Solved Slow startup, slow internet general sluggishness

[Resolved] Slow startup, slow internet general sluggishness

Have run mbam, reports nothing. Ran combo fix, have not done anything but save the log. Spybot reports nothing. Have AVG running, no reports except tracking cookies.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/9/2006 8:43:12 PM
System Uptime: 10/23/2009 10:49:09 AM (1 hours ago)

Motherboard: First International Computer, Inc. | | K8MC51G
Processor: AMD Sempron(tm) Processor 3300+ | Socket 940 | 2009/201mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 13.924 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 2.716 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 38 GiB total, 34.831 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP946: 7/25/2009 3:26:24 PM - System Checkpoint
RP947: 7/27/2009 8:43:05 AM - System Checkpoint
RP948: 7/28/2009 10:25:09 AM - System Checkpoint
RP949: 7/30/2009 10:16:24 AM - System Checkpoint
RP950: 7/30/2009 11:00:40 PM - Software Distribution Service 3.0
RP951: 7/31/2009 7:58:34 PM - Installed EPSON Print CD
RP952: 8/1/2009 9:20:48 AM - Removed EPSON Stylus CX8400 Series Scanner Driver Update
RP953: 8/1/2009 9:23:54 AM - Removed Napster Burn Engine
RP954: 8/1/2009 9:24:14 AM - Removed Napster
RP955: 8/1/2009 9:26:52 AM - Removed SP2200 EnhancedMatte Premium ICC Profiles
RP956: 8/1/2009 9:27:14 AM - Removed SP2200 VelvetFineArt Premium ICC Profiles
RP957: 8/1/2009 9:27:30 AM - Removed SP2200 Wtrclr-RW Premium ICC Profiles
RP958: 8/1/2009 9:30:18 AM - Removed MobileMe Control Panel
RP959: 8/1/2009 9:34:51 AM - Removed Apple Mobile Device Support
RP960: 8/4/2009 3:43:52 PM - System Checkpoint
RP961: 8/5/2009 6:23:34 PM - System Checkpoint
RP962: 8/6/2009 7:04:33 PM - System Checkpoint
RP963: 8/7/2009 7:05:02 PM - System Checkpoint
RP964: 8/10/2009 8:53:34 AM - System Checkpoint
RP965: 8/11/2009 10:21:27 AM - System Checkpoint
RP966: 8/12/2009 10:38:59 AM - System Checkpoint
RP967: 8/12/2009 7:21:49 PM - Software Distribution Service 3.0
RP968: 8/13/2009 7:59:13 PM - System Checkpoint
RP969: 8/15/2009 9:03:15 AM - System Checkpoint
RP970: 8/16/2009 6:29:01 PM - System Checkpoint
RP971: 8/16/2009 6:57:49 PM - Software Distribution Service 3.0
RP972: 8/19/2009 10:25:11 AM - System Checkpoint
RP973: 8/20/2009 12:42:02 PM - System Checkpoint
RP974: 8/21/2009 12:54:29 PM - System Checkpoint
RP975: 8/22/2009 3:09:31 PM - System Checkpoint
RP976: 8/24/2009 9:21:39 AM - System Checkpoint
RP977: 8/26/2009 10:05:12 AM - System Checkpoint
RP978: 8/26/2009 6:50:23 PM - Software Distribution Service 3.0
RP979: 8/27/2009 6:51:15 PM - System Checkpoint
RP980: 8/28/2009 9:01:02 AM - Avg8 Update
RP981: 8/28/2009 9:04:44 AM - Avg8 Update
RP982: 8/29/2009 10:38:49 AM - System Checkpoint
RP983: 8/31/2009 10:11:50 AM - System Checkpoint
RP984: 9/1/2009 5:16:03 PM - System Checkpoint
RP985: 9/2/2009 6:23:33 PM - System Checkpoint
RP986: 9/3/2009 7:03:19 PM - System Checkpoint
RP987: 9/4/2009 7:11:35 PM - System Checkpoint
RP988: 9/6/2009 4:35:00 PM - System Checkpoint
RP989: 9/7/2009 5:23:22 PM - System Checkpoint
RP990: 9/8/2009 5:52:31 PM - System Checkpoint
RP991: 9/9/2009 6:03:47 PM - System Checkpoint
RP992: 9/9/2009 7:13:07 PM - Software Distribution Service 3.0
RP993: 9/10/2009 7:41:24 PM - System Checkpoint
RP994: 9/10/2009 9:15:43 PM - Removed Logitech Desktop Messenger
RP995: 9/10/2009 9:24:26 PM - Installed Windows XP Wdf01005.
RP996: 9/12/2009 10:31:01 AM - System Checkpoint
RP997: 9/14/2009 10:27:44 AM - System Checkpoint
RP998: 9/15/2009 5:49:24 PM - System Checkpoint
RP999: 9/16/2009 11:43:22 AM - Logitech SetPoint Mouse and Keyboard Device Drivers
RP1000: 9/17/2009 12:03:39 PM - System Checkpoint
RP1001: 9/18/2009 12:14:54 PM - System Checkpoint
RP1002: 9/19/2009 12:48:28 PM - System Checkpoint
RP1003: 9/19/2009 7:09:32 PM - Software Distribution Service 3.0
RP1004: 9/21/2009 3:51:39 PM - System Checkpoint
RP1005: 9/22/2009 4:18:23 PM - System Checkpoint
RP1006: 9/24/2009 10:47:56 AM - System Checkpoint
RP1007: 9/25/2009 11:12:49 AM - System Checkpoint
RP1008: 9/26/2009 12:52:22 PM - System Checkpoint
RP1009: 9/28/2009 3:24:52 PM - System Checkpoint
RP1010: 9/29/2009 5:19:10 PM - System Checkpoint
RP1011: 9/30/2009 6:23:01 PM - System Checkpoint
RP1012: 10/1/2009 7:11:24 PM - System Checkpoint
RP1013: 10/2/2009 7:50:11 PM - System Checkpoint
RP1014: 10/4/2009 3:36:33 PM - System Checkpoint
RP1015: 10/5/2009 10:38:21 AM - Avg8 Update
RP1016: 10/5/2009 10:40:13 AM - Avg8 Update
RP1017: 10/8/2009 1:11:03 PM - Avg8 Update
RP1018: 10/10/2009 9:31:03 AM - System Checkpoint
RP1019: 10/11/2009 5:36:07 PM - System Checkpoint
RP1020: 10/14/2009 5:27:35 PM - Software Distribution Service 3.0
RP1021: 10/17/2009 9:24:37 AM - Avg8 Update
RP1022: 10/18/2009 5:08:42 PM - System Checkpoint
RP1023: 10/19/2009 5:55:27 PM - System Checkpoint
RP1024: 10/21/2009 10:41:21 AM - System Checkpoint
RP1025: 10/21/2009 1:34:30 PM - Installed Wireless Lan 11n PCI Adapter
RP1026: 10/21/2009 1:49:03 PM - Configured Belkin Wireless Utility
RP1027: 10/22/2009 11:33:10 AM - Avg8 Update
RP1028: 10/22/2009 10:30:38 PM - Removed iTunes
RP1029: 10/23/2009 9:03:05 AM - Installed iTunes

