Here are the logs. thank you for your help
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:09 AM, on 5/28/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mstsc.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Joshua\AppData\Local\Temp\kHArqQgf.dll,c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} -
http://a532.g.akamai...l/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCF05816-0D67-48CC-854A-3BA818799BBF}: NameServer = 207.199.252.1,201.199.252.2
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 3679 bytes
ComboFix 08-05-27.4 - Joshua 2008-05-28 12:28:12.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.317 [GMT -5:00]
Running from: C:\Users\Joshua\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-28 )))))))))))))))))))))))))))))))
.
2008-05-28 08:45 . 2008-05-28 08:45 <DIR> d-------- C:\Users\Joshua\AppData\Roaming\Malwarebytes
2008-05-28 08:45 . 2008-05-28 08:45 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-05-28 08:45 . 2008-05-28 08:45 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-05-28 08:45 . 2008-05-28 08:45 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-28 08:45 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-28 08:45 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-28 08:31 . 2008-05-28 08:31 <DIR> d-------- C:\VundoFix Backups
2008-05-28 08:24 . 2008-05-28 08:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-27 14:05 . 2008-03-07 19:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-27 14:05 . 2008-03-07 23:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-22 12:48 . 2008-05-22 12:53 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-05-22 12:48 . 2008-05-22 12:53 <DIR> d-------- C:\ProgramData\Lavasoft
2008-05-22 12:48 . 2008-05-22 12:48 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-22 12:47 . 2008-05-22 12:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-22 12:46 . 2008-05-22 13:02 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-05-22 12:18 . 2008-05-22 12:18 691 --a------ C:\Users\Joshua\AppData\Roaming\GetValue.vbs
2008-05-22 12:18 . 2008-05-22 12:18 35 --a------ C:\Users\Joshua\AppData\Roaming\SetValue.bat
2008-05-22 12:16 . 2008-05-22 12:18 1,454 --a------ C:\Windows\System32\tmp.reg
2008-05-22 12:15 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-05-22 12:15 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-05-22 12:15 . 2008-05-15 23:22 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-05-22 12:15 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe
2008-05-22 12:15 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\404Fix.exe
2008-05-22 12:15 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-05-22 12:15 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-05-22 12:15 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-05-22 09:50 . 2008-05-22 09:51 <DIR> d-------- C:\Users\All Users\Adobe
2008-05-22 09:49 . 2008-05-22 09:50 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-19 12:28 . 2008-05-19 18:00 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-19 12:26 . 2008-05-28 10:22 <DIR> d-------- C:\Users\All Users\Symantec
2008-05-19 12:26 . 2008-05-28 10:22 <DIR> d-------- C:\ProgramData\Symantec
2008-05-19 09:44 . 2008-05-19 09:44 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-19 09:30 . 2008-05-19 09:30 <DIR> d-------- C:\Program Files\CCleaner
2008-05-18 19:14 . 2008-05-18 19:14 68 --a------ C:\Windows\st_affiliate.ini
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\Windows\System32\lsdelete.exe
2008-05-15 17:46 . 2008-05-15 17:46 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\Windows\System32\drivers\NSDriver.sys
2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\Windows\System32\drivers\Awrtrd.sys
2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\Windows\System32\drivers\Awrtpd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 17:08 --------- d-----w C:\Users\Joshua\AppData\Roaming\AVG7
2008-05-28 17:06 --------- d-----w C:\Program Files\Google
2008-05-27 14:13 --------- d-----w C:\Program Files\PokerStars
2008-05-14 13:48 --------- d-----w C:\Program Files\Windows Mail
2008-05-12 13:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-12 13:57 --------- d-----w C:\Program Files\EZ-DUB
2008-05-09 15:06 544 ----a-w C:\Users\Joshua\AppData\Roaming\wklnhst.dat
2008-04-24 00:59 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-24 00:59 --------- d-----w C:\Program Files\Common Files\Real
2008-04-19 16:32 --------- d-----w C:\Program Files\Common Files\Intuit
2008-04-19 15:36 --------- d-----w C:\Users\Joshua\AppData\Roaming\DivX
2008-04-19 15:31 --------- d-----w C:\Program Files\DivX
2008-04-16 01:49 --------- d-----w C:\Users\Joshua\AppData\Roaming\Apple Computer
2008-04-13 19:33 --------- d-----w C:\ProgramData\Kodak
2008-04-13 19:31 --------- d-----w C:\Program Files\Common Files\Kodak
2008-04-13 19:30 --------- d-----w C:\Program Files\Kodak
2008-04-13 18:01 --------- d-----w C:\Program Files\QuickTime
2008-04-06 22:15 545,280 ----a-w C:\Windows\flashax.exe
2008-04-06 22:15 12,288 ----a-w C:\Windows\impborl.dll
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-03-12 20:21 678,408 ----a-w C:\Windows\System32\gpprefcl.dll
2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-14 20:56 174 --sha-w C:\Program Files\desktop.ini
2007-06-10 00:43 63,488 ----a-w C:\Users\Joshua\xobglu16.dll
2007-06-10 00:43 32,698 ----a-w C:\Users\Joshua\xobglu32.dll
