and heres the combofix log. let me know if you think they look okay now. Thanks in advance.
ComboFix 08-09-01.03 - Lisa loves Tim 2008-09-02 14:00:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.49 [GMT -4:00]
Running from: C:\Documents and Settings\Lisa loves Tim\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lisa loves Tim\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Video ActiveX Object
C:\WINDOWS\BM3729507a.txt
C:\WINDOWS\BM3729507a.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\crosof~1\??crosoft\
C:\WINDOWS\system32\ddysdwen.ini
C:\WINDOWS\system32\deebbbsu.dll
C:\WINDOWS\system32\drivers\Winnv20.sys
C:\WINDOWS\system32\EKSsvyxx.ini
C:\WINDOWS\system32\EKSsvyxx.ini2
C:\WINDOWS\system32\ksvcl.dll
C:\WINDOWS\system32\qmopt.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_fci
-------\Legacy_lanmandrv
-------\Legacy_winnv20
-------\Service_fci
-------\Service_lanmandrv
-------\Service_Winnv20
-------\Service_winnv20
((((((((((((((((((((((((( Files Created from 2008-08-02 to 2008-09-02 )))))))))))))))))))))))))))))))
.
2008-08-31 22:22 . 2005-08-31 23:17 <DIR> d-------- C:\Documents and Settings\Administrator.LISA\Application Data\Symantec
2008-08-31 22:22 . 2005-08-31 23:06 <DIR> d-------- C:\Documents and Settings\Administrator.LISA\Application Data\Jasc Software Inc
2008-08-31 22:22 . 2008-08-31 22:22 <DIR> d-------- C:\Documents and Settings\Administrator.LISA
2008-08-30 13:44 . 2008-08-30 13:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-14 18:55 . 2008-08-14 18:55 118 --a------ C:\WINDOWS\system32\MRT.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 15:12 --------- d-----w C:\Documents and Settings\Lisa loves Tim\Application Data\Audacity
2008-09-02 14:23 --------- d-----w C:\Documents and Settings\Lisa loves Tim\Application Data\CoreFTP
2008-09-02 14:12 --------- d-----w C:\Documents and Settings\Lisa loves Tim\Application Data\Lavasoft
2008-08-30 13:08 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-07 01:39 --------- d-----w C:\Program Files\Google
2008-07-30 01:03 --------- d-----w C:\Documents and Settings\Lisa loves Tim\Application Data\AVGTOOLBAR
2008-07-30 00:35 --------- d-----w C:\Program Files\AVG
2008-07-30 00:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-07-29 12:26 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-11 21:19 --------- d-----w C:\Documents and Settings\Lisa loves Tim\Application Data\gtk-2.0
2008-07-07 13:22 --------- d-----w C:\Program Files\Java
2007-04-06 13:19 88,024 -c--a-w C:\Documents and Settings\Lisa loves Tim\Application Data\GDIPFONTCACHEV1.DAT
2005-09-01 03:17 0 -c-ha-w C:\Documents and Settings\All Users\Application Data\gwseh.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [X]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-12-09 86016]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 282624]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 114688]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-17 185896]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-08-31 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP
xpsp2res.dll,-22009
R1 avgldx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-30 97928]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S1 7108180f;7108180f;C:\WINDOWS\system32\drivers\7108180f.sys [ ]
S1 a5b184c3;a5b184c3;C:\WINDOWS\system32\drivers\a5b184c3.sys [ ]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2004-02-11 19456]
S3 w600bus;Sony Ericsson W600 driver (WDM);C:\WINDOWS\system32\DRIVERS\w600bus.sys [2005-07-18 60928]
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w600mdfl.sys [2005-07-18 8336]
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w600mdm.sys [2005-07-18 96672]
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w600mgmt.sys [2005-07-18 88080]
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w600obex.sys [2005-07-18 85952]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8098b5fb-96fd-11dc-9c23-0014a41ecf9a}]
\Shell\AutoRun\command - E:\Imageviewer.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Lisa loves Tim\Application Data\Mozilla\Firefox\Profiles\g73m0ukx.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-02 14:10:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\controlset002\services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-09-02 14:19:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-02 18:18:42
Pre-Run: 12,869,308,416 bytes free
Post-Run: 12,845,920,256 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
181 --- E O F --- 2008-08-14 22:59:33
ComboFix 08-09-01.03 - Lisa loves Tim 2008-09-02 14:00:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.49 [GMT -4:00]
Running from: C:\Documents and Settings\Lisa loves Tim\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lisa loves Tim\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Video ActiveX Object
C:\WINDOWS\BM3729507a.txt
C:\WINDOWS\BM3729507a.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\crosof~1\??crosoft\
C:\WINDOWS\system32\ddysdwen.ini
C:\WINDOWS\system32\deebbbsu.dll
C:\WINDOWS\system32\drivers\Winnv20.sys
C:\WINDOWS\system32\EKSsvyxx.ini
C:\WINDOWS\system32\EKSsvyxx.ini2
C:\WINDOWS\system32\ksvcl.dll
C:\WINDOWS\system32\qmopt.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_fci
-------\Legacy_lanmandrv
-------\Legacy_winnv20
-------\Service_fci
-------\Service_lanmandrv
-------\Service_Winnv20
-------\Service_winnv20
((((((((((((((((((((((((( Files Created from 2008-08-02 to 2008-09-02 )))))))))))))))))))))))))))))))
.
