Hello,
I'm still getting the same popup and the computer is still barely functional online. Is it so badly infected that it just can't be cleaned up? Here are the combofix and hjt logs:
Thanks!
ComboFix 08-05-01.3 - Owner 2008-05-09 17:36:06.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.234 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\system32\agttiz.exe
C:\WINDOWS\system32\aibfysz.exe
C:\WINDOWS\system32\azlgh.exe
C:\WINDOWS\system32\aztsizh.exe
C:\WINDOWS\system32\bzuwjr.exe
C:\WINDOWS\system32\clrgym.exe
C:\WINDOWS\system32\ctvhb.exe
C:\WINDOWS\system32\dhaqaffd.exe
C:\WINDOWS\system32\diwdwdw.exe
C:\WINDOWS\system32\ghadyjo.exe
C:\WINDOWS\system32\gxgug.exe
C:\WINDOWS\system32\iwttd.exe
C:\WINDOWS\system32\kemqo.exe
C:\WINDOWS\system32\kioltsqg.exe
C:\WINDOWS\system32\kpngg.exe
C:\WINDOWS\system32\kztnphe.exe
C:\WINDOWS\system32\leoxscbo.exe
C:\WINDOWS\system32\mxsbcz.exe
C:\WINDOWS\system32\ndhsbu.exe
C:\WINDOWS\system32\ngih.exe
C:\WINDOWS\system32\ngpjsrdp.exe
C:\WINDOWS\system32\o
C:\WINDOWS\system32\okhx.exe
C:\WINDOWS\system32\pasq.exe
C:\WINDOWS\system32\ptvrrtog.exe
C:\WINDOWS\system32\qbrkq.exe
C:\WINDOWS\system32\qjcziixa.exe
C:\WINDOWS\system32\slpxsf.exe
C:\WINDOWS\system32\ssudcnbf.exe
C:\WINDOWS\system32\tfppuly.exe
C:\WINDOWS\system32\TFTP876
C:\WINDOWS\system32\tjkwpj.exe
C:\WINDOWS\system32\ubqq.exe
C:\WINDOWS\system32\ubtnt.exe
C:\WINDOWS\system32\ukcdiems.exe
C:\WINDOWS\system32\vkaxph.exe
C:\WINDOWS\system32\vkwk.exe
C:\WINDOWS\system32\vnznf.exe
C:\WINDOWS\system32\vtjgwh.exe
C:\WINDOWS\system32\wljdpvn.exe
C:\WINDOWS\system32\wsvuat.exe
C:\WINDOWS\system32\wxsnca.exe
C:\WINDOWS\system32\xhcjktpu.exe
C:\WINDOWS\system32\xwgmaxg.exe
C:\WINDOWS\system32\ycklj.exe
C:\WINDOWS\system32\zcdrwby.exe
C:\WINDOWS\system32\zycxc.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\agttiz.exe
C:\WINDOWS\system32\aibfysz.exe
C:\WINDOWS\system32\azlgh.exe
C:\WINDOWS\system32\aztsizh.exe
C:\WINDOWS\system32\bzuwjr.exe
C:\WINDOWS\system32\cibdvfgb.dll
C:\WINDOWS\system32\clrgym.exe
C:\WINDOWS\system32\ctvhb.exe
C:\WINDOWS\system32\dhaqaffd.exe
C:\WINDOWS\system32\diwdwdw.exe
C:\WINDOWS\system32\ffilqtsx.dll
C:\WINDOWS\system32\firewall.exe
C:\WINDOWS\system32\geBuSIba.dll
C:\WINDOWS\system32\ghadyjo.exe
C:\WINDOWS\system32\gxgug.exe
C:\WINDOWS\system32\iifghedE.dll
C:\WINDOWS\system32\iwttd.exe
C:\WINDOWS\system32\jTtDNqss.ini
C:\WINDOWS\system32\jTtDNqss.ini2
C:\WINDOWS\system32\kemqo.exe
C:\WINDOWS\system32\kioltsqg.exe
C:\WINDOWS\system32\kpngg.exe
C:\WINDOWS\system32\kztnphe.exe
C:\WINDOWS\system32\leoxscbo.exe
C:\WINDOWS\system32\lmcjtils.dll
C:\WINDOWS\system32\mbbmgrgp.ini
C:\WINDOWS\system32\mxsbcz.exe
C:\WINDOWS\system32\ndhsbu.exe
C:\WINDOWS\system32\ngih.exe
C:\WINDOWS\system32\ngpjsrdp.exe
C:\WINDOWS\system32\o
C:\WINDOWS\system32\okhx.exe
C:\WINDOWS\system32\pasq.exe
C:\WINDOWS\system32\ptvrrtog.exe
C:\WINDOWS\system32\qbrkq.exe
C:\WINDOWS\system32\qjcziixa.exe
C:\WINDOWS\system32\slitjcml.ini
C:\WINDOWS\system32\slpxsf.exe
C:\WINDOWS\system32\ssqRlmJa.dll
C:\WINDOWS\system32\ssudcnbf.exe
C:\WINDOWS\system32\tfppuly.exe
C:\WINDOWS\system32\TFTP876
C:\WINDOWS\system32\tjkwpj.exe
C:\WINDOWS\system32\tqdeilqf.dll
C:\WINDOWS\system32\ubqq.exe
C:\WINDOWS\system32\ubtnt.exe
C:\WINDOWS\system32\ukcdiems.exe
C:\WINDOWS\system32\vkaxph.exe
C:\WINDOWS\system32\vkwk.exe
C:\WINDOWS\system32\vnznf.exe
C:\WINDOWS\system32\vtjgwh.exe
C:\WINDOWS\system32\wljdpvn.exe
C:\WINDOWS\system32\wsvuat.exe
C:\WINDOWS\system32\wxsnca.exe
C:\WINDOWS\system32\xhcjktpu.exe
C:\WINDOWS\system32\xwgmaxg.exe
C:\WINDOWS\system32\ycklj.exe
C:\WINDOWS\system32\zcdrwby.exe
C:\WINDOWS\system32\zycxc.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.
