Bread is People
2009-01-03, 08:10
ComboFix 09-01-01.02 - Owner 2009-01-03 1:05:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1249 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\GetModule
c:\windows\system32\dyijob.dll
c:\windows\system32\fccdBUol.dll
c:\windows\system32\gagoliro.dll
c:\windows\system32\jnkedeel.dll
c:\windows\system32\loUBdccf.ini
c:\windows\system32\loUBdccf.ini2
c:\windows\system32\orilogag.ini
c:\windows\system32\ssqQjGVP.dll
c:\windows\system32\tfppujbb.dll
c:\windows\wiaserviv.log
----- BITS: Possible infected sites -----
hxxp://childhe.com
.
((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.
2008-12-27 16:22 . 2008-12-27 16:22 <DIR> d-------- c:\program files\Trend Micro
2008-12-26 02:42 . 2008-12-26 02:42 153 --a------ c:\windows\wininit.ini
2008-12-26 00:16 . 2008-12-26 00:16 45,056 --a------ c:\windows\system32\mlJDuuTN.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-27 21:15 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-26 07:22 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-26 07:08 --------- d-----w c:\documents and settings\Owner\Application Data\uTorrent
2008-11-28 08:41 --------- d-----w c:\program files\uTorrent
2008-10-24 23:01 3,532 ----a-w C:\drmHeader.bin
2008-11-22 01:19 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-11-22 01:19 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-11-22 01:19 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-11-22 01:19 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-11-22 01:19 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 c:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
"c:\\Program Files\\THQ\\Dawn of War\\W40kWA.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\Steam\\SteamApps\\breadispeople\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\breadispeople\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Westwood\\RA2\\game.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\red orchestra\\System\\RedOrchestra.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Program Files\\Steam\\SteamApps\\breadispeople\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Warcraft II BNE\\Warcraft II BNE.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Linksys Wireless-G PCI Wireless Network Monitor\\WMP54Gv4.exe"=
"c:\\WINDOWS\\soundman.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-17 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-17 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-17 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-08-17 76040]
*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
2009-01-03 c:\windows\Tasks\mmtuoxgd.job
- c:\windows\system32\rundll32.exe [2008-04-13 19:12]
.
- - - - ORPHANS REMOVED - - - -
BHO-{175B8C53-8AF5-414B-9987-D510BFB72EE0} - c:\windows\system32\fccdBUol.dll
BHO-{a07c1fdf-3d74-4753-8a0e-3628d82a00ab} - c:\windows\system32\dyijob.dll
BHO-{fbd5a109-3603-4d87-bfff-3e57dc1b5285} - c:\windows\system32\pitepuze.dll
HKCU-Run-Steam - (no file)
HKLM-Run-AceGain LiveUpdate - c:\program files\AceGain\LiveUpdate\LiveUpdate.exe