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 15:17 4670704]
"Zinio DLM"="C:\Program Files\Zinio\ZinioReader.exe" [2008-01-18 12:00 3760198]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2006-11-12 02:19 446976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-05-05 20:46 1179256]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-23 19:59 185896]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 12:51 815104]
"SigmatelSysTrayApp"="sttray.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 17:23 118784]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 11:37 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 11:35 221184]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2006-11-21 19:52 1540096]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-21 14:19 579072]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 17:12 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-03-31 07:54 9216 C:\Windows\System32\avgwlntf.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Auto Update System.lnk]
backup=C:\Windows\pss\Auto Update System.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^EZ-DUB Finder.lnk]
backup=C:\Windows\pss\EZ-DUB Finder.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Metacafe.lnk]
backup=C:\Windows\pss\Metacafe.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\Windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
backup=C:\Windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Joshua^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Metacafe.lnk]
backup=C:\Windows\pss\Metacafe.lnk.Startup
backupExtension=.Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"UDP Query User{D5C8B510-BEFD-4023-946D-6288A90A396B}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{DFF3417D-3F97-41B5-828D-A14F18836F67}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{2FD65E23-AA10-404A-9CC0-5C9E39CFB833}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{645C1E8A-426B-4174-9CF1-037E0A57D136}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{532572E7-5AF6-4B70-AA06-722D09D2642D}C:\\program files\\redlightcenter\\redlightcenter\\redlightcenter.exe"= TCP:C:\program files\redlightcenter\redlightcenter\redlightcenter.exe:Redlightcenter
"TCP Query User{CD0A7355-1D54-4F73-ABD5-B5368B8EC1B9}C:\\program files\\redlightcenter\\redlightcenter\\redlightcenter.exe"= UDP:C:\program files\redlightcenter\redlightcenter\redlightcenter.exe:Redlightcenter
"{B2537623-4935-411A-A652-50B3C8403C22}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{4B7EDEC1-B6B8-45A7-B0E4-B7E352B189F4}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{FF3AC20F-4003-4418-9981-50ECB7FA5657}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{2BA8A011-5D4B-434D-A269-1C74E35CC32C}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{EB1FB091-8BDC-4A33-ACA3-7D03EC1E1633}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"UDP Query User{129388B7-AB0A-4523-A26B-34EA4E2F2578}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{E2BCA44D-5788-4CCA-9122-7CD7BD85CB00}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{4CCF5346-30DF-4BF1-81BE-E877E628E49E}"= TCP:C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"{AE0E5C45-9FF0-4876-AB10-B67D9C03185B}"= UDP:C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"{147D7EA3-F04B-4E62-832B-DE4CB84D40DE}"= TCP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{48AA8014-8802-4D46-BE8C-812CE075CC42}"= UDP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{7F196F56-4B16-46ED-9A90-AB5599874C17}"= TCP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{E15C2F56-50D5-44AC-8E0B-49252F18E3DB}"= UDP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{ACF80A98-A9FE-42DB-B1C9-309232652B1E}"= TCP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
"{34C40036-4F88-41C2-BFE3-7952C1E702DA}"= UDP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
"{C28ED7A9-0A9F-43D9-BC88-B8B7B742EE4D}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{2C294F8E-806B-4D52-857D-9ED5BC345229}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{3D13393B-5165-47F9-9DC8-EE59614448A6}"= UDP:C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax
"{D1682A20-E730-4184-B8C4-7B9C5BC44195}"= TCP:C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax
"{75B12E8E-8575-4191-8191-6B4A7DAB9328}"= UDP:C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{34F31EDB-69E5-400D-83F2-5A0D80475B96}"= TCP:C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 10:22]
R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 20:05]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-11 18:10]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-02-21 14:19]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-25 00:46]
S3 KMWDFilter;KMWDFilter;C:\Windows\System32\Drivers\KMWDFilter.SYS [2007-03-29 16:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
GPSvcGroup REG_MULTI_SZ GPSvc
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-11 19:27:10 C:\Windows\Tasks\EasyShare Registration Task.job"
- C:\Windows\system32\rundll32.exeZC:\PROGRA~2\Kodak\EasyShareSetup\$REGIS~1\Registration_7.2.20.2.sxt _RegistrationOffer@16
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-05-28 12:32:08
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-28 12:33:51
ComboFix-quarantined-files.txt 2008-05-28 17:33:27
Pre-Run: 36,876,300,288 bytes free
Post-Run: 36,852,228,096 bytes free
216 --- E O F --- 2008-05-28 01:36:28