2008-05-09 10:49 . 2008-05-09 10:50 30,720 --a------ C:\WINDOWS\system32\bzhpijq.exe
2008-05-09 10:49 . 2008-05-09 10:49 1,635 --a------ C:\WINDOWS\system32\vblzeft.exe
2008-05-09 10:49 . 2008-05-09 10:49 1,635 --a------ C:\WINDOWS\system32\bfhq.exe
2008-05-08 21:51 . 2008-05-08 21:51 24,576 --a------ C:\WINDOWS\system32\aof.exe
2008-05-08 21:40 . 2008-05-08 21:41 55,808 --a------ C:\WINDOWS\system32\abdatee.exe
2008-05-08 21:40 . 2008-05-08 21:40 1,635 --a------ C:\WINDOWS\system32\yjwrvw.exe
2008-05-08 21:40 . 2008-05-08 21:40 1,635 --a------ C:\WINDOWS\system32\aemv.exe
2008-05-08 18:08 . 2008-05-08 18:08 1,635 --a------ C:\WINDOWS\system32\zkzhc.exe
2008-05-08 17:33 . 2008-05-08 17:33 83,968 --a------ C:\WINDOWS\system32\iwqwzy.exe
2008-05-08 17:10 . 2008-05-08 17:10 2,048 --a------ C:\WINDOWS\system32\ditwmsmo.exe
2008-05-08 17:09 . 2008-05-08 17:09 1,635 --a------ C:\WINDOWS\system32\odjnd.exe
2008-05-07 21:34 . 2008-05-07 21:34 0 -ra------ C:\WINDOWS\system32\TFTP3144
2008-05-07 21:32 . 2008-05-07 21:33 55,808 --a------ C:\WINDOWS\system32\tifdxk.exe
2008-05-07 21:32 . 2008-05-07 21:32 41,984 --a------ C:\WINDOWS\system32\xbmmws.exe
2008-05-07 16:59 . 2008-05-07 16:59 2,048 --a------ C:\WINDOWS\system32\fvkqjfnh.exe
2008-05-07 16:58 . 2008-05-07 16:58 55,808 --a------ C:\WINDOWS\system32\vfuwqemj.exe
2008-05-07 16:58 . 2008-05-07 16:58 41,984 --a------ C:\WINDOWS\system32\kbnog.exe
2008-05-07 16:58 . 2008-05-07 16:58 1,635 --a------ C:\WINDOWS\system32\wqjbvgan.exe
2008-05-07 16:58 . 2008-05-07 16:58 1,635 --a------ C:\WINDOWS\system32\brjptj.exe
2008-05-07 16:48 . 2008-05-07 16:49 41,984 --a------ C:\WINDOWS\system32\ngayk.exe
2008-05-07 16:48 . 2008-05-07 16:48 1,635 --a------ C:\WINDOWS\system32\xbprzyy.exe
2008-05-07 16:48 . 2008-05-07 16:48 1,635 --a------ C:\WINDOWS\system32\tueqvw.exe
2008-05-07 07:19 . 2008-05-07 07:23 316,096 --a------ C:\WINDOWS\system32\ssqNDtTj.dll
2008-05-07 07:13 . 2008-05-07 07:14 41,984 --a------ C:\WINDOWS\system32\koxd.exe
2008-05-07 07:13 . 2008-05-07 07:13 1,635 --a------ C:\WINDOWS\system32\xhxusgey.exe
2008-05-07 07:13 . 2008-05-07 07:13 1,635 --a------ C:\WINDOWS\system32\cwudac.exe
2008-05-06 18:18 . 2008-05-06 18:18 1,635 --a------ C:\WINDOWS\system32\ccuqkfhs.exe
2008-05-06 18:18 . 2008-05-06 18:18 1,635 --a------ C:\WINDOWS\system32\aecaqror.exe
2008-04-24 17:34 . 2008-04-24 17:34 <DIR> d-------- C:\_OTMoveIt
2008-04-19 11:55 . 2008-04-19 11:56 <DIR> d-------- C:\Program Files\Google
2008-04-15 17:47 . 2002-10-28 14:21 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-15 17:47 . 2008-04-15 17:47 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-04-15 17:47 . 2008-04-15 17:47 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-15 17:47 . 2008-05-06 18:06 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-10 17:53 . 2008-04-10 17:53 <DIR> d-------- C:\Deckard
2008-04-10 13:53 . 2008-04-10 13:53 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-10 13:53 . 2008-04-10 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 14:24 --------- d-----w C:\Documents and Settings\Owner\Application Data\WeatherBug
2008-04-04 01:19 --------- d-----w C:\Program Files\AWS
2008-04-04 01:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-04-04 00:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-04-04 00:07 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-04 00:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-30 01:57 4,214 --sha-r C:\WINDOWS\system32\drivers\HP_D7218H-ABA 774Y_YC_Pavi_QMX312S_E31NAheBLU4_4_IMS-6577_SMICRO-STAR INTERNATIONAL CO., LTD_V020_B3.15_T030226_WXH1_L409_M512_J80_7Intel_8Pentium 4_92.53_1103300F2_N10EC8139_P_Z11C1044E_K_A11020002_U808624C2_G10DE0172.MRK
2008-03-30 01:51 --------- d-----w C:\Program Files\Creative
2008-03-30 00:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-30 00:29 --------- d-----w C:\Program Files\ReadIris
