Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow speeds and pop ups [RESOLVED]


  • This topic is locked This topic is locked

#1
geauxfart

geauxfart

    New Member

  • Member
  • Pip
  • 4 posts
Here are my logs generated from the steps took befor posting. I followed each step and it seems to have got rid of the problem but I want to make sure it is gone.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:08 AM, on 3/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\twc\medicsp2\bin\sprtcmd.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.foxnews.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: e404 helper - {0D574C9F-71F9-4F3C-BA6D-CF9C0E1E3EE8} - C:\Program Files\Helper\1205768370.dll (file missing)
O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R320 Series on DDXXP911] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" /P47 "Auto EPSON Stylus Photo R320 Series on DDXXP911" /O19 "\\DDXXP911\Printer2" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [\\DDXXP911\EPSON Stylus Photo R320 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" /P41 "\\DDXXP911\EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O5 "LPT1:" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PPSYS] C:\WINDOWS\system32\ppsys.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdwareRemover2007] C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZK
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.c...s/ebraryRdr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr...ads/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_5.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/...tall/AxCtp2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 16084 bytes


123 Free Solitaire
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
AOLIcon
Apple Mobile Device Support
Apple Software Update
Avery Wizard 3.1
AVG 7.5
AVG Anti-Spyware 7.5
AVI Movie Player
Azureus Vuze
Bejeweled 2 Deluxe
CCleaner (remove only)
Conexant HDA D110 MDC V.92 Modem
Crystal Player Professional 1.97
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
DellSupport
Digital Content Portal
DivX
Documentation & Support Launcher
Dora's Carnival 2: Boardwalk Adventure
Dorland's Electronic Medical Speller
Easy MPEG/AVI/DIVX/WMV/RM to DVD 1.7.5
EducateU
ELIcon
Epocrates Essentials
EPSON Printer Software
EPSON Web-To-Page
ffvfw MPEG-4 Video Codec (uninstall only)
getPlus®_ocx
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Driver Diagnostics
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
Internet Service
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 5
K-Lite Codec Pack 3.2.5 Full
LimeWire PRO 4.14.0
Macromedia Flash Player 8
mCore
MCU
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIRC
mIWA
Mixer
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
mSCfg
MSN
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mWMI
My Sirius Studio
mZConfig
OfficePrinter 2.0
palmOne
Panda ActiveScan
Picasa 2
QuickTime
Rhapsody Player Engine
Road Runner Install
Road Runner Medic 6.1
Roxio Content 9
Roxio Drag-to-Disc
Roxio Easy Media Creator 9 Suite
Sarmsoft Resume Builder
Scrapbook Factory Deluxe
Secure Browsing
Security Update for Excel 2007 (KB946974)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Publisher 2007 (KB936646)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
ServiceProvider
Shutterfly Studio
SigmaTel Audio
Sirius Device Recovery
smARTupdate
Sonic Activation Module
Sonic Update Manager
Sound Blaster Audigy ADVANCED MB Demo
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
TLBB-BIRMINGHAM-AL (Palm) v 9.1.1 by Skyscape
Update for Office 2007 (KB932080)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 Junk Email Filter (kb947945)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Word 2007 (KB934173)
URL Assistant
USB Storage Driver
USB Wireless Keyboard Driver
Viewpoint Media Player
Vodei Multimedia Processor 2.10
WD Diagnostics
WildTangent Web Driver
Windows & Internet Cleaner Pro 3.60
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885453
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinRAR archiver
WordPerfect Office 12
Yahoo! Music Jukebox


SUPERAntiSpyware Scan Log
Generated 03/17/2008 at 09:26 PM

Application Version : 3.6.1000

Core Rules Database Version : 3420
Trace Rules Database Version: 1412

Scan type : Complete Scan
Total Scan Time : 05:07:48

Memory items scanned : 571
Memory threats detected : 6
Registry items scanned : 8914
Registry threats detected : 158
File items scanned : 83189
File threats detected : 21

Trojan.Smitfraud Variant
C:\WINDOWS\SYSTEM32\JDXAH.DLL
C:\WINDOWS\SYSTEM32\JDXAH.DLL
HKLM\Software\Classes\CLSID\{1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0}
HKCR\CLSID\{1B40D2AD-D237-4544-B1E1-0BF75BF8FCC0}
HKCR\CLSID\{1B40D2AD-D237-4544-B1E1-0BF75BF8FCC0}\InProcServer32
HKCR\CLSID\{1B40D2AD-D237-4544-B1E1-0BF75BF8FCC0}\InProcServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0}

Trojan.Media-Codec/V5
C:\PROGRAM FILES\NETPROJECT\SCIT.EXE
C:\PROGRAM FILES\NETPROJECT\SCIT.EXE
C:\PROGRAM FILES\NETPROJECT\SBMNTR.EXE
C:\PROGRAM FILES\NETPROJECT\SBMNTR.EXE
C:\PROGRAM FILES\NETPROJECT\SCM.EXE
C:\PROGRAM FILES\NETPROJECT\SCM.EXE
C:\PROGRAM FILES\NETPROJECT\SBSM.EXE
C:\PROGRAM FILES\NETPROJECT\SBSM.EXE
C:\PROGRAM FILES\NETPROJECT\SBMDL.DLL
C:\PROGRAM FILES\NETPROJECT\SBMDL.DLL

Adware.MyWebSearch
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-1502556178-1844216089-975390458-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-1502556178-1844216089-975390458-1006\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKU\S-1-5-21-1502556178-1844216089-975390458-1007\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}

