Thank you very much for taking time to help me out with my computer.
I am not the brightest on the computer side of life, but am getting better.
I hope this is all that you needed.
COMBO FIX LOGComboFix 08-04-03.5 - Jesse Mercer 2008-04-05 5:25:26.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1028 [GMT -5:00]
Running from: C:\Users\Jesse Mercer\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.protected
C:\Users\Jesse Mercer\AppData\Roaming\Def\CnsMin.dsc
C:\Users\Jesse Mercer\AppData\Roaming\Def\CnsMin.prf
C:\Users\Jesse Mercer\Desktopblackbird.jpg
C:\Users\Jesse Mercer\DesktopEditorFKWP1.5.exe
C:\Users\Jesse Mercer\DesktopEditorFKWP2.0.exe
C:\Users\Jesse Mercer\Desktopfilemanagerclient.exe
C:\Users\Jesse Mercer\Desktopfkwp1.5.exe
C:\Users\Jesse Mercer\Desktopfkwp2.0.exe
C:\Users\Jesse Mercer\Desktopfwebd.exe
C:\Users\Jesse Mercer\DesktopFWebdEditor.exe
C:\Users\Jesse Mercer\DesktopTrojan.Win32.BlackBird.exe
C:\Windows\system32\AutoRun.inf
C:\Windows\system32\drivers\etc\.protected
.
((((((((((((((((((((((((( Files Created from 2008-03-05 to 2008-04-05 )))))))))))))))))))))))))))))))
.
2008-04-04 11:29 . 2008-04-04 11:30 <DIR> d-------- C:\Program Files\Combo
2008-04-04 11:24 . 2008-04-04 11:25 1,612,758 --a------ C:\Users\Jesse Mercer\ComboFix.exe
2008-04-02 23:40 . 2008-04-03 09:22 <DIR> d-------- C:\Users\All Users\NVIDIA
2008-04-02 23:40 . 2008-04-03 09:22 <DIR> d-------- C:\ProgramData\NVIDIA
2008-04-02 22:01 . 2008-04-02 22:01 691 --a------ C:\Users\Jesse Mercer\AppData\Roaming\GetValue.vbs
2008-04-02 22:01 . 2008-04-02 22:01 35 --a------ C:\Users\Jesse Mercer\AppData\Roaming\SetValue.bat
2008-04-02 21:53 . 2008-04-02 21:54 <DIR> d-------- C:\Users\Jesse Mercer\SmitfraudFix
2008-04-02 21:53 . 2008-04-04 11:07 4,204 --a------ C:\Windows\System32\tmp.reg
2008-04-02 10:47 . 2008-04-02 10:47 <DIR> d-------- C:\Program Files\Realtek
2008-04-02 10:47 . 2008-01-17 07:22 4,907,008 --a------ C:\Windows\RtHDVCpl.exe
2008-04-02 10:47 . 2008-01-25 04:46 2,158,592 --a------ C:\Windows\System32\RtkAPO.dll
2008-04-02 10:47 . 2007-01-12 16:54 520,192 --a------ C:\Windows\RtlExUpd.dll
2008-04-02 10:47 . 2008-04-02 10:47 319,456 --a------ C:\Windows\DIFxAPI.dll
2008-04-02 10:47 . 2008-04-02 10:47 315,392 --a------ C:\Windows\HideWin.exe
2008-04-02 09:04 . 2008-04-02 09:04 <DIR> d-------- C:\PerfLogs
2008-04-02 07:50 . 2008-01-19 02:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-04-02 07:49 . 2008-01-19 01:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-04-02 07:48 . 2008-01-19 02:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-04-02 07:48 . 2008-01-19 02:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-04-02 07:48 . 2008-01-19 02:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-04-02 07:48 . 2008-01-19 02:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-04-02 07:48 . 2008-01-19 02:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-04-02 07:48 . 2008-01-19 02:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-04-02 01:29 . 2008-04-02 01:30 <DIR> d-------- C:\Program Files\Panda Security
2008-04-02 01:01 . 2008-04-02 01:01 <DIR> d-------- C:\Users\Jesse Mercer\AppData\Roaming\SUPERAntiSpyware.com
2008-04-02 01:01 . 2008-04-02 01:01 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-04-02 01:01 . 2008-04-02 01:01 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-04-02 01:01 . 2008-04-02 01:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-02 01:00 . 2008-04-02 01:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-02 00:27 . 2008-04-02 00:27 45 --a------ C:\Windows\System32\nDiagLog.xml
2008-04-01 23:11 . 2008-04-01 23:11 <DIR> d-------- C:\Users\Jesse Mercer\AppData\Roaming\Grisoft
2008-04-01 23:11 . 2008-04-01 23:11 <DIR> d-------- C:\Users\All Users\Grisoft
2008-04-01 23:11 . 2008-04-01 23:11 <DIR> d-------- C:\ProgramData\Grisoft
2008-04-01 23:11 . 2007-05-30 07:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-04-01 21:49 . 2008-04-01 21:49 <DIR> d-------- C:\Deckard
2008-03-31 17:24 . 2008-03-31 17:24 <DIR> d-------- C:\Users\Jesse Mercer\AppData\Roaming\Bitdefender
2008-03-31 17:24 . 2008-03-31 17:25 <DIR> d-------- C:\Users\All Users\BitDefender
2008-03-31 17:24 . 2008-03-31 17:25 <DIR> d-------- C:\ProgramData\BitDefender
2008-03-31 17:24 . 2008-03-31 17:24 <DIR> d-------- C:\Program Files\BitDefender
2008-03-31 17:21 . 2008-03-31 17:24 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-03-31 17:00 . 2008-03-31 17:00 73 --a------ C:\Windows\st_affiliate.ini
2008-03-31 16:21 . 2008-03-31 16:21 <DIR> d-------- C:\Windows\System32\vmm32
2008-03-31 10:40 . 2008-04-05 05:27 <DIR> d-------- C:\Users\Jesse Mercer\AppData\Roaming\Def
2008-03-31 10:40 . 2008-03-31 10:40 <DIR> d-------- C:\Users\Jesse Mercer\AppData\Roaming\Bin
2008-03-31 10:31 . 2008-03-31 10:31 <DIR> d-------- C:\Windows\AntiSpy
2008-03-31 10:31 . 2008-03-31 10:31 137 --a------ C:\Windows\tsiwinfile.dat
2008-03-31 10:13 . 2008-03-31 10:13 3,120 --a------ C:\Windows\System32\DRWSJLAD.ocx
2008-03-31 10:13 . 2008-03-31 10:13 3,120 --a------ C:\Windows\LJRGKDD9.ocx
2008-03-31 10:11 . 2008-03-31 17:30 <DIR> d-------- C:\Users\All Users\Defender Pro
2008-03-31 10:11 . 2008-03-31 17:30 <DIR> d-------- C:\ProgramData\Defender Pro
2008-03-31 10:11 . 2008-03-31 10:30 <DIR> d-------- C:\Program Files\Defender Pro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 13:44 --------- d-----w C:\ProgramData\HP Product Assistant
2008-04-02 15:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-02 15:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-02 14:17 174 --sha-w C:\Program Files\desktop.ini
2008-04-02 14:08 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-02 14:08 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-02 14:08 --------- d-----w C:\Program Files\Windows Mail
2008-04-02 14:08 --------- d-----w C:\Program Files\Windows Journal
2008-04-02 14:08 --------- d-----w C:\Program Files\Windows Defender
2008-04-02 14:08 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-02 14:08 --------- d-----w C:\Program Files\Windows Calendar
2008-04-02 13:03 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-02 13:03 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-02 03:42 --------- d-----w C:\Program Files\Trend Micro
2008-03-31 21:21 --------- d-----w C:\Program Files\Dell
2008-02-19 03:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-13 09:06 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-01-21 14:18 638,976 ----a-w C:\Windows\System32\RtkPgExt.dll
2008-01-19 07:44 986,680 ----a-w C:\Windows\System32\winload.exe
2008-01-19 07:44 926,776 ----a-w C:\Windows\System32\winresume.exe
2008-01-19 07:43 614,968 ----a-w C:\Windows\System32\ci.dll
2008-01-19 07:43 376,376 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-19 07:43 3,600,440 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-01-19 07:43 3,548,728 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-01-19 07:42 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
2008-01-19 07:42 51,768 ----a-w C:\Windows\System32\PSHED.DLL
2008-01-19 07:42 247,352 ----a-w C:\Windows\System32\clfs.sys
2008-01-19 07:42 177,208 ----a-w C:\Windows\System32\halmacpi.dll
2008-01-19 07:42 141,880 ----a-w C:\Windows\System32\halacpi.dll
2008-01-19 07:41 24,120 ----a-w C:\Windows\System32\BOOTVID.DLL
2008-01-19 07:41 21,560 ----a-w C:\Windows\System32\kdusb.dll
2008-01-19 07:41 19,512 ----a-w C:\Windows\System32\kdcom.dll
2008-01-19 07:38 46,080 ----a-w C:\Windows\System32\NAPCRYPT.DLL
2008-01-19 07:38 4,595,712 ----a-w C:\Windows\System32\AuthFWSnapin.dll
2008-01-19 07:38 242,744 ----a-w C:\Windows\System32\rsaenh.dll
2008-01-19 07:38 155,704 ----a-w C:\Windows\System32\dssenh.dll
2008-01-19 07:38 131,640 ----a-w C:\Windows\System32\basecsp.dll
2008-01-19 07:38 103,936 ----a-w C:\Windows\System32\NAPHLPR.DLL
2008-01-19 07:38 1,203,792 ----a-w C:\Windows\System32\ntdll.dll
2008-01-19 07:36 996,352 ----a-w C:\Windows\System32\WMNetMgr.dll
2008-01-19 07:35 98,304 ----a-w C:\Windows\System32\mssitlb.dll
2008-01-19 07:34 98,816 ----a-w C:\Windows\System32\mfps.dll
2008-01-19 07:33 98,304 ----a-w C:\Windows\System32\makecab.exe
2008-01-19 07:32 879,616 ----a-w C:\Windows\System32\Bubbles.scr
2008-01-19 07:32 704,512 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-19 07:32 5,714,432 ----a-w C:\Windows\System32\logon.scr
2008-01-19 07:32 258,048 ----a-w C:\Windows\System32\winspool.drv
2008-01-19 07:32 221,184 ----a-w C:\Windows\System32\Mystify.scr
2008-01-19 07:32 220,672 ----a-w C:\Windows\System32\Ribbons.scr
2008-01-19 07:32 21,504 ----a-w C:\Windows\System32\msacm32.drv
2008-01-19 07:32 166,912 ----a-w C:\Windows\System32\wdmaud.drv
2008-01-19 07:32 1,370,624 ----a-w C:\Windows\System32\Aurora.scr
2008-01-19 07:31 7,680 ----a-w C:\Windows\System32\spwizres.dll
2008-01-19 07:31 57,856 ----a-w C:\Windows\System32\nlsbres.dll
2008-01-19 07:31 118,272 ----a-w C:\Windows\System32\RDPENCDD.dll
2008-01-19 07:30 17,920 ----a-w C:\Windows\System32\netevent.dll
2008-01-19 07:29 705,536 ----a-w C:\Windows\System32\imagesp1.dll
2008-01-19 07:29 58,880 ----a-w C:\Windows\System32\msobjs.dll
2008-01-19 07:28 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-01-19 07:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-01-19 06:01 14,336 ----a-w C:\Windows\System32\tsddd.dll
2008-01-19 06:01 134,656 ----a-w C:\Windows\System32\rdpdd.dll
2008-01-19 05:52 56,320 ----a-w C:\Windows\System32\vga256.dll
2008-01-19 05:52 21,504 ----a-w C:\Windows\System32\vga64k.dll
2008-01-19 05:52 11,776 ----a-w C:\Windows\System32\framebuf.dll
2008-01-19 05:52 10,752 ----a-w C:\Windows\System32\vga.dll
2008-01-19 05:50 14,848 ----a-w C:\Windows\System32\iscsilog.dll
2008-01-19 05:48 20,992 ----a-w C:\Windows\System32\msdtcVSp1res.dll
2008-01-19 05:48 1,291,264 ----a-w C:\Windows\System32\comres.dll
2008-01-19 05:46 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-19 05:39 13,312 ----a-w C:\Windows\System32\WsmRes.dll
2008-01-19 05:37 2,031,616 ----a-w C:\Windows\System32\win32k.sys
2008-01-19 05:36 289,792 ----a-w C:\Windows\System32\atmfd.dll
2008-01-19 05:33 56,320 ----a-w C:\Windows\System32\graftabl.com
2008-01-19 05:31 8,322,048 ----a-w C:\Windows\System32\spwizimg.dll
2008-01-19 05:27 8,704 ----a-w C:\Windows\System32\kd1394.dll
2008-01-19 05:26 605,696 ----a-w C:\Windows\System32\adtschema.dll
2008-01-19 03:17 100,043 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-01-14 12:10 86,528 ----a-w C:\Windows\System32\AERTARen.dll
2008-01-14 12:10 135,168 ----a-w C:\Windows\System32\AERTACap.dll
2008-01-05 11:36 195,122 ----a-w C:\Windows\System32\winrm.vbs
2008-01-05 11:35 80,047 ----a-w C:\Windows\System32\slmgr.vbs
2008-01-05 11:34 15,181 ----a-w C:\Windows\System32\gatherWirelessInfo.vbs
2008-01-05 11:27 96,760 ----a-w C:\Windows\System32\dfshim.dll
2008-01-05 11:27 84,480 ----a-w C:\Windows\System32\mscories.dll
2008-01-05 11:27 282,112 ----a-w C:\Windows\System32\mscoree.dll
2008-01-05 11:27 158,720 ----a-w C:\Windows\System32\mscorier.dll
2008-01-05 11:21 779,800 ----a-w C:\Windows\System32\PresentationNative_v0300.dll
2008-01-05 11:21 579,584 ----a-w C:\Windows\System32\icardagt.exe
2008-01-05 11:21 350,744 ----a-w C:\Windows\System32\PresentationHost.exe
2008-01-05 11:21 33,304 ----a-w C:\Windows\System32\PresentationHostProxy.dll
2008-01-05 11:21 28,672 ----a-w C:\Windows\System32\TsWpfWrp.exe
2008-01-05 11:21 12,198 ----a-w C:\Windows\System32\gatherWiredInfo.vbs
2008-01-05 11:21 11,776 ----a-w C:\Windows\System32\icardres.dll
2008-01-05 11:21 106,520 ----a-w C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2007-12-07 13:10 122 ----a-w C:\Users\Jesse Mercer\AppData\Roaming\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}]
C:\Program Files\PC-Antispyware\IeExtension.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 02:36 2153472 C:\Windows\System32\oobefldr.dll]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 13:09 460784]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 02:33 125952]
"DZUGW7Wvx0"="C:\ProgramData\zkdcpqxw\dslgjqhy.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"c8xuWiBSJ0"="C:\ProgramData\zkdcpqxw\dslgjqhy.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 02:38 1008184]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 01:03 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 07:22 4907008 C:\Windows\RtHDVCpl.exe]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 14:40 16384]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-13 00:24 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-16 17:45 360448]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-17 08:07 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-17 08:07 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-17 08:07 81920]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-11-20 14:02:16 50688]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2178265728-1913057435-1508887540-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{28B8758B-317D-432C-B6FC-A1FD49969A19}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{BDE22885-56FE-431A-B1AE-69CD721F0556}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{0296366C-8DA9-4C19-8234-B6C2D44C26C4}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{57C8BC4C-F45F-442A-B7F1-EA2ACC1905CF}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{5E91FD6D-CA18-49C5-9B83-7DB39F5D5A84}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{53596D9E-EF97-4533-839E-B3F3CBBA14A7}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{771F2FAA-D778-4433-92C9-F1DACEF17C4A}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{02A32A9C-EE7B-40BC-99A3-6499110CEBE6}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{27D9650D-FBA6-4EA4-91F7-30F23D0C3A9A}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{F2B0DE93-201A-4EBB-BCC1-1A8B973A8C0C}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{5B4BA756-640C-4120-A15E-0BBEA81E008C}"= UDP:C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe:Defender Pro
"{C050A92B-7690-4420-9FDE-6A9C6E9496F1}"= TCP:C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe:Defender Pro
"TCP Query User{2C253D0F-F10E-4736-B9AE-F3EA3826D7A3}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{37F609C7-E609-4560-9922-9AF813F991FB}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)
R2 AERTFilters;Andrea RT Filters Service;C:\Windows\system32\AERTSrv.exe [2007-12-05 06:17]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-07-11 09:15]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 19:39]
R3 usbprint;Microsoft USB PRINTER Class;C:\Windows\system32\DRIVERS\usbprint.sys [2008-01-19 01:14]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 02:36]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bdx REG_MULTI_SZ scan
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-05 05:27:22
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-05 5:27:57
ComboFix-quarantined-files.txt 2008-04-05 10:27:54
Pre-Run: 271,589,826,560 bytes free
Post-Run: 271,563,104,256 bytes free
.
2008-04-03 14:20:48 --- E O F ---
SMITHFRAUDFIX LOGSmitFraudFix v2.309
Scan done at 5:34:58.90, Sat 04/05/2008
Run from C:\Users\Jesse Mercer\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Jesse Mercer
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Jesse Mercer\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\JESSEM~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOEC62~1.DLL"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: NVIDIA nForce Networking Controller
DNS Server Search Order: 192.168.0.1
DNS Server Search Order: 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D577F6E2-70F2-44BB-ABF4-23F0D9256AE8}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D577F6E2-70F2-44BB-ABF4-23F0D9256AE8}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D577F6E2-70F2-44BB-ABF4-23F0D9256AE8}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
HIJACKTHIS LOGLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:42 AM, on 4/5/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DZUGW7Wvx0] C:\ProgramData\zkdcpqxw\dslgjqhy.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [c8xuWiBSJ0] C:\ProgramData\zkdcpqxw\dslgjqhy.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://www.pandasecu...s/as2stubie.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://photos.walmar...martActivia.cabO16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) -
http://radaol-prod-w...agi3.0.84.2.cabO16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
http://www.nick.com/.../GrooveAX27.cabO16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) -
http://www.superadbl...ivex/sabspx.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 8850 bytes
Thanks again
Jesse