2008-08-31 22:22 . 2005-08-31 23:17 <DIR> d-------- C:\Documents and Settings\Administrator.LISA\Application Data\Symantec
2008-08-31 22:22 . 2005-08-31 23:06 <DIR> d-------- C:\Documents and Settings\Administrator.LISA\Application Data\Jasc Software Inc
2008-08-31 22:22 . 2008-08-31 22:22 <DIR> d-------- C:\Documents and Settings\Administrator.LISA
2008-08-30 13:44 . 2008-08-30 13:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-14 18:55 . 2008-08-14 18:55 118 --a------ C:\WINDOWS\system32\MRT.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 15:12 --------- d-----w C:\Documents and Settings\Lisa loves Tim\Application Data\Audacity
2008-09-02 14:23 --------- d-----w C:\Documents and Settings\Lisa loves Tim\Application Data\CoreFTP
2008-09-02 14:12 --------- d-----w C:\Documents and Settings\Lisa loves Tim\Application Data\Lavasoft
2008-08-30 13:08 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-07 01:39 --------- d-----w C:\Program Files\Google
2008-07-30 01:03 --------- d-----w C:\Documents and Settings\Lisa loves Tim\Application Data\AVGTOOLBAR
2008-07-30 00:35 --------- d-----w C:\Program Files\AVG
2008-07-30 00:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-07-29 12:26 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-11 21:19 --------- d-----w C:\Documents and Settings\Lisa loves Tim\Application Data\gtk-2.0
2008-07-07 13:22 --------- d-----w C:\Program Files\Java
2007-04-06 13:19 88,024 -c--a-w C:\Documents and Settings\Lisa loves Tim\Application Data\GDIPFONTCACHEV1.DAT
2005-09-01 03:17 0 -c-ha-w C:\Documents and Settings\All Users\Application Data\gwseh.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [X]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-12-09 86016]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 282624]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 114688]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-17 185896]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-08-31 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP
xpsp2res.dll,-22009R1 avgldx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-30 97928]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S1 7108180f;7108180f;C:\WINDOWS\system32\drivers\7108180f.sys [ ]
S1 a5b184c3;a5b184c3;C:\WINDOWS\system32\drivers\a5b184c3.sys [ ]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2004-02-11 19456]
S3 w600bus;Sony Ericsson W600 driver (WDM);C:\WINDOWS\system32\DRIVERS\w600bus.sys [2005-07-18 60928]
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w600mdfl.sys [2005-07-18 8336]
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w600mdm.sys [2005-07-18 96672]
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w600mgmt.sys [2005-07-18 88080]
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w600obex.sys [2005-07-18 85952]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8098b5fb-96fd-11dc-9c23-0014a41ecf9a}]
\Shell\AutoRun\command - E:\Imageviewer.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Lisa loves Tim\Application Data\Mozilla\Firefox\Profiles\g73m0ukx.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-02 14:10:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\controlset002\services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-09-02 14:19:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-02 18:18:42
Pre-Run: 12,869,308,416 bytes free
Post-Run: 12,845,920,256 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
181 --- E O F --- 2008-08-14 22:59:33