Trojan.Smitfraud Variant/IE Anti-Spyware
HKLM\Software\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E}

Adware.Tracking Cookie
C:\Documents and Settings\Ben\Cookies\[email protected][2].txt
C:\Documents and Settings\Ben\Cookies\[email protected][1].txt
C:\Documents and Settings\Ben\Cookies\[email protected][2].txt
C:\Documents and Settings\Ben\Cookies\[email protected][1].txt
C:\Documents and Settings\Ben\Cookies\[email protected][1].txt
C:\Documents and Settings\Ben\Cookies\[email protected][2].txt
C:\Documents and Settings\Ben\Cookies\[email protected][2].txt

Trojan.Security Toolbar
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

Trojan.DNSChanger-Codec
HKCR\VAC.Video
HKCR\VAC.Video\CLSID
HKCR\CLSID\E404.e404mgr
HKCR\CLSID\E404.e404mgr#UserId

Trojan.Media-Codec/V4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#some [ C:\Program Files\NetProject\scit.exe ]
HKCR\multimediaControls.chl
HKCR\multimediaControls.chl\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#ProductionEnvironment
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#DisplayVersion

Rogue.VirusHeat
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\akhludOzkDmTy
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\AuxUserType
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\AuxUserType\2
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\AuxUserType\3
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Conversion
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Conversion\Readable
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Conversion\Readable\Main
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Conversion\Readwritable
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Conversion\Readwritable\Main
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\DataFormats
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\DataFormats\DefaultFile
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\DataFormats\GetSet
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\DataFormats\GetSet\0
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\DataFormats\GetSet\1
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\DataFormats\GetSet\2
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\DataFormats\GetSet\3
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\DataFormats\GetSet\4
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\DataFormats\GetSet\5
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\DataFormats\GetSet\6
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\DataFormats\GetSet\7
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\DataFormats\PriorityCacheFormats
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\DataFormats\PriorityCacheFormats\0
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\DefaultExtension
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\DefaultIcon
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\DocObject
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\gbymjjca
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InprocHandler32
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Insertable
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\kmJjlfzdqfiba
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\lbrelgdMZmw
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\lefWz
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\LocalServer32
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\LocalServer32#LocalServer32
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\MiscStatus
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\nobOaqi
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\otwNmQmnb
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\PersistentHandler
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Printable
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\ProgID
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\verb
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\verb\0
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\verb\1
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\VersionIndependentProgID
HKCR\TypeLib\{CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF}
HKCR\TypeLib\{CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF}\1.0
HKCR\TypeLib\{CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF}\1.0\0
HKCR\TypeLib\{CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF}\1.0\0\win32
HKCR\TypeLib\{CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF}\1.0\FLAGS
HKCR\TypeLib\{CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF}\1.0\HELPDIR
HKCR\Interface\{0EC085A8-9818-43B7-B975-EC7555EDA4D2}
HKCR\Interface\{0EC085A8-9818-43B7-B975-EC7555EDA4D2}\ProxyStubClsid
HKCR\Interface\{0EC085A8-9818-43B7-B975-EC7555EDA4D2}\ProxyStubClsid32
HKCR\Interface\{0EC085A8-9818-43B7-B975-EC7555EDA4D2}\TypeLib
HKCR\Interface\{0EC085A8-9818-43B7-B975-EC7555EDA4D2}\TypeLib#Version
HKCR\Interface\{1A74C41C-0837-4FBE-BA50-621EB70F01CE}
HKCR\Interface\{1A74C41C-0837-4FBE-BA50-621EB70F01CE}\ProxyStubClsid
HKCR\Interface\{1A74C41C-0837-4FBE-BA50-621EB70F01CE}\ProxyStubClsid32
HKCR\Interface\{1A74C41C-0837-4FBE-BA50-621EB70F01CE}\TypeLib
HKCR\Interface\{1A74C41C-0837-4FBE-BA50-621EB70F01CE}\TypeLib#Version
HKCR\Interface\{25297614-1B76-4C2C-82C6-62738AA0E8F0}
HKCR\Interface\{25297614-1B76-4C2C-82C6-62738AA0E8F0}\ProxyStubClsid