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Photoshop CS
Adobe Photoshop Lightroom 2
Adobe Reader 8.1.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 6
ArcSoft PhotoStudio 5.5
AVG 8.5
BigFix
Bonjour
BookSmartâ„¢ 1.9.9 1.9.9
Canon CanoScan 4400F User Registration
Canon CanoScan Toolbox 5.0
CanoScan 4400F
CDDRV_Installer
CoffeeCup Free HTML Editor
Critical Update for Windows Media Player 11 (KB959772)
Digital Media Reader
Dynamic-Photo HDR Trial 3.37
EPSON EPIC
EPSON Print CD
EPSON Printer Software
EPSON R2880 Reference Guide
EPSON Web-To-Page
erLT
Fonts
FREE Hi-Q Recorder 1.92
Google Earth
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
iTunes
J2SE Runtime Environment 5.0 Update 2
KeyScrambler
KhalInstallWrapper
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.5.3)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Netscape (7.2)
NVIDIA Drivers
Photo Finale Viewer
Picasa 3
PowerDVD
Presto! PageManager 7.15.13
QuickTime
RealPlayer
Realtek AC'97 Audio
Recovery Software Suite eMachines
ScanSoft OmniPage SE 4.0
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Soft Data Fax Modem with SmartCP
Sony Picture Utility
Sony USB Driver
Spybot - Search & Destroy
Spyder2
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live installer
Windows Live Mail
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip
Wireless Lan 11n PCI Adapter
XstreamRadio 3.02

