My bad, I forgot that the combofix wouldn't run to start with. It does now
ComboFix 09-07-03.03 - HP Administrator 07/04/2009 10:38.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.187 [GMT -4:00]
Running from: c:\spyware\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-07-04 )))))))))))))))))))))))))))))))
.
2009-07-04 00:44 . 2009-06-22 21:05 3015544 ----a-w- c:\documents and settings\HP Administrator\Application Data\Simply Super Software\Trojan Remover\gov2.exe
2009-07-04 00:38 . 2009-07-04 00:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-04 00:38 . 2009-07-04 00:38 -------- d-----w- c:\program files\Trojan Remover
2009-07-04 00:33 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-07-04 00:33 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-07-04 00:33 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-07-04 00:33 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2009-07-04 00:33 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-07-04 00:33 . 2009-07-04 00:38 -------- d-----w- c:\documents and settings\HP Administrator\Application Data\Simply Super Software
2009-07-04 00:33 . 2009-07-04 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-07-03 21:58 . 2009-07-03 21:58 -------- d-----w- c:\program files\CCleaner
2009-07-03 21:52 . 2009-07-03 21:52 -------- d-----w- c:\program files\CleanUp!
2009-07-03 21:48 . 2009-07-03 21:48 -------- d-----w- c:\program files\MSConfig CleanUp
2009-07-03 21:24 . 2009-07-03 21:24 -------- d-----w- c:\documents and settings\HP Administrator\Application Data\Malwarebytes
2009-07-03 21:22 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-03 21:22 . 2009-07-03 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-03 21:22 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-03 21:22 . 2009-07-03 22:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-03 17:37 . 2009-07-03 17:37 -------- d-----w- c:\program files\Trend Micro
2009-07-03 17:16 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-07-03 01:38 . 2009-07-03 01:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2009-07-02 20:21 . 2009-07-03 13:09 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-02 20:14 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-07-02 20:14 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2009-07-02 20:13 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-07-02 20:13 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2009-07-02 20:13 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-07-02 20:13 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2009-07-02 19:32 . 2009-07-02 19:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-02 19:32 . 2009-07-02 19:32 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-02 19:32 . 2009-07-02 19:32 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-02 19:32 . 2009-07-02 19:32 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-02 19:31 . 2009-07-03 20:22 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-02 19:31 . 2009-07-02 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-02 19:31 . 2009-07-02 19:31 -------- d-----w- c:\program files\AVG
2009-07-02 17:37 . 2009-07-02 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-02 13:28 . 2009-07-04 01:37 -------- d-----w- C:\Spyware
2009-06-28 21:14 . 2009-07-02 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\11270314
2009-06-27 17:07 . 2009-06-27 17:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-06-23 22:41 . 2009-06-23 22:41 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-20 22:38 . 2009-06-20 22:38 -------- d-----w- c:\documents and settings\HP Administrator\Application Data\Windows Search
2009-06-16 21:44 . 2009-06-16 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\1F280
2009-06-11 03:02 . 2009-06-11 03:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCach e
2009-06-11 01:19 . 2009-06-11 01:19 -------- d-sh--w- c:\documents and settings\HP Administrator\IECompatCache
2009-06-11 01:16 . 2009-06-11 01:16 -------- d-sh--w- c:\documents and settings\HP Administrator\PrivacIE
2009-06-11 01:12 . 2009-06-11 01:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-11 01:12 . 2009-06-11 01:12 -------- d-sh--w- c:\documents and settings\HP Administrator\IETldCache
2009-06-11 01:04 . 2009-06-11 01:06 -------- dc-h--w- c:\windows\ie8
2009-06-10 18:42 . 2009-06-10 18:42 -------- d-----w- c:\documents and settings\HP Administrator\Local Settings\Application Data\Media Access Startup
2009-06-10 18:20 . 2009-06-10 18:20 -------- d-----w- c:\program files\Media Access Startup
2009-06-10 18:18 . 2009-06-10 18:18 -------- d-----w- c:\program files\DoubleD
2009-06-10 10:08 . 2009-06-10 10:08 152576 ----a-w- c:\documents and settings\HP Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-08 04:13 . 2009-06-08 04:13 -------- d-----w- c:\documents and settings\HP Administrator\Local Settings\Application Data\Yahoo
2009-06-08 04:12 . 2009-06-08 04:12 -------- d-----w- c:\documents and settings\HP Administrator\Application Data\Yahoo!
2009-06-08 04:09 . 2009-06-08 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-08 04:09 . 2009-07-02 13:24 -------- d-----w- c:\program files\Yahoo!
2009-06-06 19:29 . 2009-06-06 19:29 618 ----a-w- c:\windows\EReg515.dat
2009-06-06 19:28 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2009-06-06 19:28 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2009-06-06 19:27 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2009-06-06 19:27 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll
2009-06-06 19:27 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2009-06-06 19:27 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2009-06-06 19:27 . 2009-06-06 19:27 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-06-06 19:27 . 2009-06-06 19:27 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-06-06 19:25 . 2009-06-06 19:25 -------- d-----w- c:\documents and settings\HP Administrator\WINDOWS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-03 23:28 . 2009-05-30 04:02 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-03 21:42 . 2004-11-19 01:50 -------- d-----w- c:\program files\Java
2009-07-03 18:49 . 2008-11-06 23:54 51512 ----a-w- c:\documents and settings\HP Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 17:07 . 2008-11-29 02:02 -------- d-----w- c:\program files\Network Stumbler
2009-07-03 17:06 . 2009-04-04 00:44 -------- d-----w- c:\program files\LimeWire
2009-07-03 17:04 . 2008-12-07 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-03 17:04 . 2008-12-07 21:34 -------- d-----w- c:\program files\NOS
2009-07-02 19:31 . 2009-07-04 13:50 2052888 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-02 19:17 . 2008-10-23 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-20 22:21 . 2009-04-04 00:59 -------- d-----w- c:\documents and settings\HP Administrator\Application Data\LimeWire
2009-06-11 10:15 . 2008-10-23 03:23 -------- d-----w- c:\program files\Common Files\Apple
2009-05-30 04:07 . 2009-01-16 03:30 -------- d-----w- c:\documents and settings\HP Administrator\Application Data\Intervideo
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-02 1948440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-03-22 39264]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
AutoTBar.exe [2003-9-30 57344]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-02 19:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/2/2009 3:32 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/2/2009 3:32 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/2/2009 3:31 PM 298776]
S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [9/9/2001 8:00 PM 17976]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-04 c:\windows\Tasks\User_Feed_Synchronization-{202ECA0C-F598-4BA4-A2F7-CB97D61D4039}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-04 10:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2264)
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: 2009-07-04 10:45
ComboFix-quarantined-files.txt 2009-07-04 14:45
ComboFix2.txt 2009-07-04 13:43
Pre-Run: 50,703,740,928 bytes free
Post-Run: 50,691,637,248 bytes free
155 --- E O F --- 2009-06-11 01:09
And here is the new HijackThis Log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:51, on 7/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) -
http://h50203.www5.hp.com/HPISWeb/Cu...ataManager.CAB
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) -
https://www-secure.symantec.com/tech...bs/tgctlsr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsof...?1227349585890
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -
https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) -
http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 5040 bytes
Hijacked Laptop 
Linear Mode