HKLM-Run-nofalomiki - c:\windows\system32\retahowe.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cleveland.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\00fxzkms.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cleveland.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 01:07:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1275210071-1177238915-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"??"=hex:19,51,ca,af,cf,d5,7f,47,30,eb,b2,a7,fd,de,4d,f6,3b,25,32,5c,54,de,89,\
9b,87,60,26,56,cf,e9,89,34,f3,3a,07,18,b4,8f,e6,25,f1,8c,d0,35,19,27,25,9c,\
4f,2e,12,24,d2,20,71,d5,72,56,8c,0e,05,f4,e7,21,0a,3b,8c,37,6a,91,37,9d,f8,\
a8,0d,d6,9e,90,c0,cf,36,2f,69,ef,2e,a0,3b,24,c6,97,32,d4,cf,42,c8,a9,83,f5,\
93,48,7d,b9,48,07,1b,8d,da,e6,e9,c9,1e,91,58,73,77,ba,ea,3a,fd,9d,77,39,80,\
5c,39,61,1f,34,a3,1e,2d,db,ee,c3,87,df,13,40,c5,33,3d,77,38,fa,ea,1b,74,c3,\
70,d9,78,fe,8f,de,b7,8b,94,e7,8d,cb,9f,08,b0,7c,a4,0c,37,19,09,2f,59,e8,1e,\
4b,60,13,12,2f,e1,b8,ee,5b,d4,6c,2d,56,c3,f5,77,bb,89,2b,14,2c,a0,b1,dc,41,\
8d,72,c9,39,fd,fd,6d,1f,34,0a,65,99,29,c9,7a,ed,83,6b,b1,7e,d2,58,13,93,1f,\
d2,95,da,0c,58,d0,74,ca,cc,a3,88,af,ca,30,fe,7f,07,f2,fa,3e,16,bd,a2,b3,b7,\
56,8d,10,a1,7e,8d,1e,c4,05,99,ed,ac,40,d8,43,9d,d4,0d,ff,67,67,ce,cb,ea,2e,\
f7,99,84,f7,62,2d,35,eb,6a,71,d9,00,3a,56,51,f9,2e,2d,0f,58,c3,eb,06,2e,92,\
5d,08,b7,d9,31,33,d1,ca,d6,ba,6b,47,fb,65,c9,24,de,b4,95,11,8b,b6,7c,7d,89,\
de,03,e8,d5,ee,8f,9a,18,9c,37,54,b9,ed,04,87,77,c6,b6,4e,a8,b5,16,0e,4f,fa,\
ce,b0,62,4f,6e,81,8e,84,a4,c0,05,ed,86,64,b4,ad,74,5b,87,ca,42,e1,7f,3f,01,\
6c,05,10,b1,ce,55,1a,e0,3e,88,35,10,5a,ce,28,72,9d,b7,4b,e1,d1,ba,96,c0,16,\
50,2e,d2,37,1b,6e,3c,ff,45,da,30,2f,b9,65,b4,23,85,d4,7d,fb,96,4a,fb,90,b5,\
67,ed,af,7e,db,33,c9,a9,53,2b,4d,10,8f,1f,42,58,a8,c6,21,dc,32,10,93,74,8d,\
56,ba,32,cc,3f,e0,07,b2,69,53,64,93,51,bd,b1,d1,cd,c4,d5,94,16,5f,b0,48,ae,\
02,c4,ac,61,90,d3,cf,6c,3e,d1,da,95,67,2f,36,bd,20,9d,c8,c2,bc,fa,c8,92,3f,\
f1,31,50,89,5c,ae,07,27,7d,a8,14,df,86,ad,18,c6,d8,db,47,f7,3c,69,56,1c,f3,\
08,4e,44,97,4f,71,28,de,fb,7a,12,bb,4e,0c,b3,db,60,6d,55,f4,32,f4,85,3a,b6,\
9b,88,9f,95,ac,0f,e9,9f,5c,81,2f,29,a2,85,12,ba,96,89,15,74,14,27,b6,90,e4,\
e5,9f,38,11,9f,98,4c,bd,a0,c0,6a,59,3a,c6,d2,19,9e,50,97,f2,90,8b,fb,93,cf,\
ae,e7,02,c2,45,c8,92,7c,06,6c,b7,f8,8d,1e,1b,46,a7,93,aa,cd,d4,6f,70,bb,79,\
be,a0,9c,63,40,52,74,17,88,8c,0c,12,51,93,39,6d,e0,91,83,06,b4,ab,de,36,f3,\
f9,18,51,d8,da,e0,46,8a,5a,ee,a6,94,a1,eb,3f,f1,5b,ca,ad,8e,3a,3c,37,d6,0b,\
8d,d9,d7,68,41,ea,d6,da,67,3c,c8,de,0c,3d,80,81,25,df,66,b1,78,f2,fa,ac,7a,\
44,4b,2e,94,c2,69,36,46,ed,8e,aa,67,90,a8,4d,21,65,7b,2c,7b,fe,8c,b9,6c,25,\
93,ab,51,de,c4,8b,42,61,dd,a8,36,e9,ab,0d,17,d4,49,e8,f2,8a,c1,77,01,69,33,\
08,df,9b,4c,a4,a0,07,cd,32,f1,5f,8d,9e,5e,e9,47,ed,8f,a6,c1,78,30,fa,6f,3c,\
42,37,fc,9f,37,38,49,e5,88,11,50,e9,9f,42,87,21,21,d7,9f,89,5a,f0,19,08,0a,\
17,3d,8e,b4,5d,0e,4e,ef,1f,3d,bc,7f,5e,1a,8e,ea,32,05,14,43,ae,59,aa,a6,3e,\
b5,77,53,36,91,7b,73,b5,7c,1d,10,98,c1,b5,07,50,24,89,1a,b1,72,44,45,76,96,\
83,26,5a,4a,d9,7c,4e,1d,7c,12,28,a2,e0,3b,35,b4,15,a8,b7,fb,59,a4,11,a1,7e,\
e6,0a,f5,56,2c,89,ac,ac,26,58,4f,84,68,0d,be,bf,b2,fe,1d,fb,f1,3d,d0,0c,d4,\
03,59,d5,b8,fb,1d,fa,f7,92,80,84,eb,60,c2,e6,2c,ce,47,17,82,97,98,39,39,6a,\
92,40,a9,88,68,29,7a,af,2a,0c,f4,ec,ae,0c,03,4d,3c,db,a4,07,0d,b9,74,bf,9c,\
d1,1f,53,ea,ba,a5,0e,7b,d0,9b,99,dc,c7,f8,00,5b,31,ae,57,86,4e,9c,21,2a,2e,\