HKCR\Interface\{25297614-1B76-4C2C-82C6-62738AA0E8F0}\ProxyStubClsid32
HKCR\Interface\{25297614-1B76-4C2C-82C6-62738AA0E8F0}\TypeLib
HKCR\Interface\{25297614-1B76-4C2C-82C6-62738AA0E8F0}\TypeLib#Version
HKCR\Interface\{37F89457-1208-4670-9245-58C62BD6D870}
HKCR\Interface\{37F89457-1208-4670-9245-58C62BD6D870}\ProxyStubClsid
HKCR\Interface\{37F89457-1208-4670-9245-58C62BD6D870}\ProxyStubClsid32
HKCR\Interface\{37F89457-1208-4670-9245-58C62BD6D870}\TypeLib
HKCR\Interface\{37F89457-1208-4670-9245-58C62BD6D870}\TypeLib#Version
HKCR\Interface\{45477032-ABD0-454D-9CE4-EA34C10322F8}
HKCR\Interface\{45477032-ABD0-454D-9CE4-EA34C10322F8}\ProxyStubClsid
HKCR\Interface\{45477032-ABD0-454D-9CE4-EA34C10322F8}\ProxyStubClsid32
HKCR\Interface\{45477032-ABD0-454D-9CE4-EA34C10322F8}\TypeLib
HKCR\Interface\{45477032-ABD0-454D-9CE4-EA34C10322F8}\TypeLib#Version
HKCR\Interface\{69E34747-0B27-4B30-AE20-1023BF29E246}
HKCR\Interface\{69E34747-0B27-4B30-AE20-1023BF29E246}\ProxyStubClsid
HKCR\Interface\{69E34747-0B27-4B30-AE20-1023BF29E246}\ProxyStubClsid32
HKCR\Interface\{69E34747-0B27-4B30-AE20-1023BF29E246}\TypeLib
HKCR\Interface\{69E34747-0B27-4B30-AE20-1023BF29E246}\TypeLib#Version
HKCR\Interface\{79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7}
HKCR\Interface\{79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7}\ProxyStubClsid
HKCR\Interface\{79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7}\ProxyStubClsid32
HKCR\Interface\{79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7}\TypeLib
HKCR\Interface\{79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7}\TypeLib#Version
HKCR\Interface\{7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D}
HKCR\Interface\{7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D}\ProxyStubClsid
HKCR\Interface\{7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D}\ProxyStubClsid32
HKCR\Interface\{7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D}\TypeLib
HKCR\Interface\{7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D}\TypeLib#Version
HKCR\Interface\{7EBB34CF-1728-4136-A968-48F231DAD1B4}
HKCR\Interface\{7EBB34CF-1728-4136-A968-48F231DAD1B4}\ProxyStubClsid
HKCR\Interface\{7EBB34CF-1728-4136-A968-48F231DAD1B4}\ProxyStubClsid32
HKCR\Interface\{7EBB34CF-1728-4136-A968-48F231DAD1B4}\TypeLib
HKCR\Interface\{7EBB34CF-1728-4136-A968-48F231DAD1B4}\TypeLib#Version
HKCR\Interface\{88DAA291-B413-4C46-B378-3BE66F65369E}
HKCR\Interface\{88DAA291-B413-4C46-B378-3BE66F65369E}\ProxyStubClsid
HKCR\Interface\{88DAA291-B413-4C46-B378-3BE66F65369E}\ProxyStubClsid32
HKCR\Interface\{88DAA291-B413-4C46-B378-3BE66F65369E}\TypeLib
HKCR\Interface\{88DAA291-B413-4C46-B378-3BE66F65369E}\TypeLib#Version
HKCR\Interface\{936A2F4A-53F8-4D2F-92AA-2F9DE889841C}
HKCR\Interface\{936A2F4A-53F8-4D2F-92AA-2F9DE889841C}\ProxyStubClsid
HKCR\Interface\{936A2F4A-53F8-4D2F-92AA-2F9DE889841C}\ProxyStubClsid32
HKCR\Interface\{936A2F4A-53F8-4D2F-92AA-2F9DE889841C}\TypeLib
HKCR\Interface\{936A2F4A-53F8-4D2F-92AA-2F9DE889841C}\TypeLib#Version
HKCR\Interface\{AFCC3FA7-82A9-42D5-A405-78711E97A5D6}
HKCR\Interface\{AFCC3FA7-82A9-42D5-A405-78711E97A5D6}\ProxyStubClsid
HKCR\Interface\{AFCC3FA7-82A9-42D5-A405-78711E97A5D6}\ProxyStubClsid32
HKCR\Interface\{AFCC3FA7-82A9-42D5-A405-78711E97A5D6}\TypeLib
HKCR\Interface\{AFCC3FA7-82A9-42D5-A405-78711E97A5D6}\TypeLib#Version
HKCR\Interface\{CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF}
HKCR\Interface\{CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF}\ProxyStubClsid
HKCR\Interface\{CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF}\ProxyStubClsid32
HKCR\Interface\{CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF}\TypeLib
HKCR\Interface\{CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF}\TypeLib#Version
HKCR\Interface\{E80114AA-6653-4952-9E97-5F1DC63BEE0F}
HKCR\Interface\{E80114AA-6653-4952-9E97-5F1DC63BEE0F}\ProxyStubClsid
HKCR\Interface\{E80114AA-6653-4952-9E97-5F1DC63BEE0F}\ProxyStubClsid32
HKCR\Interface\{E80114AA-6653-4952-9E97-5F1DC63BEE0F}\TypeLib
HKCR\Interface\{E80114AA-6653-4952-9E97-5F1DC63BEE0F}\TypeLib#Version
HKCR\Interface\{F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9}
HKCR\Interface\{F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9}\ProxyStubClsid
HKCR\Interface\{F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9}\ProxyStubClsid32
HKCR\Interface\{F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9}\TypeLib
HKCR\Interface\{F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9}\TypeLib#Version
HKCR\Interface\{FCA3958A-8D38-4D14-8B81-CCD7F68A8A01}
HKCR\Interface\{FCA3958A-8D38-4D14-8B81-CCD7F68A8A01}\ProxyStubClsid
HKCR\Interface\{FCA3958A-8D38-4D14-8B81-CCD7F68A8A01}\ProxyStubClsid32
HKCR\Interface\{FCA3958A-8D38-4D14-8B81-CCD7F68A8A01}\TypeLib
HKCR\Interface\{FCA3958A-8D38-4D14-8B81-CCD7F68A8A01}\TypeLib#Version
C:\Program Files\VirusHeat 4.3\ignored.lst
C:\Program Files\VirusHeat 4.3\vht.dat
C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.exe
C:\Program Files\VirusHeat 4.3\vpp.ini
C:\Program Files\VirusHeat 4.3

Adware.UpMedia/SearchTool
HKU\S-1-5-21-1502556178-1844216089-975390458-1007\Software\UpMedia
HKU\S-1-5-21-1502556178-1844216089-975390458-1007\Software\UptownInstaller

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\BEN\FAVORITES\ONLINE SECURITY TEST.URL


thank you in advance
  • 0

Advertisements


#2
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

Your system is still infected...

