"{6B3BDF5A-6D24-4E49-9872-EF133CB6C42D} "= TCP:C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:Star Wars(R): Empire at War(TM): Forces of Corruption(TM)
"{2B657F2E-6F83-4A42-A3CE-501F8DF2EC9D} "= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire 4.16.6
"{2B7A7C27-3D37-4AA4-9CC7-3132372E28B0} "= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire 4.16.6
"{852CB0B5-9297-4BC3-900E-6315A2F38A49} "= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{49BF7E48-5A03-42F7-8EA3-CB5B71A52EC1} "= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe "= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 14:31]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080523.004\IDSvix86.sys [2008-02-13 12:18]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 14:32]
R2 LiveUpdate Notice;LiveUpdate Notice; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 RUBotted;Trend Micro RUBotted Service; "C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe" [2007-12-19 00:18]
R2 Viewpoint Manager Service;Viewpoint Manager Service; "C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-05-28 10:32]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2007-10-01 05:21]
R3 TMPassthruMP;TMPassthruMP;C:\Windows\system32\DRIVERS\TMPassthru.sys [2007-11-27 22:51]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 GameConsoleService;GameConsoleService; "C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-23 19:33]
S3 TMPassthru;Trend Micro Passthru Ndis Service;C:\Windows\system32\DRIVERS\TMPassthru.sys [2007-11-27 22:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74e06f34-db2e-11dc-88bb-806e6f6e6963}]
\shell\AutoRun\command - F:\SETUP.EXE

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-28 19:24:08 C:\Windows\Tasks\HPCeeScheduleForKishinX.job "
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 22:50:46
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-18 22:52:16
ComboFix-quarantined-files.txt 2008-06-19 02:51:53

Pre-Run: 223,933,591,552 bytes free
Post-Run: 224,008,114,176 bytes free

212 --- E O F --- 2008-06-18 01:26:38

 

That's what I wanted to see

Click Start and in the Start Search window, type or paste the following then hit enter to uninstall ComboFix.

ComboFix /u

Now go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC now button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Select the appropriate Yes or No to receiving marketing information
• Click the Free Online Scan button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the ActiveScan report.

 

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-06-20 08:50:28
PROTECTIONS: 3
MALWARE: 38
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG 7.5.524 7.5.524 Yes Yes
avast! antivirus 4.8.1169 [VPS 080527-1] 4.8.1169 No No
Norton Internet Security 15.0.0.60 Yes No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@trafficmp[2].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\kishinx@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@casalemedia[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\kishinx@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\kishinx@atdmt[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.247realmedia.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\kishinx@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\kishinx@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\kishinx@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.mediaplex.com/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.revenue.net/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.com.com/]
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[landing.domainsponsor.com/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.toplist.cz/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.statcounter.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@counter.hitslink[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\kishinx@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\kishinx@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.burstnet.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\kishinx@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\kishinx@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@bs.serving-sys[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[www.burstbeacon.com/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.adtech.de/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@server.iad.liveperson[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\kishinx@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.advertising.com/]
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@media.adrevolver[3].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\kishinx@media.adrevolver[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@statse.webtrendslive[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\kishinx@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\kishinx@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@zedo[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\kishinx@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@bluestreak[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.bluestreak.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@adrevolver[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\kishinx@adrevolver[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.adrevolver.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[searchportal.information.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@target[1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@did-it[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Mozilla\Firefox\Profiles\rde73ive.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@atwola[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\kishinx@atwola[1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Users\KishinX\AppData\Roaming\Microsoft\Windows\Cookies\Low\kishinx@ads.addynamix[1].txt
01176994 Bck/VB.XB Virus/Trojan No 0 Yes No C:\ComboFix\NirCmdC.cfexe
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Users\KishinX\AppData\Local\Mozilla\Firefox\Profiles\rde73ive.default\Cache\C2152591d01[327882R2FWJFW\NirCmdC.cfexe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location �� 8��
3

;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description �� 8��
3

;===================================================================================================================================================================================
;===================================================================================================================================================================================

 

Download ATF Cleaner by Atribune and save it to your Desktop.

• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Cookies
  • Java Cache
  • Recycle bin
• Finally, click Empty Selected.
• When you get the "Done Cleaning" message, click OK then select the Firefox tab
• Select everything then click Empty Selected
• When you get the "Done Cleaning" message, click OK then exit.

Reboot

That should wrap things up. Any other issues?

 

Thanks. Yes actually, just on another computer. This computer from time to time will randomly lock up. It also comes out of sleep mode on its own. The computer is a Dell Dimension 8400 Pentium 4 560 3.6GHz, 512MB RAM, 80GB HDD, Windows XP media Center Edition. Thanks again!

 

TinyTuba,
Mom here, just noticed that you are still running avg7.5, version 8.0 is available, don't know if it will make a difference but updating is always a good idea I think.

 

thanks

 

Probably better off starting a topic for that machine in the XP forum. I'll mark this one resolved.