Noticed another post with this problem and they ran a Deckard's System Scanner and posted the logs so thought I better do that now just in case.
Here is the main.txt
Deckard's System Scanner v20071014.68
Run by WS-1 on 2008-03-28 15:43:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
5: 2008-03-28 20:43:49 UTC - RP719 - Deckard's System Scanner Restore Point
4: 2008-03-28 19:12:39 UTC - RP718 - System Checkpoint
3: 2008-03-27 18:42:45 UTC - RP717 - System Checkpoint
2: 2008-03-26 18:11:19 UTC - RP716 - Installed SUPERAntiSpyware Free Edition
1: 2008-03-25 22:29:14 UTC - RP715 - previralclean
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 510 MiB (512 MiB recommended).-- HijackThis (run as WS-1.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:44:34 PM, on 3/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\WS-1\Desktop\dss.exe
C:\DOCUME~1\WS-1\Desktop\Fix\WS-1.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywayR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywayR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell4me.com/mywayR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\CPV\CPV7.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.adpclaims.com
O15 - Trusted Zone: *.audatex.com
O15 - Trusted Zone: *.audatex.us
O15 - Trusted Zone: *.audatexsolutions.com
O16 - DPF: {03AC0944-18EF-47F6-ACBC-F31C5D36BA7A} (ADXE Export) -
http://audatex/Falcon/ExportCtrl.cabO16 - DPF: {05DE4D49-626D-43E8-98C6-A5857FE1555A} (ADXE Damage Page) -
http://audatex/Falcon/DamagePage.cabO16 - DPF: {0711C439-8D8C-41AB-93CC-2EE230D5160F} (ADXE Print) -
http://audatex/Falcon/PrintCtrl.cabO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {17EE1458-6EF3-4790-86DF-E62BB4E4B788} (PrintControl Class) -
http://audatex/Falcon/PrintCtrl.cabO16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://downloads.ewi...oOnlineScan.cabO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.t...ivex/hcImpl.cabO16 - DPF: {262F370B-34ED-47AD-8162-73B4854CAFB9} (Export Class) -
http://audatex/Falcon/ExportCtrl.ocxO16 - DPF: {29F4A333-E43C-4DF7-AA0D-9D6F70CB3EDD} (VehView Class) -
http://audatex/Falcon/DamagePage.cabO16 - DPF: {2B390C5C-0123-4CFD-A889-F5663E8E0E7A} (ADXE Damage Page) -
http://audatex/Falcon/DamagePage.cabO16 - DPF: {46B4D9B3-4586-4BE6-A582-CE3E39EE319D} (Export Class) -
http://audatex/Falcon/ExportCtrl.ocxO16 - DPF: {4D09B17B-6D2D-4D78-8C5D-F785C3FCDFC5} (VehView Class) -
http://audatex/Falcon/DamagePage.ocxO16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -
http://www.eset.eu/b...lineScanner.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitd...can8/oscan8.cabO16 - DPF: {64DD50DA-FD47-4D68-B49D-F7A88A4BAF5E} (Export Class) -
http://audatex/Falcon/ExportCtrl.cabO16 - DPF: {73D6A3F8-B81D-40D5-A37C-068631A4AEC7} (ADXE Export) -
http://audatex/Falcon/ExportCtrl.cabO16 - DPF: {760C5F87-7835-43D3-B9B2-98B543B7EE4D} (ADXE Export) -
http://audatex/Falcon/ExportCtrl.cabO16 - DPF: {8FBEF877-FCC5-4046-BB00-23ABB88C274F} (ADXE Print) -
http://audatex/Falcon/PrintCtrl.cabO16 - DPF: {964149A0-96E0-4FFA-9A14-7AA7F93242B8} (ADXE Print) -
http://audatex/Falcon/PrintCtrl.cabO16 - DPF: {988EE3ED-16F2-4689-B9ED-4FB94649F480} (PrintControl Class) -
http://audatex/Falcon/PrintCtrl.ocxO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {B9112CCB-7039-4552-ADF4-537B75CFEB86} (PrintControl Class) -
http://audatex/Falcon/PrintCtrl.ocxO16 - DPF: {B9CA338A-FF7A-4C0B-9A6F-FF93C60B1230} (ADXE Damage Page) -
http://audatex/Falcon/DamagePage.cabO16 - DPF: {D8337DF2-5C79-4EF5-BA49-F8A9ED3D89EA} -
http://audatex/Falco...load/isetup.cabO16 - DPF: {E3B9C9D3-1D91-4E25-8A14-1F863AEAC060} (VehView Class) -
http://audatex/Falcon/DamagePage.ocxO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
--
End of file - 8203 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 Partizan - c:\windows\system32\drivers\partizan.sys <Not Verified; Greatis Software; RegRun Security Suite>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2005-09-09 09:54:26 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job
-- Files created between 2008-02-28 and 2008-03-28 -----------------------------
2008-03-26 13:11:27 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-26 13:11:20 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-26 13:11:20 0 d-------- C:\Documents and Settings\WS-1\Application Data\SUPERAntiSpyware.com
2008-03-26 10:35:27 0 d--hs---- C:\WINDOWS\CSC
2008-03-25 09:35:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-24 14:32:54 0 d-------- C:\Documents and Settings\WS-1\DoctorWeb
2008-03-21 09:03:57 0 d-------- C:\WINDOWS\BDOSCAN8
2008-03-21 08:38:19 0 d-------- C:\Program Files\CPV
2008-03-21 08:38:18 0 d-------- C:\Program Files\Temporary
2008-03-20 08:31:38 0 d-------- C:\WINDOWS\system32\iDlo01
2008-03-03 14:44:56 0 d-------- C:\WINDOWS\SxsCaPendDel
-- Find3M Report ---------------------------------------------------------------
2008-03-27 18:12:41 0 d-------- C:\Program Files\Google
2008-03-26 13:10:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-26 11:25:30 0 d-------- C:\Documents and Settings\WS-1\Application Data\AVG7
2008-03-25 07:59:13 0 --a------ C:\WINDOWS\system32\MITTIF7
2008-03-25 07:58:36 0 --a------ C:\WINDOWS\system32\MITPDF7
2008-03-24 17:29:05 0 d-------- C:\Program Files\Common Files
2008-03-03 14:58:17 0 d-------- C:\Documents and Settings\WS-1\Application Data\Adobe
2008-03-03 14:45:23 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-27 08:31:52 0 d-------- C:\Program Files\Seagate Software
2008-02-11 09:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-11 09:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-08 13:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-05 08:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>
2008-01-09 15:01:48 53248 --a------ C:\WINDOWS\bdoscandel.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]
03/21/2008 08:38 AM 51200 --a------ C:\Program Files\CPV\CPV7.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [12/20/2007 11:55 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/02/2005 06:50 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [03/26/2008 02:38 PM]
C:\Documents and Settings\WS-1\Start Menu\Programs\Startup\
DESKTOP.INI [8/11/2004 6:15:06 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/11/2004 6:15:06 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 03/26/2008 02:38 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSCD_Creator]
c:\Dell\PreODM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SYSWB6]
SYSWB6
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##S22240#cdrom]
AutoRun\command- Z:\SLWSetup\SlwControl.exe -AutoRun
*Newly Created Service* - SASDIFSV
-- End of Deckard's System Scanner: finished at 2008-03-28 15:44:58 ------------