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#3
geauxfart

geauxfart

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
thanks so far. And do I need to get rid of these programs after we are done. I also have put my computer on normal start up so there is all kinds of worthless start up programs running. Thanks again. Here are my logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:55:32 PM, on 3/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\twc\medicsp2\bin\sprtcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\CNYHKey.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.foxnews.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R320 Series on DDXXP911] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" /P47 "Auto EPSON Stylus Photo R320 Series on DDXXP911" /O19 "\\DDXXP911\Printer2" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [\\DDXXP911\EPSON Stylus Photo R320 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" /P41 "\\DDXXP911\EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O5 "LPT1:" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PPSYS] C:\WINDOWS\system32\ppsys.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdwareRemover2007] C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZK
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.c...s/ebraryRdr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr...ads/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_5.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/...tall/AxCtp2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 15165 bytes




ComboFix 08-03-17.1 - Ben 2008-03-18 12:48:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.291 [GMT -5:00]
Running from: C:\Documents and Settings\Ben\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
TimeOut - progfile.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Tomeika Saxon\Application Data\FunWebProducts
C:\Documents and Settings\Tomeika Saxon\Favorites\Error Cleaner.url
C:\Documents and Settings\Tomeika Saxon\Favorites\Privacy Protector.url
C:\Documents and Settings\Tomeika Saxon\Favorites\Spyware&Malware Protection.url
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\Helper
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\07B29905
C:\Program Files\MyWebSearch\bar\Cache\07B29F5E
C:\Program Files\MyWebSearch\bar\Cache\07B2A1A0.bin
C:\Program Files\MyWebSearch\bar\Cache\07B2A5E6.bin
C:\Program Files\MyWebSearch\bar\Cache\07B2AA3C.bin
C:\Program Files\MyWebSearch\bar\Cache\07B2AC01.bin
C:\Program Files\MyWebSearch\bar\Cache\07B2AD39.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\WINDOWS\search_res.txt

.
((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))
.

2008-03-18 12:33 . 2008-03-18 12:33 <DIR> d-------- C:\ComboFix[1]
2008-03-18 00:20 . 2008-03-18 00:20 1,904 --a------ C:\7D36.tmp
2008-03-17 22:49 . 2008-03-18 08:00 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\AVG7
2008-03-17 22:48 . 2008-03-17 22:48 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-17 21:39 . 2008-03-17 21:49 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-17 21:39 . 2008-03-17 21:39 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-17 21:39 . 2008-03-17 21:39 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-17 21:39 . 2008-03-17 21:39 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-17 21:39 . 2008-03-17 21:39 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-17 16:12 . 2008-03-17 16:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-17 16:11 . 2008-03-17 21:52 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-17 16:11 . 2008-03-17 16:11 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\SUPERAntiSpyware.com
2008-03-17 14:55 . 2008-03-17 14:55 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\Grisoft
2008-03-17 14:54 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-17 14:51 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-17 14:00 . 2008-03-17 14:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-17 13:57 . 2008-03-17 13:57 <DIR> d-------- C:\Program Files\CCleaner
2008-03-17 10:58 . 2008-03-17 16:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-17 10:39 . 2008-03-17 21:31 <DIR> d-------- C:\Program Files\NetProject
2008-03-12 23:05 . 2008-03-12 23:05 <DIR> d-------- C:\Program Files\Sarm Software
2008-03-12 22:00 . 2008-03-12 22:19 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\EasyJob Resume Builder
2008-03-12 21:40 . 2008-03-12 22:19 <DIR> d-------- C:\Program Files\EasyJob Resume Builder
2008-02-21 09:07 . 2008-02-21 09:07 <DIR> d-------- C:\HM1
2008-02-21 08:58 . 2008-02-21 09:55 <DIR> d-------- C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD
2008-02-21 08:58 . 2008-02-21 08:58 67 --a------ C:\WINDOWS\Easy Video to DVD.INI
2008-02-21 08:53 . 2008-02-21 08:53 <DIR> d-------- C:\ConverterOutput
2008-02-20 16:40 . 2008-02-20 16:40 <DIR> d-------- C:\Program Files\Cucusoft
2008-02-20 16:40 . 2004-10-12 15:40 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-02-20 16:40 . 2004-10-12 15:46 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-02-20 16:40 . 2004-10-05 17:16 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-02-20 16:40 . 2004-10-12 15:42 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-02-20 16:40 . 2003-04-03 01:17 172,032 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-02-20 16:40 . 2004-10-04 02:50 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 16:28 --------- d-----w C:\Documents and Settings\Tomeika Saxon\Application Data\AVG7
2008-03-18 15:33 --------- d-----w C:\Documents and Settings\Ben\Application Data\Azureus
2008-03-18 05:19 --------- d-----w C:\Program Files\Google
2008-03-18 03:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-03-18 02:50 --------- d-----w C:\Program Files\Picasa2
2008-03-18 02:50 --------- d-----w C:\Program Files\iTunes
2008-03-18 02:49 --------- d-----w C:\Program Files\palmOne
2008-03-17 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-17 19:51 --------- d-----w C:\Program Files\Java
2008-03-17 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-17 15:58 --------- d-----w C:\Program Files\Lavasoft
2008-03-17 15:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-17 15:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-16 16:39 --------- d-----w C:\Program Files\Incomplete
2008-03-16 16:22 --------- d-----w C:\Program Files\Epocrates
2008-03-16 15:42 --------- d-----w C:\Documents and Settings\Ben\Application Data\Apple Computer
2008-03-16 15:20 --------- d-----w C:\Documents and Settings\Ben\Application Data\LimeWire
2008-03-15 17:19 --------- d-----w C:\Documents and Settings\Tomeika Saxon\Application Data\Roxio
2008-03-13 12:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-13 04:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-07 20:48 --------- d-----w C:\Program Files\Azureus
2008-02-25 18:25 --------- d-----w C:\Program Files\mIRC
2008-02-10 20:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-07 02:00 --------- d-----w C:\Program Files\QuickTime
2008-02-05 23:26 --------- d-----w C:\Program Files\iPod
2008-01-29 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-01-28 23:54 --------- d-----w C:\Program Files\Yahoo!
2008-01-28 04:13 --------- d-----w C:\Documents and Settings\Tomeika Saxon\Application Data\uTorrent
2008-01-22 18:54 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-22 18:22 --------- d-----w C:\Program Files\Soft191
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-21 05:52 376,832 ----a-w C:\WINDOWS\system32\AegisI5Installer.exe
2007-12-21 05:52 21,361 -c--a-w C:\WINDOWS\AegisP.sys
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-06-20 06:11 382 ----a-w C:\Documents and Settings\Ben\Application Data\internaldb6334.dat
2007-06-20 06:09 18,432 ----a-w C:\Documents and Settings\Ben\Application Data\internaldb41.dat
2007-06-20 06:08 194 ----a-w C:\Documents and Settings\Ben\Application Data\internaldb8467.dat
2007-05-11 04:42 1,009 -c--a-w C:\Program Files\Epoc-AUCredentials-Palm.log
2006-11-11 02:15 49 -c--a-w C:\Documents and Settings\Tomeika Saxon\Application Data\internaldb41.dat
2006-11-11 02:15 382 -c--a-w C:\Documents and Settings\Tomeika Saxon\Application Data\internaldb1942.dat
2006-11-11 01:59 69,632 -c--a-w C:\Documents and Settings\Tomeika Saxon\Application Data\internaldb4827.dat
2006-11-11 01:59 151 -c--a-w C:\Documents and Settings\Tomeika Saxon\Application Data\internaldb9912.dat
2006-11-11 01:49 9,216 -c--a-w C:\Documents and Settings\Tomeika Saxon\Application Data\internaldb1616.dat
2006-08-17 03:32 88 -csha-r C:\WINDOWS\i386\340C39CF20.sys
2006-08-17 03:32 3,766 -csha-w C:\WINDOWS\i386\KGyGaAvL.sys
2006-10-29 03:14 56 --sh--r C:\WINDOWS\system32\20CF390C34.sys
2007-05-30 19:01 88 --sh--r C:\WINDOWS\system32\340C39CF20.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6860A44B-5D3E-433D-A7B5-D517F810D0E7}]
C:\Program Files\NetProject\sbmdl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"= "C:\Program Files\NetProject\wamdl.dll" [2008-03-17 10:39 75264]

[HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"= C:\Program Files\NetProject\wamdl.dll [2008-03-17 10:39 75264]

[HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"AdwareRemover2007"="C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe" [ ]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Auto EPSON Stylus Photo R320 Series on DDXXP911"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.exe" [2004-04-26 03:00 98304]
"\\DDXXP911\EPSON Stylus Photo R320 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.exe" [2004-04-26 03:00 98304]
"EPSON Stylus Photo R320 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.exe" [2004-04-26 03:00 98304]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 17:34 213936]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 15:18 995328]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 15:13 1101824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23 75520]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-20 20:18 366400]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [ ]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" [ ]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]
"medicsp2"="C:\Program Files\twc\medicsp2\bin\sprtcmd.exe" [2007-03-07 12:53 198184]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [ ]
"ledpointer"="CNYHKey.exe" [2003-08-26 09:38 5562368 C:\WINDOWS\CNYHKey.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 17:34 86960]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 17:34 213936]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 02:44 98304]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 02:45 118784]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 02:41 77824]
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [ ]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [ ]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 14:07 188416]
"DMXLauncher"="C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 01:07 102400]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [ ]
"CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 15:57 57344]
"CHotkey"="mHotkey.exe" [2003-07-29 17:56 526848 C:\WINDOWS\mHotkey.exe]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-11-29 22:47 319488]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48 761947]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [ ]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-08-10 12:10 221184]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"PPSYS"="C:\WINDOWS\system32\ppsys.exe" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-17 22:48 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01 437160]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-17 22:48 219136]

C:\Documents and Settings\Tomeika Saxon\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
palmOne Registration.lnk - C:\Program Files\palmOne\register.exe [2007-06-01 18:25:25 2367488]

C:\Documents and Settings\Ben\Start Menu\Programs\Startup\
palmOne Registration.lnk - C:\Program Files\palmOne\register.exe [2007-06-01 18:25:25 2367488]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"=
"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4672:UDP"= 4672:UDP:eMule : TCP Incoming

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-01 20:06]
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);C:\Program Files\twc\medicsp2\bin\sprtsvc.exe [2007-03-07 12:54]
S3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88772.sys [2004-09-09 08:51]
S3 PortlUSB;PortlUSB;C:\WINDOWS\system32\DRIVERS\SiriusUSB.sys [2005-09-03 01:58]
S4 MSAPI32Svc;MSAPI32Svc;C:\WINDOWS\system32\lcrss.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7751c86-781d-11dc-b542-001302cdda27}]
\Shell\AutoRun\command - G:\wd_windows_tools\setup.exe

*Newly Created Service* - AVG7ALRT
*Newly Created Service* - AVG7CORE
*Newly Created Service* - AVG7RSXP
*Newly Created Service* - AVG7UPDSVC
*Newly Created Service* - AVGCLEAN
*Newly Created Service* - RKPAVPROC
.
Contents of the 'Scheduled Tasks' folder
"2008-03-14 22:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-02-19 19:55:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-18 16:37:42 C:\WINDOWS\Tasks\User_Feed_Synchronization-{59CCDDE8-02AA-482D-AC71-93572147F7F8}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 12:58:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\\\DDXXP911\\EPSON Stylus Photo R320 Series"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9FA.EXE\" /P41 \"\\\\DDXXP911\\EPSON Stylus Photo R320 Series\" /O6 \"USB001\" /M \"Stylus Photo R320\""

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2008-03-18 13:11:40
ComboFix-quarantined-files.txt 2008-03-18 18:11:29
.
2008-03-13 12:05:52 --- E O F ---
  • 0

#4
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

First of all...

I notice from the log that there are running more than one different Anti-Virus programs with Auto-protect enabled. AVG and Bitdefender.
Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!
The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.
Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown.

So you have to make a decision here and keep the Antivirus you prefer and uninstall the other one.
Then reboot after uninstalling.

Then,

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\Documents and Settings\Ben\Application Data\internaldb6334.dat
C:\Documents and Settings\Ben\Application Data\internaldb41.dat
C:\Documents and Settings\Ben\Application Data\internaldb8467.dat
C:\Documents and Settings\Tomeika Saxon\Application Data\internaldb41.dat
C:\Documents and Settings\Tomeika Saxon\Application Data\internaldb1942.dat
C:\Documents and Settings\Tomeika Saxon\Application Data\internaldb4827.dat
C:\Documents and Settings\Tomeika Saxon\Application Data\internaldb9912.dat
C:\Documents and Settings\Tomeika Saxon\Application Data\internaldb1616.dat
Folder::
C:\Program Files\NetProject
Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6860A44B-5D3E-433D-A7B5-D517F810D0E7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"=-
[-HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"=-
[-HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=-
"ModemOnHold"=-
"AdwareRemover2007"=-
"RoboForm"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"=-
"My Web Search Bar Search Scope Monitor"=-
"MCUpdateExe"=-
"HPHUPD04"=-
"HPHmon04"=-
"Dell QuickSet"=-
"Windows Defender"=-
"TkBellExe"=-
"SDTray"=-
"PPSYS"=-


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

Also, Go to next site:
http://www.virustota.../en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:

C:\7D36.tmp

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results in your next reply as well.
  • 0

#5
geauxfart

geauxfart

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Alright i hope i did this right. I think I got rid of bitdefender and installed windows recovery. Here are the new logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:37 PM, on 3/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\twc\medicsp2\bin\sprtcmd.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.foxnews.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (file missing)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R320 Series on DDXXP911] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" /P47 "Auto EPSON Stylus Photo R320 Series on DDXXP911" /O19 "\\DDXXP911\Printer2" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [\\DDXXP911\EPSON Stylus Photo R320 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" /P41 "\\DDXXP911\EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O5 "LPT1:" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.c...s/ebraryRdr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr...ads/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_5.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/...tall/AxCtp2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe (file missing)
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe (file missing)

--
End of file - 13436 bytes




ComboFix 08-03-17.1 - Ben 2008-03-18 17:00:14.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.401 [GMT -5:00]
Running from: C:\Documents and Settings\Ben\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ben\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Ben\Application Data\internaldb41.dat
C:\Documents and Settings\Ben\Application Data\internaldb6334.dat
C:\Documents and Settings\Ben\Application Data\internaldb8467.dat
C:\Documents and Settings\Tomeika Saxon\Application Data\internaldb1616.dat
C:\Documents and Settings\Tomeika Saxon\Application Data\internaldb1942.dat
C:\Documents and Settings\Tomeika Saxon\Application Data\internaldb41.dat
C:\Documents and Settings\Tomeika Saxon\Application Data\internaldb4827.dat
C:\Documents and Settings\Tomeika Saxon\Application Data\internaldb9912.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Ben\Application Data\internaldb41.dat
C:\Documents and Settings\Ben\Application Data\internaldb6334.dat
C:\Documents and Settings\Ben\Application Data\internaldb8467.dat
C:\Documents and Settings\Tomeika Saxon\Application Data\internaldb1616.dat
C:\Documents and Settings\Tomeika Saxon\Application Data\internaldb1942.dat
C:\Documents and Settings\Tomeika Saxon\Application Data\internaldb41.dat
C:\Documents and Settings\Tomeika Saxon\Application Data\internaldb4827.dat
C:\Documents and Settings\Tomeika Saxon\Application Data\internaldb9912.dat
C:\Program Files\NetProject
C:\Program Files\NetProject\Ncm.exe
C:\Program Files\NetProject\ot.ico
C:\Program Files\NetProject\sbun.exe
C:\Program Files\NetProject\scu.exe
C:\Program Files\NetProject\ts.ico
C:\Program Files\NetProject\uninst.exe
C:\Program Files\NetProject\wamdl.dll
C:\Program Files\NetProject\waun.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))
.

2008-03-18 00:20 . 2008-03-18 00:20 1,904 --a------ C:\7D36.tmp
2008-03-17 22:49 . 2008-03-18 08:00 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\AVG7
2008-03-17 22:48 . 2008-03-17 22:48 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-17 21:39 . 2008-03-17 21:49 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-17 21:39 . 2008-03-17 21:39 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-17 21:39 . 2008-03-17 21:39 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-17 21:39 . 2008-03-17 21:39 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-17 16:12 . 2008-03-17 16:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-17 16:11 . 2008-03-18 16:07 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-17 16:11 . 2008-03-17 16:11 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\SUPERAntiSpyware.com
2008-03-17 14:55 . 2008-03-17 14:55 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\Grisoft
2008-03-17 14:54 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-17 14:51 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-17 14:00 . 2008-03-17 14:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-17 13:57 . 2008-03-17 13:57 <DIR> d-------- C:\Program Files\CCleaner
2008-03-17 10:58 . 2008-03-17 16:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-12 23:05 . 2008-03-12 23:05 <DIR> d-------- C:\Program Files\Sarm Software
2008-03-12 22:00 . 2008-03-12 22:19 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\EasyJob Resume Builder
2008-03-12 21:40 . 2008-03-12 22:19 <DIR> d-------- C:\Program Files\EasyJob Resume Builder
2008-02-21 09:07 . 2008-02-21 09:07 <DIR> d-------- C:\HM1
2008-02-21 08:58 . 2008-02-21 09:55 <DIR> d-------- C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD
2008-02-21 08:58 . 2008-02-21 08:58 67 --a------ C:\WINDOWS\Easy Video to DVD.INI
2008-02-21 08:53 . 2008-02-21 08:53 <DIR> d-------- C:\ConverterOutput
2008-02-20 16:40 . 2008-02-20 16:40 <DIR> d-------- C:\Program Files\Cucusoft
2008-02-20 16:40 . 2004-10-12 15:40 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-02-20 16:40 . 2004-10-12 15:46 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-02-20 16:40 . 2004-10-05 17:16 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-02-20 16:40 . 2004-10-12 15:42 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-02-20 16:40 . 2003-04-03 01:17 172,032 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-02-20 16:40 . 2004-10-04 02:50 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 21:36 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-03-18 19:46 --------- d-----w C:\Program Files\Google
2008-03-18 16:28 --------- d-----w C:\Documents and Settings\Tomeika Saxon\Application Data\AVG7
2008-03-18 15:33 --------- d-----w C:\Documents and Settings\Ben\Application Data\Azureus
2008-03-18 03:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-03-18 02:50 --------- d-----w C:\Program Files\Picasa2
2008-03-18 02:50 --------- d-----w C:\Program Files\iTunes
2008-03-18 02:49 --------- d-----w C:\Program Files\palmOne
2008-03-17 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-17 19:51 --------- d-----w C:\Program Files\Java
2008-03-17 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-17 15:58 --------- d-----w C:\Program Files\Lavasoft
2008-03-17 15:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-17 15:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-16 16:39 --------- d-----w C:\Program Files\Incomplete
2008-03-16 16:22 --------- d-----w C:\Program Files\Epocrates
2008-03-16 15:42 --------- d-----w C:\Documents and Settings\Ben\Application Data\Apple Computer
2008-03-16 15:20 --------- d-----w C:\Documents and Settings\Ben\Application Data\LimeWire
2008-03-15 17:19 --------- d-----w C:\Documents and Settings\Tomeika Saxon\Application Data\Roxio
2008-03-13 12:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-13 04:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-07 20:48 --------- d-----w C:\Program Files\Azureus
2008-02-25 18:25 --------- d-----w C:\Program Files\mIRC
2008-02-10 20:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-07 02:00 --------- d-----w C:\Program Files\QuickTime
2008-02-05 23:26 --------- d-----w C:\Program Files\iPod
2008-01-29 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-01-28 23:54 --------- d-----w C:\Program Files\Yahoo!
2008-01-28 04:13 --------- d-----w C:\Documents and Settings\Tomeika Saxon\Application Data\uTorrent
2008-01-22 18:54 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-22 18:22 --------- d-----w C:\Program Files\Soft191
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-21 05:52 376,832 ----a-w C:\WINDOWS\system32\AegisI5Installer.exe
2007-12-21 05:52 21,361 -c--a-w C:\WINDOWS\AegisP.sys
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-05-11 04:42 1,009 -c--a-w C:\Program Files\Epoc-AUCredentials-Palm.log
2006-08-17 03:32 88 -csha-r C:\WINDOWS\i386\340C39CF20.sys
2006-08-17 03:32 3,766 -csha-w C:\WINDOWS\i386\KGyGaAvL.sys
2006-10-29 03:14 56 --sh--r C:\WINDOWS\system32\20CF390C34.sys
2007-05-30 19:01 88 --sh--r C:\WINDOWS\system32\340C39CF20.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Auto EPSON Stylus Photo R320 Series on DDXXP911"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.exe" [2004-04-26 03:00 98304]
"\\DDXXP911\EPSON Stylus Photo R320 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.exe" [2004-04-26 03:00 98304]
"EPSON Stylus Photo R320 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.exe" [2004-04-26 03:00 98304]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 17:34 213936]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 15:18 995328]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 15:13 1101824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23 75520]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-20 20:18 366400]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]
"medicsp2"="C:\Program Files\twc\medicsp2\bin\sprtcmd.exe" [2007-03-07 12:53 198184]
"ledpointer"="CNYHKey.exe" [2003-08-26 09:38 5562368 C:\WINDOWS\CNYHKey.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 17:34 86960]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 17:34 213936]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 02:44 98304]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 02:45 118784]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 02:41 77824]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 14:07 188416]
"DMXLauncher"="C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 01:07 102400]
"CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 15:57 57344]
"CHotkey"="mHotkey.exe" [2003-07-29 17:56 526848 C:\WINDOWS\mHotkey.exe]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [ ]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48 761947]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-08-10 12:10 221184]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-17 22:48 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01 437160]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-17 22:48 219136]