67,31,4d,ce,78,89,20,e2,a3,1d,1a,62,76,dd,b7,b5,ea,5c,59,c0,fe,27,64,37,83,\
88,95,71,4c,45,cf,55,6f,65,85,c5,61,aa,36,ea,b7,95,e3,f1,89,c4,49,25,11,cd,\
8b,6c,02,dc,e5,5f,64,af,1f,0e,19,7b,8a,3c,ce,a9,7c,23,3c,a2,af,ff,33,11,a5,\
b9,09,01,45,19,9d,9c,38,b6,39,2b,d7,99,82,f3,01,a6,ff,cc,32,4a,5a,ee,5f,a1,\
e1,ff,2e,dc,1a,0f,98,c0,3d,37,88,b0,a8,06,ce,fd,5c,ee,36,bd,55,40,e8,1a,94,\
3a,f7,2d,11,3b,ed,02,bd,5b,66,99,56,c6,59,96,e2,b1,ed,ff,09,e1,b7,6a,71,ca,\
3d,a6,fb,92,cc,09,8b,0f,90,e1,da,77,07,9a,e6,6a,6b,5b,ab,de,77,78,4b,61,cf,\
b0,a9,85,95,e7,99,8c,0b,78,1a,22,85,d8,61,e5,71,95,13,87,96,59,b7,4b,a5,28,\
97,a3,a6,b9,03,be,3d,59,38,ab,d5,3a,b2,db,db,e3,70,f4,51,a6,f7,cc,9d,30,13,\
22,ee,17,44,50,cc,70,64,61,2a,ac,0e,e1,b9,75,ea,19,dd,46,c1,74,50,0a,8b,07,\
46,a8,82,bf,1a,da,fb,af,e6,43,89,61,96,9d,05,41,8c,7f,aa,fd,5b,4d,26,f6,4e,\
51,38,36,0f,34,5d,fe,f0,19,06,c8,d9,23,e7,a4,77,3b,3a,ab,e4,ce,8b,61,e6,62,\
38,01,39,b8,5e,6a,16,f3,9c,4b,1c,81,6f,6f,54,64,1a,a8,b4,1d,b1,53,c6,32,78,\
61,06,e6,97,92,28,d0,f1,02,d2,52,a0,3c,30,4e,3f,6e,a9,9e,d9,e0,63,6d,13,3b,\
a7,d3,4f,90,20,a8,7d,b4,25,83,e1,83,76,99,5f,5f,46,f9,cc,de,8f,63,73,46,89,\
1a,f7,8b,61,f5,71,d7,68,18,65,be,66,48,9b,fd,57,0e,0e,94,cb,f6,9f,49,db,af,\
e4,e1,2e,94,93,6c,5e,cd,f8,e6,93,67,12,33,18,fa,6a,2a,1f,24,db,12,a5,02,9b,\
30,6c,d0,a1,2c,f8,7f,8d,88,76,55,45,7f,1d,c8,77,2c,f5,0f,ba,65,24,d4,66,96,\
74,32,e0,aa,0d,b7,38,a8,36,10,ac,64,21,42,9a,e4,4a,09,9c,fb,ef,40,e6,9d,0f,\
a9,ce,31,25,6c,20,73,5d,7b,2d,44,ca,5d,69,c2,c5,12,26,f5,1b,57,8e,a0,31,96,\
9e,d8,28,4a,d7,d0,c8,f3,ee,92,7d,84,20,8d,eb,a5,a3,5d,b6,81,ab,6a,1a,29,d7,\
bc,bc,f9,f8,63,94,35,41,d7,65,90,fc,e3,b1,41,48,80,3c,75,02,a2,d8,d6,a5,90,\
5d,34,41,b5,45,81,ad,23,5e,23,93,5f,72,25,fa,04,35,35,5b,0a,eb,7b,02,4e,af,\
c6,52,c6,75,7f,9d,d1,cc,4e,f5,66,f3,24,96,1f,65,b9,86,84,d8,5e,06,99,37,dd,\
40,71,bf,4f,4d,00,69,94,82,95,18,8f,60,ad,f9,2c,52,11,52,ba,6a,9f,7e,72,95,\
75,aa,bb,bf,42,9c,4e,28,f8,a0,29,47,a2,ad,cc,fd,87,d6,4b,32,33,97,93,e6,1f,\
1a,3d,f3,1f,91,f9,b4,aa,e2,7c,82,95,69,8c,c5,fa,e4,87,2a,bc,ff,aa,a5,c0,f4,\
e0,92,93,f4,9a,fe,0e,4a,23,bd,1c,73,b4,ed,1a,b2,77,b2,cb,bc,21,1f,01,45,1d,\
5b,ce,1c,71,47,e8,78,dc,50,fe,00,fe,b2,fd,e6,63,cc,a8,19,5f,6f,3b,7a,5c,86,\
04,f4,db,ac,98,03,a6,5e,bc,76,75,56,6e,c1,a6,e2
"??"=hex:8d,7a,05,59,b3,18,3b,cb,64,2f,bb,3f,6b,2c,ce,2a
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-03 1:11:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-03 06:11:30
Pre-Run: 145,301,921,792 bytes free
Post-Run: 145,252,986,880 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
216 --- E O F --- 2008-12-19 08:00:20
------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:27 AM, on 1/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\something.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cleveland.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176573161109
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
--
End of file - 4127 bytes
One last thing. I have been keeping the infected computer's wireless access disabled, except for when it asked to finish the Windows Recovery Console thing. It is currenty off of the network and not connected to the internet. Also, the resident shield is still turned off in AVG 8. LMK what to do next.