==== Event Viewer Messages From Past Week ========

10/23/2009 10:33:22 AM, error: Service Control Manager [7000] - The 802.11n USB Wireless LAN Card Service service failed to start due to the following error: The pipe state is invalid.
10/23/2009 10:32:56 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
10/23/2009 10:32:55 AM, error: Service Control Manager [7031] - The 802.11n USB Wireless LAN Card Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
10/22/2009 10:32:16 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
10/21/2009 10:57:47 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0011506F73FA. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
10/21/2009 1:26:57 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
10/21/2009 1:01:49 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
10/18/2009 3:14:23 PM, error: Service Control Manager [7000] - The Lexmark X73 MFP Scanner service failed to start due to the following error: The system cannot find the file specified.
10/18/2009 3:14:20 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0011506F73FA. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
10/17/2009 9:27:03 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
10/17/2009 9:27:03 AM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/17/2009 9:26:50 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments " " in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
10/17/2009 9:22:55 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

==== End Of File ===========================

DDS (Ver_09-10-13.01) - NTFSx86
Run by Owner at 11:06:09.30 on Fri 10/23/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.32 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Wireless Lan 11n PCI\WLService.exe
C:\Program Files\Wireless Lan 11n PCI\WLanCfgG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: CKeyScramblerBHO Object: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\3\printray.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
StartupFolder: c:\documents and settings\owner\start menu\programs\startup\PowerReg SchedulerV2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\colorv~1.lnk - c:\program files\pantone colorvision\startup\ColorVisionStartup.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {7A0815F1-6B65-4e3a-B198-709807B4042A} - {1EC035CE-090E-4AF7-B6DF-AD11C2F0F9C9} - c:\program files\xstreamradio 3.02\RadioHelper.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\spnujgg3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\google updater\1.4.697.28342\npCIDetect7.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-8 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-8 108552]
R2 802.11n USB Wireless LAN Card Service;802.11n USB Wireless LAN Card Service;c:\program files\wireless lan 11n pci\WLService.exe [2009-10-21 49152]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-4 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-4 297752]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2007-3-9 112992]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2009-10-21 528640]
S3 BLKWGD;Belkin Wireless G Desktop Card Service;c:\windows\system32\drivers\blkwgd.sys --> c:\windows\system32\drivers\BLKWGD.sys [?]
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [2004-4-21 16384]

=============== Created Last 30 ================

2009-10-23 10:57 <DIR> --d----- c:\program files\Trend Micro
2009-10-23 10:31 <DIR> a-dshr-- C:\cmdcons
2009-10-23 10:29 236,544 a------- c:\windows\PEV.exe
2009-10-23 10:29 161,792 a------- c:\windows\SWREG.exe
2009-10-23 10:29 98,816 a------- c:\windows\sed.exe
2009-10-23 09:04 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-10-23 09:03 <DIR> --d----- c:\program files\iPod
2009-10-23 09:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-21 14:00 <DIR> --dsh--- c:\documents and settings\owner\IECompatCache
2009-10-21 13:55 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-10-21 13:55 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-21 13:55 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-21 13:55 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-21 13:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-21 13:34 528,640 a------- c:\windows\system32\drivers\rt2860.sys
2009-10-21 13:34 94,208 a------- c:\windows\system32\GTW32N50.dll
2009-10-21 13:34 31,930 a------- c:\windows\system32\GTNDIS3.VXD
2009-10-21 13:34 15,872 a------- c:\windows\system32\GTNDIS5.sys
2009-10-21 13:34 <DIR> --d----- c:\program files\Wireless Lan 11n PCI
2009-09-30 09:21 <DIR> --d----- c:\program files\common files\xing shared

==================== Find3M ====================

2009-10-21 13:35 21,419 a------- c:\windows\system32\drivers\AegisP.sys
2009-09-30 09:20 499,712 a------- c:\windows\system32\msvcp71.dll
2009-09-30 09:20 348,160 a------- c:\windows\system32\msvcr71.dll
2009-09-11 10:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-10 21:24 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-09-10 21:24 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-09-10 21:24 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-09-04 17:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 04:08 916,480 -------- c:\windows\system32\wininet.dll
2009-08-28 09:04 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-28 09:04 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-26 04:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-20 15:09 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\ntoskrnl.exe
2009-08-04 10:20 2,066,048 -------- c:\windows\system32\ntkrnlpa.exe
2008-12-18 18:54 0 a------- c:\docume~1\owner\applic~1\wklnhst.dat
2008-10-01 11:47 33,040 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2001-07-26 17:58 47 a------- c:\program files\ACMonitor_X73.ini
2001-07-05 13:46 8,116 a------- c:\program files\OSLO3071b2.USB
2001-05-11 11:39 53,248 a------- c:\program files\ACMonitor_X73.exe
2001-05-08 16:36 114,688 a------- c:\program files\lxarscan.dll
2001-04-23 15:22 1,437 a------- c:\program files\gtx73.ini
2001-02-22 10:54 768 a------- c:\program files\x73_lut.dat
2008-08-06 09:54 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080620080807\index.dat

============= FINISH: 11:07:26.50 ===============

 

combofix Log

Just re downloaded Combofix as I realized it was not downloaded to the desktop as per instructions.

ComboFix 09-10-23.01 - Owner 10/24/2009 9:02.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.200 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))
.

2100-02-23 19:35 . 2001-02-22 14:54 768 ----a-w- c:\program files\x73_lut.dat
2100-02-08 20:03 . 2001-05-11 15:39 53248 ----a-w- c:\program files\ACMonitor_X73.exe
2009-10-24 01:23 . 2009-10-24 01:23 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\eMusic
2009-10-24 01:23 . 2009-10-24 01:23 -------- d-----w- c:\documents and settings\Owner\Application Data\eMusic
2009-10-24 01:23 . 2009-10-24 01:23 -------- d-----w- c:\program files\eMusic Download Manager
2009-10-23 19:55 . 2009-10-23 20:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Winamp
2009-10-23 19:55 . 2009-10-23 19:56 -------- d-----w- c:\program files\Winamp
2009-10-23 14:57 . 2009-10-23 14:57 -------- d-----w- c:\program files\Trend Micro
2009-10-23 13:04 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-23 13:03 . 2009-10-23 13:03 -------- d-----w- c:\program files\iPod
2009-10-23 13:03 . 2009-10-23 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-23 13:00 . 2009-10-23 13:01 -------- d-----w- c:\program files\QuickTime
2009-10-23 12:58 . 2009-10-23 13:03 -------- d-----w- c:\program files\Common Files\Apple
2009-10-21 18:00 . 2009-10-21 18:00 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-10-21 17:55 . 2009-10-21 17:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-10-21 17:55 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-21 17:55 . 2009-10-21 17:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-21 17:55 . 2009-10-21 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-21 17:55 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 17:34 . 2007-05-07 14:30 528640 ----a-w- c:\windows\system32\drivers\rt2860.sys
2009-10-21 17:34 . 2003-10-14 10:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2009-10-21 17:34 . 2003-09-26 17:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2009-10-21 17:34 . 2009-10-21 17:35 -------- d-----w- c:\program files\Wireless Lan 11n PCI
2009-09-30 13:21 . 2009-09-30 13:21 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-30 13:20 . 2009-09-30 13:20 -------- d-----w- c:\program files\real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 19:08 . 2006-02-23 18:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-10-23 13:04 . 2009-06-29 18:57 -------- d-----w- c:\program files\iTunes
2009-10-21 17:50 . 2005-12-07 22:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-21 17:35 . 2006-02-23 17:26 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-10-18 20:15 . 2008-11-18 15:09 0 ----a-w- c:\documents and settings\Jerry\Local Settings\Application Data\prvlcl.dat
2009-10-01 20:12 . 2006-02-23 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-30 23:22 . 2006-02-23 18:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-30 13:21 . 2005-12-07 22:42 -------- d-----w- c:\program files\Common Files\Real
2009-09-30 13:20 . 2003-08-13 01:17 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-30 13:20 . 2003-08-13 01:17 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-16 15:48 . 2009-09-16 15:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Logitech
2009-09-16 15:46 . 2009-09-16 15:46 53248 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2009-09-16 15:46 . 2009-09-16 15:42 -------- d-----w- c:\program files\Common Files\Logishrd
2009-09-16 15:42 . 2009-09-16 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-09-16 15:41 . 2009-09-16 15:41 -------- d-----w- c:\program files\Logitech
2009-09-16 15:41 . 2009-09-16 15:41 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield
2009-09-11 14:18 . 2004-08-26 16:12 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 01:24 . 2009-09-11 01:24 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-09-11 01:24 . 2009-09-11 01:24 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-09-11 01:24 . 2009-09-11 01:24 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-09-04 21:03 . 2004-08-26 16:12 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-26 16:12 916480 ------w- c:\windows\system32\wininet.dll
2009-08-28 13:04 . 2008-06-09 00:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-28 13:04 . 2008-06-09 00:10 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 13:04 . 2006-11-05 14:34 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-26 08:00 . 2004-08-26 16:12 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 19:09 . 2009-08-20 19:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:01 . 2004-08-26 16:12 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44 . 2004-08-26 16:12 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-04 05:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2001-07-26 21:58 . 2000-01-11 17:50 47 ----a-w- c:\program files\ACMonitor_X73.ini
2001-07-05 17:46 . 2001-07-20 15:48 8116 ----a-w- c:\program files\OSLO3071b2.USB
2001-05-08 20:36 . 2000-12-05 19:56 114688 ----a-w- c:\program files\lxarscan.dll
2001-04-23 19:22 . 2100-02-08 20:53 1437 ----a-w- c:\program files\gtx73.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-10-23_14.41.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-01 22:47 . 2009-04-28 20:20 96752 c:\windows\system32\vxblock.dll
+ 2009-02-01 22:47 . 2009-04-28 20:20 66032 c:\windows\system32\pxinsa64.exe
- 2009-02-01 22:47 . 2008-07-09 10:05 72176 c:\windows\system32\pxhpinst.exe
+ 2009-02-01 22:47 . 2009-04-28 20:20 72176 c:\windows\system32\pxhpinst.exe
+ 2009-02-01 22:47 . 2009-04-28 20:20 66544 c:\windows\system32\pxcpya64.exe
+ 2008-11-20 19:19 . 2009-04-28 20:20 44944 c:\windows\system32\drivers\pxhelp20.sys
+ 2009-02-01 22:47 . 2009-04-28 20:20 436720 c:\windows\system32\pxwave.dll
+ 2009-02-01 22:47 . 2009-04-28 20:20 219632 c:\windows\system32\pxmas.dll
+ 2009-02-01 22:47 . 2009-04-28 20:20 551408 c:\windows\system32\pxdrv.dll
- 2009-02-01 22:32 . 2008-07-09 10:05 129520 c:\windows\system32\pxafs.dll
+ 2009-02-01 22:32 . 2009-04-28 20:20 129520 c:\windows\system32\pxafs.dll
+ 2009-02-01 22:47 . 2009-04-28 20:20 670192 c:\windows\system32\px.dll
+ 2009-02-01 22:47 . 2009-04-28 20:20 1858032 c:\windows\system32\pxsfs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C} "= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 68856]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM "= "c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Reminder "= "c:\windows\Creator\Remind_XP.exe" [2005-03-15 966656]
"PrinTray "= "c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [BU]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-30 198160]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Logitech Hardware Abstraction Layer "= "KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
PowerReg SchedulerV2.exe [2009-5-17 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ColorVisionStartup.lnk - c:\program files\PANTONE COLORVISION\Startup\ColorVisionStartup.exe [2004-12-21 385024]
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2009-5-17 136192]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-9-16 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 13:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\system32\\mmc.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\StubInstaller.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/8/2008 8:10 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/8/2008 8:10 PM 108552]
R2 802.11n USB Wireless LAN Card Service;802.11n USB Wireless LAN Card Service;c:\program files\Wireless Lan 11n PCI\WLService.exe [10/21/2009 1:34 PM 49152]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/4/2008 9:46 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/4/2008 9:46 AM 297752]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [3/9/2007 7:31 PM 112992]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [10/21/2009 1:34 PM 528640]
S3 BLKWGD;Belkin Wireless G Desktop Card Service;c:\windows\system32\DRIVERS\BLKWGD.sys --> c:\windows\system32\DRIVERS\BLKWGD.sys [?]
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [4/21/2004 6:51 PM 16384]
.
Contents of the 'Scheduled Tasks' folder

2009-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2006-02-10 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]

2006-02-23 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2006-03-09 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7A0815F1-6B65-4e3a-B198-709807B4042A} - {1EC035CE-090E-4AF7-B6DF-AD11C2F0F9C9} - c:\program files\XstreamRadio 3.02\RadioHelper.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\spnujgg3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: c:\program files\Google\Google Updater\1.4.697.28342\npCIDetect7.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-24 09:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3200)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-24 9:14
ComboFix-quarantined-files.txt 2009-10-24 13:13
ComboFix2.txt 2009-10-23 14:45

Pre-Run: 14,533,332,992 bytes free
Post-Run: 14,487,543,808 bytes free

- - End Of File - - 7257973A91CEFD322197810FF88715B8

 

hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:09 AM, on 10/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Wireless Lan 11n PCI\WLanCfgG.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src "); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\sf0kuvfw.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\PANTONE COLORVISION\Startup\ColorVisionStartup.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: 802.11n USB Wireless LAN Card Service - Unknown owner - C:\Program Files\Wireless Lan 11n PCI\WLService.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O24 - Desktop Component 0: (no name) - http://newsimg.bbc.co.uk/shared/img/o.gif

--
End of file - 9906 bytes

 

File x73_lut.dat received on 2009.10.24 20:18:04 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/39 (0%)
File ACMonitor_X73.exe received on 2009.10.03 09:48:52 (UTC)
Current status: finished
Result: 1/41 (2.44%) McAfee-GW-Edition 6.8.5 2009.10.03 Heuristic.BehavesLike.Win32.Trojan.L

File ACMonitor_X73.ini received on 2009.10.24 20:27:02 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)

File OSLO3071b2.USB received on 2009.03.29 19:38:45 (UTC)
Current status: finished
Result: 0/39 (0.00%)

File 3ED2A943006C7A33C042010C70DAC900BF2A2EE2.dll received on 2009.06.29 03:27:13 (UTC)
Current status: finished
Result: 0/41 (0.00%)

File gtx73.ini received on 2009.08.27 22:57:50 (UTC)
Current status: finished
Result: 0/41 (0.00%)

 

ComboFix 09-10-23.01 - Owner 10/24/2009 16:37.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1290 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\Jerry\Local Settings\Application Data\prvlcl.dat "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jerry\Local Settings\Application Data\prvlcl.dat

.
((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))
.

2100-02-23 19:35 . 2001-02-22 14:54 768 ----a-w- c:\program files\x73_lut.dat
2100-02-08 20:03 . 2001-05-11 15:39 53248 ----a-w- c:\program files\ACMonitor_X73.exe
2009-10-24 01:23 . 2009-10-24 01:23 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\eMusic
2009-10-24 01:23 . 2009-10-24 01:23 -------- d-----w- c:\documents and settings\Owner\Application Data\eMusic
2009-10-24 01:23 . 2009-10-24 01:23 -------- d-----w- c:\program files\eMusic Download Manager
2009-10-23 19:55 . 2009-10-23 20:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Winamp
2009-10-23 19:55 . 2009-10-23 19:56 -------- d-----w- c:\program files\Winamp
2009-10-23 14:57 . 2009-10-23 14:57 -------- d-----w- c:\program files\Trend Micro
2009-10-23 13:04 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-23 13:03 . 2009-10-23 13:03 -------- d-----w- c:\program files\iPod
2009-10-23 13:03 . 2009-10-23 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-23 13:00 . 2009-10-23 13:01 -------- d-----w- c:\program files\QuickTime
2009-10-23 12:58 . 2009-10-23 13:03 -------- d-----w- c:\program files\Common Files\Apple
2009-10-21 18:00 . 2009-10-21 18:00 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-10-21 17:55 . 2009-10-21 17:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-10-21 17:55 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-21 17:55 . 2009-10-21 17:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-21 17:55 . 2009-10-21 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-21 17:55 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 17:34 . 2007-05-07 14:30 528640 ----a-w- c:\windows\system32\drivers\rt2860.sys
2009-10-21 17:34 . 2003-10-14 10:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2009-10-21 17:34 . 2003-09-26 17:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2009-10-21 17:34 . 2009-10-21 17:35 -------- d-----w- c:\program files\Wireless Lan 11n PCI
2009-09-30 13:21 . 2009-09-30 13:21 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-30 13:20 . 2009-09-30 13:20 -------- d-----w- c:\program files\real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 19:08 . 2006-02-23 18:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-10-23 13:04 . 2009-06-29 18:57 -------- d-----w- c:\program files\iTunes
2009-10-21 17:50 . 2005-12-07 22:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-21 17:35 . 2006-02-23 17:26 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-10-01 20:12 . 2006-02-23 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-30 23:22 . 2006-02-23 18:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-30 13:21 . 2005-12-07 22:42 -------- d-----w- c:\program files\Common Files\Real
2009-09-30 13:20 . 2003-08-13 01:17 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-30 13:20 . 2003-08-13 01:17 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-16 15:48 . 2009-09-16 15:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Logitech
2009-09-16 15:46 . 2009-09-16 15:46 53248 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2009-09-16 15:46 . 2009-09-16 15:42 -------- d-----w- c:\program files\Common Files\Logishrd
2009-09-16 15:42 . 2009-09-16 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-09-16 15:41 . 2009-09-16 15:41 -------- d-----w- c:\program files\Logitech
2009-09-16 15:41 . 2009-09-16 15:41 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield
2009-09-11 14:18 . 2004-08-26 16:12 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 01:24 . 2009-09-11 01:24 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-09-11 01:24 . 2009-09-11 01:24 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-09-11 01:24 . 2009-09-11 01:24 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-09-04 21:03 . 2004-08-26 16:12 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-26 16:12 916480 ------w- c:\windows\system32\wininet.dll
2009-08-28 13:04 . 2008-06-09 00:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-28 13:04 . 2008-06-09 00:10 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 13:04 . 2006-11-05 14:34 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-26 08:00 . 2004-08-26 16:12 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 19:09 . 2009-08-20 19:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:01 . 2004-08-26 16:12 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44 . 2004-08-26 16:12 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-04 05:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2001-07-26 21:58 . 2000-01-11 17:50 47 ----a-w- c:\program files\ACMonitor_X73.ini
2001-07-05 17:46 . 2001-07-20 15:48 8116 ----a-w- c:\program files\OSLO3071b2.USB
2001-05-08 20:36 . 2000-12-05 19:56 114688 ----a-w- c:\program files\lxarscan.dll
2001-04-23 19:22 . 2100-02-08 20:53 1437 ----a-w- c:\program files\gtx73.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-10-23_14.41.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-01 22:47 . 2009-04-28 20:20 96752 c:\windows\system32\vxblock.dll
+ 2009-02-01 22:47 . 2009-04-28 20:20 66032 c:\windows\system32\pxinsa64.exe
- 2009-02-01 22:47 . 2008-07-09 10:05 72176 c:\windows\system32\pxhpinst.exe
+ 2009-02-01 22:47 . 2009-04-28 20:20 72176 c:\windows\system32\pxhpinst.exe
+ 2009-02-01 22:47 . 2009-04-28 20:20 66544 c:\windows\system32\pxcpya64.exe
+ 2008-11-20 19:19 . 2009-04-28 20:20 44944 c:\windows\system32\drivers\pxhelp20.sys
+ 2009-02-01 22:47 . 2009-04-28 20:20 436720 c:\windows\system32\pxwave.dll
+ 2009-02-01 22:47 . 2009-04-28 20:20 219632 c:\windows\system32\pxmas.dll
+ 2009-02-01 22:47 . 2009-04-28 20:20 551408 c:\windows\system32\pxdrv.dll
- 2009-02-01 22:32 . 2008-07-09 10:05 129520 c:\windows\system32\pxafs.dll
+ 2009-02-01 22:32 . 2009-04-28 20:20 129520 c:\windows\system32\pxafs.dll
+ 2009-02-01 22:47 . 2009-04-28 20:20 670192 c:\windows\system32\px.dll
+ 2009-02-01 22:47 . 2009-04-28 20:20 1858032 c:\windows\system32\pxsfs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C} "= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 15:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 68856]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM "= "c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Reminder "= "c:\windows\Creator\Remind_XP.exe" [2005-03-15 966656]
"PrinTray "= "c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [BU]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-30 198160]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Logitech Hardware Abstraction Layer "= "KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
PowerReg SchedulerV2.exe [2009-5-17 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ColorVisionStartup.lnk - c:\program files\PANTONE COLORVISION\Startup\ColorVisionStartup.exe [2004-12-21 385024]
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2009-5-17 136192]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-9-16 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 13:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\system32\\mmc.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\StubInstaller.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/8/2008 8:10 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/8/2008 8:10 PM 108552]
R2 802.11n USB Wireless LAN Card Service;802.11n USB Wireless LAN Card Service;c:\program files\Wireless Lan 11n PCI\WLService.exe [10/21/2009 1:34 PM 49152]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/4/2008 9:46 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/4/2008 9:46 AM 297752]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [3/9/2007 7:31 PM 112992]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [10/21/2009 1:34 PM 528640]
S3 BLKWGD;Belkin Wireless G Desktop Card Service;c:\windows\system32\DRIVERS\BLKWGD.sys --> c:\windows\system32\DRIVERS\BLKWGD.sys [?]
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [4/21/2004 6:51 PM 16384]
.
Contents of the 'Scheduled Tasks' folder

2009-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2006-02-10 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]

2006-02-23 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2006-03-09 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7A0815F1-6B65-4e3a-B198-709807B4042A} - {1EC035CE-090E-4AF7-B6DF-AD11C2F0F9C9} - c:\program files\XstreamRadio 3.02\RadioHelper.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\spnujgg3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: c:\program files\Google\Google Updater\1.4.697.28342\npCIDetect7.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-24 16:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2009-10-24 16:46
ComboFix-quarantined-files.txt 2009-10-24 20:45
ComboFix2.txt 2009-10-24 13:14
ComboFix3.txt 2009-10-23 14:45

Pre-Run: 12,869,758,976 bytes free
Post-Run: 12,822,306,816 bytes free

- - End Of File - - 914D311E6322E73CA611BA6E70D5B1AA

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:49:37 PM, on 10/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Wireless Lan 11n PCI\WLanCfgG.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless Lan 11n PCI\WLService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src "); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\sf0kuvfw.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\PANTONE COLORVISION\Startup\ColorVisionStartup.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: 802.11n USB Wireless LAN Card Service - Unknown owner - C:\Program Files\Wireless Lan 11n PCI\WLService.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O24 - Desktop Component 0: (no name) - http://newsimg.bbc.co.uk/shared/img/o.gif

--
End of file - 10005 bytes

 

Ever have a doh moment?

I just had a "doh" moment. Checked system information and found only 512 M ram. Just upgraded to 2 G and it is much faster.

Used to have Lexmark printer, long gone. Thought it was removed.

 

2009-10-24 20:37:45 . 2009-10-24 20:37:45 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2009-10-23 14:43:53 . 2009-10-23 14:43:53 157 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-PrinTray.reg.dat
2009-10-23 14:41:18 . 2004-09-13 16:15:24 53 ----a-w- C:\Qoobox\Quarantine\D\Autorun.inf.vir
2009-10-23 14:38:45 . 2009-10-24 20:41:42 6,445 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-10-23 14:29:25 . 2009-10-24 20:36:17 153 ----a-w- C:\Qoobox\Quarantine\catchme.log
2008-11-18 15:09:04 . 2009-10-24 14:15:10 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jerry\Local Settings\Application Data\prvlcl.dat.vir