2008-03-29 23:22 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-03-29 23:20 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-03-29 23:16 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-03-29 00:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-03-20 14:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
.
------- Sigcheck -------
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e\ip6fw.sys
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-06_18.15.11.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-06 23:10:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-09 22:40:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-24 17:16:48 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-09 22:34:53 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-24 17:16:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-09 22:34:53 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-24 17:16:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-09 22:34:53 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F5E8FC3-F64F-48FB-B2D5-E777A0298D9F}]
2008-05-07 07:23 316096 --a------ C:\WINDOWS\System32\ssqNDtTj.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [2006-04-07 16:02 1343488]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-21 01:08 1511453]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-04 21:21 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 20:42 69632]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-18 02:11 69632]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-07 00:56 61440]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 11:01 155648]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 00:42 212992]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-06-14 19:39 81920]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-28 09:31 579584]
"Spooler SubSystem App"="C:\WINDOWS\System32\spooIsv.exe" [2002-08-29 07:00 101888]
"Windows Network Firewall"="C:\WINDOWS\System32\firewall.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-28 07:48 219136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMidi"="MIDIDEF.EXE" [2002-12-03 19:55 49152 C:\WINDOWS\mididef.exe]
"PlayCenter2"="C:\Program Files\Creative\SBLive\PlayCenter2\MDEntry.exe" [2001-07-20 12:00 131072]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-27 02:20:58 323646]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-27 02:21:30 147456]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2002-09-20 22:20:02 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBuSIba]
geBuSIba.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUomjJB]
vtUomjJB.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\System32\ssqNDtTj.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHELPER]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-29 03:06:04 C:\WINDOWS\Tasks\easy Internet sign-up.job"
- C:\Program Files\Hewlett-Packard\EZ Internet Signup\HPSdpApp.exe
"2008-05-01 23:53:03 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1206837060.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-05-09 17:40:30
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Completion time: 2008-05-09 17:44:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-09 22:44:29
ComboFix2.txt 2008-05-06 23:15:27
Pre-Run: 59,668,176,896 bytes free
Post-Run: 59,654,160,384 bytes free
275
*********************************************
*********************************************
Logfile of HijackThis v1.99.1
Scan saved at 6:11:56 PM, on 5/9/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\Rundll32.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.wundergro...ast?query=39648
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spooIsv.exe
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O4 - HKLM\..\Run: [58eb1514] rundll32.exe "C:\WINDOWS\System32\tmnnmnxm.dll",b
O4 - HKLM\..\Run: [BM5bd82688] Rundll32.exe "C:\WINDOWS\System32\qwcoyxuu.dll",s
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) -
http://wdownload.wea...Transporter.cab?
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe