Hello Thunderbird1988, thank you for replying to my post, I greatly appreciate your help. My apologies for my late reply as I am out of my office Tuesdays and Thursdays. Here is the generated ComboFix log followed by a new HJT log:
ComboFix 08-02.05.3 - brogan 2008-02-06 10:36:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.525 [GMT -5:00]
Running from: \\hqmail01\redirected$\brogan\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\KBDCLASSS.sys
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Downloader\qmgr0.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Downloader\qmgr1.dat
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\KBDCLASSS.sys
C:\WINDOWS\system32\FTPx.dll
C:\WINDOWS\SYSTEM32\htbdwuca.ini
C:\WINDOWS\system32\megsphwa.dll
C:\WINDOWS\system32\pac.txt
----- BITS: Possible infected sites -----
hxxp://www.download.windowsupdate.com
hxxp://ww
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_KBDCLASSS
-------\KBDCLASSS
((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))
.
2008-02-06 10:39 . 2008-02-06 10:39 241,609 --a------ C:\catchme.zip
2008-02-01 16:51 . 2008-02-01 16:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-02-01 16:07 . 2008-02-01 16:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-01 15:48 . 2008-02-01 18:35 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-01 15:48 . 2008-02-01 15:48 <DIR> d-------- C:\Documents and Settings\brogan\Application Data\SUPERAntiSpyware.com
2008-02-01 15:48 . 2008-02-01 15:48 <DIR> d-------- C:\DOCUME~1\brogan\APPLIC~1\SUPERAntiSpyware.com
2008-02-01 15:48 . 2008-02-01 15:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2008-02-01 15:42 . 2008-02-01 15:42 <DIR> d-------- C:\Documents and Settings\brogan\Application Data\Grisoft
2008-02-01 15:42 . 2008-02-01 15:42 <DIR> d-------- C:\DOCUME~1\brogan\APPLIC~1\Grisoft
2008-02-01 15:42 . 2008-02-01 15:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-02-01 15:42 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-02-01 13:00 . 2008-02-01 13:00 <DIR> d-------- C:\Program Files\MSBuild
2008-02-01 12:57 . 2008-02-01 13:04 <DIR> d-------- C:\WINDOWS\SYSTEM32\XPSViewer
2008-02-01 12:57 . 2008-02-01 12:57 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-02-01 12:56 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\SYSTEM32\spmsg2.dll
2008-02-01 12:49 . 2008-02-01 12:49 22 --a------ C:\WINDOWS\SYSTEM32\ati64hl2.stb
2008-02-01 11:13 . 2008-02-01 11:13 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-02-01 11:12 . 2008-02-01 11:12 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-02-01 11:12 . 2006-10-04 09:06 1,197,294 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\sysmain.sdb
2008-02-01 11:12 . 2006-10-04 09:06 764,868 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\apph_sp.sdb
2008-02-01 11:12 . 2006-10-04 09:06 217,118 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\apphelp.sdb
2008-02-01 11:11 . 2008-02-01 11:11 <DIR> d-------- C:\e9e798f0b8b06b1227e9
2008-02-01 11:11 . 2008-02-01 11:12 <DIR> d-------- C:\ba520f75d8ff6a590c2a89
2008-02-01 11:10 . 2008-02-01 11:10 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2008-02-01 11:10 . 2008-02-01 11:11 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2008-02-01 11:08 . 2003-02-11 09:58 126,976 --a------ C:\WINDOWS\SYSTEM32\e1000msg.dll
2008-02-01 11:08 . 2003-07-11 10:58 121,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\e1000325.sys
2008-02-01 11:08 . 2003-07-11 12:15 118,784 --a------ C:\WINDOWS\SYSTEM32\Prounstl.exe
2008-02-01 11:08 . 2002-09-03 02:34 2,725 --a------ C:\WINDOWS\SYSTEM32\e1000325.din
2008-02-01 10:59 . 2006-11-13 01:02 288,768 --------- C:\WINDOWS\SYSTEM32\rhttpaa.dll
2008-02-01 10:59 . 2006-11-13 01:02 116,736 --------- C:\WINDOWS\SYSTEM32\aaclient.dll
2008-02-01 10:59 . 2006-11-13 01:02 36,352 --------- C:\WINDOWS\SYSTEM32\tsgqec.dll
2008-02-01 10:34 . 2008-02-01 10:34 <DIR> d-------- C:\Program Files\Windows Defender
2008-01-30 18:15 . 2008-01-30 18:15 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-30 18:09 . 2007-07-09 08:09 584,192 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
2008-01-30 17:58 . 2008-02-06 11:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-30 17:58 . 2008-01-30 17:58 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-30 17:43 . 2004-08-04 02:56 221,184 --a------ C:\WINDOWS\SYSTEM32\wmpns.dll
2008-01-30 17:42 . 2008-01-30 17:42 <DIR> d-------- C:\WINDOWS\provisioning
2008-01-30 17:42 . 2008-01-30 17:42 <DIR> d-------- C:\WINDOWS\peernet
2008-01-30 17:40 . 2008-01-30 17:40 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-01-30 17:34 . 2008-01-30 17:34 <DIR> d-------- C:\WINDOWS\EHome
2008-01-30 17:27 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\SYSTEM32\DRIVERS\netwlan5.img
2008-01-30 17:27 . 2004-08-04 00:56 11,776 --------- C:\WINDOWS\SYSTEM32\spnpinst.exe
2008-01-30 17:27 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\SYSTEM32\secupd.sig
2008-01-30 17:27 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\SYSTEM32\secupd.dat
2008-01-30 16:54 . 2005-10-20 17:20 1,082,368 --a------ C:\WINDOWS\SYSTEM32\esent.dll
2008-01-30 14:00 . 2008-02-04 13:34 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-30 11:26 . 2008-02-01 13:01 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-30 11:26 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2008-01-30 11:25 . 2008-01-30 11:25 <DIR> d-------- C:\WINDOWS\SYSTEM32\bits
2008-01-30 11:24 . 2004-08-04 02:56 351,232 --a------ C:\WINDOWS\SYSTEM32\winhttp.dll
2008-01-30 11:24 . 2004-08-04 02:56 18,944 --a------ C:\WINDOWS\SYSTEM32\qmgrprxy.dll
2008-01-30 11:24 . 2004-08-04 02:56 8,192 --------- C:\WINDOWS\SYSTEM32\bitsprx2.dll
2008-01-30 11:24 . 2004-08-04 02:56 7,168 --------- C:\WINDOWS\SYSTEM32\bitsprx3.dll
2008-01-30 11:21 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2008-01-30 11:21 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2008-01-30 11:21 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl
2008-01-30 11:21 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
2008-01-30 11:21 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll.mui
2008-01-30 11:21 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2008-01-30 11:21 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl.mui
2008-01-30 11:21 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll.mui
2008-01-30 11:21 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll.mui
2008-01-30 10:31 . 2008-01-30 10:31 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-01-30 10:31 . 2008-01-30 10:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2008-01-28 12:22 . 2008-01-28 12:22 <DIR> d-------- C:\Documents and Settings\brogan\Application Data\Uniblue
2008-01-28 12:22 . 2008-01-28 12:22 <DIR> d-------- C:\DOCUME~1\brogan\APPLIC~1\Uniblue
2008-01-25 16:18 . 2008-01-25 16:18 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-25 16:18 . 2008-02-01 15:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-25 16:18 . 2008-01-25 16:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2008-01-25 15:57 . 2008-01-25 16:17 21,364,592 --a------ C:\aaw2007.exe
2008-01-25 15:52 . 2008-01-25 15:52 <DIR> d---s---- C:\WINDOWS\SYSTEM32\Microsoft
2008-01-25 15:33 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\Process.exe
2008-01-25 15:32 . 2008-01-25 15:32 <DIR> d-a------ C:\Program Files\sysinternals
2008-01-25 14:58 . 2008-01-25 16:36 <DIR> d-------- C:\WINDOWS\SYSTEM32\wnis6
2008-01-25 14:58 . 2008-01-25 14:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\nip4
2008-01-25 14:58 . 2008-02-01 16:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\nGpxx01
2008-01-25 14:58 . 2008-01-25 14:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\ets1
2008-01-25 14:58 . 2008-01-25 15:19 <DIR> d-------- C:\WINDOWS\SYSTEM32\comg9
2008-01-25 14:58 . 2008-01-25 14:58 <DIR> d-------- C:\Temp\gTiis19
2008-01-25 14:58 . 2008-01-25 14:58 <DIR> d-------- C:\Temp\cXzz9
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 18:45 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-02-04 18:41 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-01 21:48 --------- d-----w C:\Program Files\Picasa
2008-01-30 20:14 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-01-30 15:25 --------- d-----w C:\Program Files\Trend Micro
2008-01-28 17:39 --------- d-----w C:\Program Files\Common Files\Real
2008-01-28 17:38 --------- d-----w C:\Program Files\Viewpoint
2008-01-28 17:38 --------- d-----w C:\Documents and Settings\brogan\Application Data\Viewpoint
2008-01-28 17:38 --------- d-----w C:\DOCUME~1\brogan\APPLIC~1\Viewpoint
2008-01-28 17:38 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2008-01-25 21:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-25 21:58 --------- d-----w C:\Program Files\MUSICMATCH
2008-01-07 15:59 --------- d-----w C:\Program Files\Winamp
2007-12-13 20:34 --------- d-----w C:\Program Files\Apple Software Update
2007-12-13 20:34 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-01-03 20:34 53,808 ----a-w C:\Documents and Settings\brogan\Application Data\GDIPFONTCACHEV1.DAT
2007-01-03 20:34 53,808 ----a-w C:\DOCUME~1\brogan\APPLIC~1\GDIPFONTCACHEV1.DAT
2006-07-18 19:41 53,808 ----a-w C:\Documents and Settings\scipio\Application Data\GDIPFONTCACHEV1.DAT
2005-08-11 14:35 1,302,528 ----a-w C:\Program Files\REX2004.exe
2005-03-22 22:56 53,416 ----a-w C:\Documents and Settings\meyer\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24 86016]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-25 00:00 126976]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52 339968]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 19:47 204800]
"LifeScape Media Detector"="C:\Program Files\Picasa\PicasaMediaDetector.exe" [2004-11-03 14:14 151552]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 02:56 143360]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01 110592]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01 110592]
"Track-It! Workstation Manager Service Monitor"="C:\WINDOWS\TIREMOTE\TIServiceMonitor.exe" [2007-04-12 18:41 421888]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-12-11 18:31 710000]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 17:44 271672]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 10:16 37376]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe [2004-09-20 09:59:21 43520]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE [2006-07-11 16:08:54 135680]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\
0\
0]
"Script"=WorkstationScript.vbs
R2 TIRmtCtl;Track-It! Remote Control;C:\WINDOWS\TIREMOTE\wuser32.exe [2006-03-29 13:48]
R2 TIRmtSvc;Track-It! Workstation Manager;C:\WINDOWS\TIREMOTE\TIRemoteService.exe [2007-04-12 18:41]
S3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys [2001-08-17 13:53]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-06 11:27:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\TEMP\WT64BD.EXE
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-02-06 11:34:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-06 16:33:59
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39, on 2008-02-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TIREMOTE\wuser32.exe
C:\WINDOWS\TIREMOTE\TIRemoteService.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\TEMP\WT64BD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Picasa\PicasaMediaDetector.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Track-It! Workstation Manager Service Monitor] C:\WINDOWS\TIREMOTE\TIServiceMonitor.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1201710059871O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ripleys.com
O17 - HKLM\Software\..\Telephony: DomainName = ripleys.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ripleys.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ripleys.com
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = ripleys.com
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = ripleys.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Track-It! Remote Control (TIRmtCtl) - Intuit Track-It! - C:\WINDOWS\TIREMOTE\wuser32.exe
O23 - Service: Track-It! Workstation Manager (TIRmtSvc) - Numara Software, Inc. - C:\WINDOWS\TIREMOTE\TIRemoteService.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
--
End of file - 8359 bytes
Thank you again for all your help, and I look forward to hearing from you.