C:\Documents and Settings\Tomeika Saxon\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
palmOne Registration.lnk - C:\Program Files\palmOne\register.exe [2007-06-01 18:25:25 2367488]

C:\Documents and Settings\Ben\Start Menu\Programs\Startup\
palmOne Registration.lnk - C:\Program Files\palmOne\register.exe [2007-06-01 18:25:25 2367488]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"=
"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4672:UDP"= 4672:UDP:eMule : TCP Incoming

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-01 20:06]
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);C:\Program Files\twc\medicsp2\bin\sprtsvc.exe [2007-03-07 12:54]
S3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88772.sys [2004-09-09 08:51]
S3 PortlUSB;PortlUSB;C:\WINDOWS\system32\DRIVERS\SiriusUSB.sys [2005-09-03 01:58]
S4 MSAPI32Svc;MSAPI32Svc;C:\WINDOWS\system32\lcrss.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7751c86-781d-11dc-b542-001302cdda27}]
\Shell\AutoRun\command - G:\wd_windows_tools\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-14 22:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-18 18:55:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-18 16:37:42 C:\WINDOWS\Tasks\User_Feed_Synchronization-{59CCDDE8-02AA-482D-AC71-93572147F7F8}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 17:02:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\\\DDXXP911\\EPSON Stylus Photo R320 Series"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9FA.EXE\" /P41 \"\\\\DDXXP911\\EPSON Stylus Photo R320 Series\" /O6 \"USB001\" /M \"Stylus Photo R320\""

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2008-03-18 17:03:42
ComboFix-quarantined-files.txt 2008-03-18 22:03:28
ComboFix2.txt 2008-03-18 18:11:41
.
2008-03-13 12:05:52 --- E O F ---




File 7D36.tmp received on 03.18.2008 22:16:24 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 4.
Estimated start time is between 47 and 68 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2008.3.18.1 2008.03.18 -
AntiVir 7.6.0.75 2008.03.18 -
Authentium 4.93.8 2008.03.18 -
Avast 4.7.1098.0 2008.03.18 -
AVG 7.5.0.516 2008.03.18 -
BitDefender 7.2 2008.03.18 -
CAT-QuickHeal 9.50 2008.03.14 -
ClamAV 0.92.1 2008.03.18 -
DrWeb 4.44.0.09170 2008.03.18 -
eSafe 7.0.15.0 2008.03.18 -
eTrust-Vet 31.3.5623 2008.03.17 -
Ewido 4.0 2008.03.18 -
F-Prot 4.4.2.54 2008.03.18 -
F-Secure 6.70.13260.0 2008.03.18 -
FileAdvisor 1 2008.03.18 -
Fortinet 3.14.0.0 2008.03.18 -
Ikarus T3.1.1.20 2008.03.18 -
Kaspersky 7.0.0.125 2008.03.18 -
McAfee 5254 2008.03.18 -
Microsoft 1.3301 2008.03.18 -
NOD32v2 2958 2008.03.18 -
Norman 5.80.02 2008.03.18 -
Panda 9.0.0.4 2008.03.17 -
Prevx1 V2 2008.03.18 -
Rising 20.36.12.00 2008.03.18 -
Sophos 4.27.0 2008.03.18 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.03.18 -
TheHacker 6.2.92.249 2008.03.18 -
VBA32 3.12.6.3 2008.03.17 -
VirusBuster 4.3.26:9 2008.03.18 -
Webwasher-Gateway 6.6.2 2008.03.18 -
Additional information
File size: 1904 bytes
MD5: 38a809f56c21e9dcd21ccb289679b75c
SHA1: e1db9f8aa0f1210ed74ba6e45cc7b6917b752a70
PEiD: -
  • 0

#6
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

This looks OK again...

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 5.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 5".
  • Click the "Download" button to the right.
  • For Platform, select "Windows"
  • For language, select your language
  • Read the License agreement and then Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement".
  • Click Continue
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u5-windows-i586-p.exe to install the newest version.

Let me know in your next reply how things are now.
  • 0

#7
geauxfart

geauxfart

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I updated JAVA. Everything seems to be much faster and clean. Do I need to delete all of the spyware cleaners and stuff? Also my start up after reboot is slow. What can I do about that? Thank you so much for the help. Now i have to go get a friends laptop and do he samething.
  • 0

#8
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

Do I need to delete all of the spyware cleaners and stuff?

Don't know what you exactly installed... but you certainly need an Antivirus (which is AVG in this case) and at least one Antispyware scanner to scan your system with once in a while.

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
  • 0

#9
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP