HijackThis log help

Hi fire27,
You have some infections. Let’s see if we can clean it up…..

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Please post contents of that file in your next reply.


Download ComboFix from Here to your Desktop.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Extra-Note: Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist.


2OG

 

2OG

Can you give me a line you see an infection on..
I am trying to learn how to read these log.I been researching the log line by line but its taking me so long to figure it out.grrr

B2R

 

@born2ride,


Research, research, research and a lot of experience…The only thing I can tell you..


In the running processes:

C:\WINDOWS\System32\CbEvtSvc.exe <- Trojan downloader

See these links:
http://www.greatis.com/appdata/d/c/cbevtsvc.exe.htm
http://www.bleepingcomputer.com/startups/CbEvtSvc.exe-22167.html


in the start program lines:

O4 - HKLM\..\Run: [lphcldvj0e11f] C:\WINDOWS\system32\lphcldvj0e11f.exe

O4 - HKLM\..\Run: [SMrhcgdvj0e11f] C:\Program Files\rhcgdvj0e11f\rhcgdvj0e11f.exe

These are random name files that are associated with the Vundo Trojan and the Rogue AntiVirus 2008. This one just comes from experience.


O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe

See these links:

http://www.greatis.com/appdata/d/s/sysrest32.exe.htm
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbgt.html


O23 - Service: CbEvtSvc - Unknown owner - C:\WINDOWS\System32\CbEvtSvc.exe

This is the Trojan that is a running process started here as a service.

Shows here also:
http://spywarefiles.prevx.com/RRHGJG44332719/CBEVTSVC.EXE.html



See this site for good tutorial on analyzing a HJT Log..
http://hometown.aol.co.uk/jrmc137/hjttutorial/tutorial.htm

And to help research use HJTHotkey here:
http://hometown.aol.co.uk/jrmc137/HJTHotkey/


2OG

 

2OG
AWESOME
Thanks alot. that should fill a couple of nights LOL

 

2oldgeek

Heres the malware log:

Thanks Chuck

by the way I am going per your instructions im doing combofix now.


Malwarebytes' Anti-Malware 1.24
Database version: 1045
Windows 5.1.2600 Service Pack 3

10:18:09 PM 8/12/2008
mbam-log-8-12-2008 (22-18-09).txt

Scan type: Full Scan (C:\|D:\|K:\|)
Objects scanned: 266036
Time elapsed: 4 hour(s), 33 minute(s), 57 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 7
Registry Data Items Infected: 2
Folders Infected: 35
Files Infected: 26

Memory Processes Infected:
C:\WINDOWS\system32\CbEvtSvc.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\system32\blphcldvj0e11f.scr (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\lphcldvj0e11f.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\sysrest32.exe (Rootkit.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\Internet Explorer\setupapi.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcgdvj0e11f (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcgdvj0e11f (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc (Trojan.MyDoom) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcgdvj0e11f (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcldvj0e11f (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\rhcgdvj0e11f (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcgdvj0e11f (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcgdvj0e11f\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcgdvj0e11f\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcgdvj0e11f\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcgdvj0e11f\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcgdvj0e11f\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcgdvj0e11f\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcgdvj0e11f\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcgdvj0e11f\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcgdvj0e11f\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcgdvj0e11f\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chuck\Application Data\rhcgdvj0e11f (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chuck\Application Data\rhcgdvj0e11f\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chuck\Application Data\rhcgdvj0e11f\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chuck\Application Data\rhcgdvj0e11f\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chuck\Application Data\rhcgdvj0e11f\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chuck\Application Data\rhcgdvj0e11f\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chuck\Application Data\rhcgdvj0e11f\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chuck\Application Data\rhcgdvj0e11f\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chuck\Application Data\rhcgdvj0e11f\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chuck\Application Data\rhcgdvj0e11f\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chuck\Application Data\rhcgdvj0e11f\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.CHIEF\Application Data\rhcgdvj0e11f (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.CHIEF\Application Data\rhcgdvj0e11f\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.CHIEF\Application Data\rhcgdvj0e11f\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.CHIEF\Application Data\rhcgdvj0e11f\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.CHIEF\Application Data\rhcgdvj0e11f\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.CHIEF\Application Data\rhcgdvj0e11f\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.CHIEF\Application Data\rhcgdvj0e11f\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.CHIEF\Application Data\rhcgdvj0e11f\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.CHIEF\Application Data\rhcgdvj0e11f\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.CHIEF\Application Data\rhcgdvj0e11f\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.CHIEF\Application Data\rhcgdvj0e11f\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\CbEvtSvc.exe (Trojan.Downloader) -> Delete on reboot.
C:\Program Files\rhcgdvj0e11f\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcgdvj0e11f\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcgdvj0e11f\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcgdvj0e11f\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcgdvj0e11f\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcgdvj0e11f\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcgdvj0e11f\rhcgdvj0e11f.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcgdvj0e11f\rhcgdvj0e11f.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcgdvj0e11f\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\setupapi.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\blphcldvj0e11f.scr (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\lphcldvj0e11f.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcldvj0e11f.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chuck\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chuck\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chuck\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chuck\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

 

2og

Here are the logs. Thanks alot for your help....

Chuck
ComboFix 08-08-12.01 - Chuck 2008-08-12 23:00:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.469 [GMT -4:00]
Running from: C:\Documents and Settings\Chuck\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Chuck\Application Data\macromedia\Flash Player\#SharedObjects\7AWSV64A\interclick.com
C:\Documents and Settings\Chuck\Application Data\macromedia\Flash Player\#SharedObjects\7AWSV64A\interclick.com\ud.sol
C:\Documents and Settings\Chuck\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Chuck\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\LocalService\Application Data\521632863.exe
C:\Documents and Settings\LocalService\Application Data\624530661.exe
C:\Documents and Settings\LocalService\Application Data\629773861.exe
C:\Documents and Settings\LocalService\Application Data\633968421.exe
C:\Documents and Settings\LocalService\Application Data\721529861.exe
C:\Documents and Settings\LocalService\Application Data\728739263.exe
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system\oeminfo.ini
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\install.exe
C:\WINDOWS\system32\REGOBJ.DLL
D:\Autorun.inf
K:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CBEVTSVC


((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
.

2008-08-12 15:24 . 2008-08-12 15:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 15:24 . 2008-08-12 15:24 <DIR> d-------- C:\Documents and Settings\Chuck\Application Data\Malwarebytes
2008-08-12 15:24 . 2008-08-12 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-12 15:24 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-12 15:24 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-12 11:14 . 2008-08-12 11:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-12 10:58 . 2008-08-12 10:58 <DIR> d-------- C:\Documents and Settings\Administrator.CHIEF\Application Data\HotSync
2008-08-12 10:57 . 2008-08-12 10:57 <DIR> d-------- C:\Documents and Settings\Administrator.CHIEF\Application Data\ScanSoft
2008-08-12 10:56 . 2008-08-12 10:56 <DIR> d-------- C:\Documents and Settings\Administrator.CHIEF\Application Data\Roxio
2008-07-23 09:55 . 2008-07-23 09:55 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-07-21 14:46 . 2008-07-21 14:46 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-21 14:45 . 2008-07-21 14:45 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-21 14:45 . 2008-07-21 14:46 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-21 14:43 . 2008-07-21 14:43 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-21 14:28 . 2008-04-13 20:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-07-21 14:27 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-13 02:52 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-08-13 02:28 3,645 ----a-w C:\WINDOWS\viassary-hp.reg
2008-08-12 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-12 14:23 --------- d-----w C:\Program Files\DynDNS Updater
2008-08-07 05:07 --------- d-----w C:\Program Files\Google
2008-08-04 21:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-15 15:01 --------- d-----w C:\Program Files\NFPA
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 12:43 --------- d-----w C:\Program Files\MSECache
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-30 17:38 4,237 ----a-w C:\Program Files\MapPro50.Cfg
2008-04-30 17:38 4 ----a-w C:\Program Files\Cscm.bin
2007-08-16 20:00 112,408 ----a-w C:\Program Files\DBTools.log
2007-06-06 17:34 121,968 ----a-w C:\Program Files\Install.log
2006-12-18 21:33 27,526,922 ----a-w C:\Program Files\FH.EXE
2006-12-18 21:33 179,085 ----a-w C:\Program Files\FHWizWks.exe
2006-12-18 21:33 1,735,502 ----a-w C:\Program Files\FHARCHIV.EXE
2006-12-18 21:33 1,570,257 ----a-w C:\Program Files\FHDBTOOL.EXE
2006-12-18 21:33 1,303,542 ----a-w C:\Program Files\FHBACKUP.EXE
2006-12-18 21:33 1,071,262 ----a-w C:\Program Files\fhrecalc.exe
2006-12-18 21:33 1,053,305 ----a-w C:\Program Files\FHACTIV.EXE
2006-12-18 21:24 14,222,257 ----a-w C:\Program Files\FHEXPAND.EXE
2006-10-16 15:43 162,304 ----a-w C:\Program Files\UnInstal.exe
2005-09-14 15:09 0 ----a-w C:\Documents and Settings\Chuck\Application Data\wklnhst.dat
2005-07-22 16:21 1,074,497 ----a-w C:\Program Files\FHINetUp.exe
2005-07-05 19:29 16,893 ----a-w C:\Program Files\UpTemp.log
2004-11-24 21:13 155,648 ----a-w C:\Program Files\KeyLib32.dll
2004-11-24 21:13 15,840 ----a-w C:\Program Files\MachNm1.exe
2004-11-24 21:13 143,360 ----a-w C:\Program Files\emdialog.dll
2004-11-24 21:12 41,548 ----a-w C:\Program Files\FOXTOOLS.FLL
2004-11-24 21:12 16,896 ----a-w C:\Program Files\FFIX4_50.FLL
2001-05-14 12:23 38 ----a-w C:\Program Files\AutoLoad.str
2005-08-10 14:12 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 20:12 1695232]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 19:44 1200128]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 11:23 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-06-13 18:27 2752512]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 04:42 202088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 05:04 52736]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 07:53 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 07:42 659456]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 08:02 61440]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2002-01-01 04:59 180269]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 20:04 278528]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 09:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 10:17 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 10:54 253952]
"ToshibaSC3DocMon"="C:\PROGRA~1\TOSHIBA\TOSHIB~1\sc3docmon.exe" [2002-03-07 22:33 163840]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2005-09-01 13:56 868352]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2005-09-01 13:56 319488]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-02-27 23:01 36864]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-02-27 23:02 40960]
"WorkFlowTray"="C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe" [2004-03-08 14:34 155747]
"Opware14"="C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe" [2004-03-08 14:33 57344]
"OpScheduler"="C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe" [2004-03-08 14:36 114688]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58 856064]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 02:08 483328]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2002-01-01 05:06 98304]
"Tracker"="C:\Program Files\MySoftware\MyInvoices\tracker.exe" [2002-11-25 12:22 102400]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 09:47 131072]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 09:47 163840]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 09:46 135168]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 20:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 11:24 86016 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 16:32 2807808 C:\WINDOWS\ALCWZRD.EXE]

C:\Documents and Settings\Chuck\Start Menu\Programs\Startup\
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2002-01-01 05:09:38 36864]
Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\cinetray.exe [2002-09-18 15:16:30 98304]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-04-12 15:14:35 25214]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 02:05:26 29696]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2005-07-26 12:04:19 209016]
fireTRAX Server.lnk - C:\Program Files\Salamander\FireTrax\SalTech.FireTrax.Sync.Server.exe [2005-10-24 10:07:32 176128]
HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 14:16:08 471040]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 23:28:24 258048]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-02-27 05:00:46 972064]
Server4PC.lnk - C:\Program Files\Broadband4PC\bin\Server4PC.exe [2005-11-25 12:27:58 450560]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2002-01-01 05:10:26 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Salamander\\FireTrax\\SalTech.FireTrax.Sync.Server.exe"=
"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Broadband4PC\\bin\\Server4PC.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 sonypvl2;sonypvl2;C:\WINDOWS\system32\drivers\sonypvl2.sys [2003-07-25 15:02]
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 09:10]
R1 sonypvf2;sonypvf2;C:\WINDOWS\system32\drivers\sonypvf2.sys [2003-08-20 10:51]
R1 sonypvt2;sonypvt2;C:\WINDOWS\system32\drivers\sonypvt2.sys [2003-08-20 10:44]
R2 DynDNS_Updater_Service;DynDNS Updater Service;C:\Program Files\DynDNS Updater\DynDNS.exe [2006-09-17 10:32]
R2 MSSQL$NR2005;MSSQL$NR2005;C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe [2002-12-17 17:26]
R2 NeatReceipts Auto Backup;NeatReceipts Auto Backup;C:\Program Files\NeatReceipts Professional\exec\NeatReceiptsAutoBackup.exe [2007-02-09 16:10]
R2 WUSB54GSv2SVC;WUSB54GSv2SVC;C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54GSv2.exe []
S1 sonypvd2;sonypvd2;C:\WINDOWS\system32\DRIVERS\sonypvd2.sys [2003-06-24 10:29]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-07-15 23:14]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10]
S3 ECRDRV;ECRDRV;C:\WINDOWS\system32\drivers\ecrdrv.sys [2004-12-12 11:55]
S3 EraserUtilDrv10621;EraserUtilDrv10621;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10621.sys []
S3 ICDUSB2;Sony IC Recorder (P);C:\WINDOWS\system32\Drivers\ICDUSB2.sys [2002-11-28 22:23]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCNDIS5.SYS [2002-09-09 14:53]
S3 SKYNETU;B2C2 Broadband Receiver USB Adapter;C:\WINDOWS\system32\DRIVERS\SkyNETU.SYS [2004-10-14 01:41]
S3 SQLAgent$NR2005;SQLAgent$NR2005;C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlagent.EXE [2002-12-17 17:23]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18650f4c-1bb6-11da-989c-000f66171d6d}]
\Shell\AutoRun\command - L:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-13 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Delphi 5#Autostart - C:\Documents and Settings\Chuck\Local Settings\Temp\clientviewer.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O18 -: Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} -
O18 -: WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
O18 -: WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
O18 -: WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
O18 -: WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
O18 -: WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
O18 -: WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -

O16 -: {22945A69-1191-4DCF-9E6F-409BDE94D101} - hxxp://heva.solidworks.com/htdocs/pdownload/edrawings/e2007sp04/cab/eModelsStandard.cab
C:\WINDOWS\Downloaded Program Files\eModelsStandard.inf


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 23:08:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-08-12 23:19:34 - machine was rebooted [Chuck]
ComboFix-quarantined-files.txt 2008-08-13 03:19:25

Pre-Run: 128,937,426,944 bytes free
Post-Run: 130,613,940,224 bytes free

264 --- E O F --- 2008-08-12 14:26:05



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:11 PM, on 8/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe
C:\Program Files\NeatReceipts Professional\exec\NeatReceiptsAutoBackup.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\PROGRA~1\TOSHIBA\TOSHIB~1\sc3docmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MySoftware\MyInvoices\tracker.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Salamander\FireTrax\SalTech.FireTrax.Sync.Server.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Broadband4PC\bin\Server4PC.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ToshibaSC3DocMon] C:\PROGRA~1\TOSHIBA\TOSHIB~1\sc3docmon.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [WorkFlowTray] "C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe"
O4 - HKLM\..\Run: [Opware14] "C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Tracker] C:\Program Files\MySoftware\MyInvoices\tracker.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - Startup: HP Organize.lnk = ?
O4 - Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: fireTRAX Server.lnk = C:\Program Files\Salamander\FireTrax\SalTech.FireTrax.Sync.Server.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\Broadband4PC\bin\Server4PC.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://heva.solidworks.com/htdocs/pdownload/edrawings/e2007sp04/cab/eModelsStandard.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://newserver/connectcomputer/nshelp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134505380515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134505367484
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = USFD.local
O17 - HKLM\Software\..\Telephony: DomainName = USFD.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = USFD.local
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: NeatReceipts Auto Backup - Digital Business Processes - C:\Program Files\NeatReceipts Professional\exec\NeatReceiptsAutoBackup.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 17133 bytes

 

Here is my Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:11 PM, on 8/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe
C:\Program Files\NeatReceipts Professional\exec\NeatReceiptsAutoBackup.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\PROGRA~1\TOSHIBA\TOSHIB~1\sc3docmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MySoftware\MyInvoices\tracker.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Salamander\FireTrax\SalTech.FireTrax.Sync.Server.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Broadband4PC\bin\Server4PC.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ToshibaSC3DocMon] C:\PROGRA~1\TOSHIBA\TOSHIB~1\sc3docmon.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [WorkFlowTray] "C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe"
O4 - HKLM\..\Run: [Opware14] "C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Tracker] C:\Program Files\MySoftware\MyInvoices\tracker.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - Startup: HP Organize.lnk = ?
O4 - Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: fireTRAX Server.lnk = C:\Program Files\Salamander\FireTrax\SalTech.FireTrax.Sync.Server.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\Broadband4PC\bin\Server4PC.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://heva.solidworks.com/htdocs/pdownload/edrawings/e2007sp04/cab/eModelsStandard.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://newserver/connectcomputer/nshelp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134505380515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134505367484
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = USFD.local
O17 - HKLM\Software\..\Telephony: DomainName = USFD.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = USFD.local
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: NeatReceipts Auto Backup - Digital Business Processes - C:\Program Files\NeatReceipts Professional\exec\NeatReceiptsAutoBackup.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 17133 bytes


Heres the combofix log
ComboFix 08-08-12.01 - Chuck 2008-08-12 23:00:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.469 [GMT -4:00]
Running from: C:\Documents and Settings\Chuck\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Chuck\Application Data\macromedia\Flash Player\#SharedObjects\7AWSV64A\interclick.com
C:\Documents and Settings\Chuck\Application Data\macromedia\Flash Player\#SharedObjects\7AWSV64A\interclick.com\ud.sol
C:\Documents and Settings\Chuck\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Chuck\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\LocalService\Application Data\521632863.exe
C:\Documents and Settings\LocalService\Application Data\624530661.exe
C:\Documents and Settings\LocalService\Application Data\629773861.exe
C:\Documents and Settings\LocalService\Application Data\633968421.exe
C:\Documents and Settings\LocalService\Application Data\721529861.exe
C:\Documents and Settings\LocalService\Application Data\728739263.exe
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system\oeminfo.ini
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\install.exe
C:\WINDOWS\system32\REGOBJ.DLL
D:\Autorun.inf
K:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CBEVTSVC


((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
.

2008-08-12 15:24 . 2008-08-12 15:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 15:24 . 2008-08-12 15:24 <DIR> d-------- C:\Documents and Settings\Chuck\Application Data\Malwarebytes
2008-08-12 15:24 . 2008-08-12 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-12 15:24 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-12 15:24 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-12 11:14 . 2008-08-12 11:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-12 10:58 . 2008-08-12 10:58 <DIR> d-------- C:\Documents and Settings\Administrator.CHIEF\Application Data\HotSync
2008-08-12 10:57 . 2008-08-12 10:57 <DIR> d-------- C:\Documents and Settings\Administrator.CHIEF\Application Data\ScanSoft
2008-08-12 10:56 . 2008-08-12 10:56 <DIR> d-------- C:\Documents and Settings\Administrator.CHIEF\Application Data\Roxio
2008-07-23 09:55 . 2008-07-23 09:55 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-07-21 14:46 . 2008-07-21 14:46 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-21 14:45 . 2008-07-21 14:45 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-21 14:45 . 2008-07-21 14:46 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-21 14:43 . 2008-07-21 14:43 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-21 14:28 . 2008-04-13 20:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-07-21 14:27 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-13 02:52 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-08-13 02:28 3,645 ----a-w C:\WINDOWS\viassary-hp.reg
2008-08-12 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-12 14:23 --------- d-----w C:\Program Files\DynDNS Updater
2008-08-07 05:07 --------- d-----w C:\Program Files\Google
2008-08-04 21:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-15 15:01 --------- d-----w C:\Program Files\NFPA
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 12:43 --------- d-----w C:\Program Files\MSECache
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-30 17:38 4,237 ----a-w C:\Program Files\MapPro50.Cfg
2008-04-30 17:38 4 ----a-w C:\Program Files\Cscm.bin
2007-08-16 20:00 112,408 ----a-w C:\Program Files\DBTools.log
2007-06-06 17:34 121,968 ----a-w C:\Program Files\Install.log
2006-12-18 21:33 27,526,922 ----a-w C:\Program Files\FH.EXE
2006-12-18 21:33 179,085 ----a-w C:\Program Files\FHWizWks.exe
2006-12-18 21:33 1,735,502 ----a-w C:\Program Files\FHARCHIV.EXE
2006-12-18 21:33 1,570,257 ----a-w C:\Program Files\FHDBTOOL.EXE
2006-12-18 21:33 1,303,542 ----a-w C:\Program Files\FHBACKUP.EXE
2006-12-18 21:33 1,071,262 ----a-w C:\Program Files\fhrecalc.exe
2006-12-18 21:33 1,053,305 ----a-w C:\Program Files\FHACTIV.EXE
2006-12-18 21:24 14,222,257 ----a-w C:\Program Files\FHEXPAND.EXE
2006-10-16 15:43 162,304 ----a-w C:\Program Files\UnInstal.exe
2005-09-14 15:09 0 ----a-w C:\Documents and Settings\Chuck\Application Data\wklnhst.dat
2005-07-22 16:21 1,074,497 ----a-w C:\Program Files\FHINetUp.exe
2005-07-05 19:29 16,893 ----a-w C:\Program Files\UpTemp.log
2004-11-24 21:13 155,648 ----a-w C:\Program Files\KeyLib32.dll
2004-11-24 21:13 15,840 ----a-w C:\Program Files\MachNm1.exe
2004-11-24 21:13 143,360 ----a-w C:\Program Files\emdialog.dll
2004-11-24 21:12 41,548 ----a-w C:\Program Files\FOXTOOLS.FLL
2004-11-24 21:12 16,896 ----a-w C:\Program Files\FFIX4_50.FLL
2001-05-14 12:23 38 ----a-w C:\Program Files\AutoLoad.str
2005-08-10 14:12 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 20:12 1695232]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 19:44 1200128]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 11:23 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-06-13 18:27 2752512]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 04:42 202088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 05:04 52736]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 07:53 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 07:42 659456]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 08:02 61440]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2002-01-01 04:59 180269]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 20:04 278528]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 09:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 10:17 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 10:54 253952]
"ToshibaSC3DocMon"="C:\PROGRA~1\TOSHIBA\TOSHIB~1\sc3docmon.exe" [2002-03-07 22:33 163840]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2005-09-01 13:56 868352]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2005-09-01 13:56 319488]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-02-27 23:01 36864]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-02-27 23:02 40960]
"WorkFlowTray"="C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe" [2004-03-08 14:34 155747]
"Opware14"="C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe" [2004-03-08 14:33 57344]
"OpScheduler"="C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe" [2004-03-08 14:36 114688]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58 856064]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 02:08 483328]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2002-01-01 05:06 98304]
"Tracker"="C:\Program Files\MySoftware\MyInvoices\tracker.exe" [2002-11-25 12:22 102400]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 09:47 131072]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 09:47 163840]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 09:46 135168]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 20:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 11:24 86016 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 16:32 2807808 C:\WINDOWS\ALCWZRD.EXE]

C:\Documents and Settings\Chuck\Start Menu\Programs\Startup\
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2002-01-01 05:09:38 36864]
Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\cinetray.exe [2002-09-18 15:16:30 98304]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-04-12 15:14:35 25214]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 02:05:26 29696]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2005-07-26 12:04:19 209016]
fireTRAX Server.lnk - C:\Program Files\Salamander\FireTrax\SalTech.FireTrax.Sync.Server.exe [2005-10-24 10:07:32 176128]
HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 14:16:08 471040]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 23:28:24 258048]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-02-27 05:00:46 972064]
Server4PC.lnk - C:\Program Files\Broadband4PC\bin\Server4PC.exe [2005-11-25 12:27:58 450560]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2002-01-01 05:10:26 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Salamander\\FireTrax\\SalTech.FireTrax.Sync.Server.exe"=
"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Broadband4PC\\bin\\Server4PC.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 sonypvl2;sonypvl2;C:\WINDOWS\system32\drivers\sonypvl2.sys [2003-07-25 15:02]
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 09:10]
R1 sonypvf2;sonypvf2;C:\WINDOWS\system32\drivers\sonypvf2.sys [2003-08-20 10:51]
R1 sonypvt2;sonypvt2;C:\WINDOWS\system32\drivers\sonypvt2.sys [2003-08-20 10:44]
R2 DynDNS_Updater_Service;DynDNS Updater Service;C:\Program Files\DynDNS Updater\DynDNS.exe [2006-09-17 10:32]
R2 MSSQL$NR2005;MSSQL$NR2005;C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe [2002-12-17 17:26]
R2 NeatReceipts Auto Backup;NeatReceipts Auto Backup;C:\Program Files\NeatReceipts Professional\exec\NeatReceiptsAutoBackup.exe [2007-02-09 16:10]
R2 WUSB54GSv2SVC;WUSB54GSv2SVC;C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54GSv2.exe []
S1 sonypvd2;sonypvd2;C:\WINDOWS\system32\DRIVERS\sonypvd2.sys [2003-06-24 10:29]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-07-15 23:14]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10]
S3 ECRDRV;ECRDRV;C:\WINDOWS\system32\drivers\ecrdrv.sys [2004-12-12 11:55]
S3 EraserUtilDrv10621;EraserUtilDrv10621;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10621.sys []
S3 ICDUSB2;Sony IC Recorder (P);C:\WINDOWS\system32\Drivers\ICDUSB2.sys [2002-11-28 22:23]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCNDIS5.SYS [2002-09-09 14:53]
S3 SKYNETU;B2C2 Broadband Receiver USB Adapter;C:\WINDOWS\system32\DRIVERS\SkyNETU.SYS [2004-10-14 01:41]
S3 SQLAgent$NR2005;SQLAgent$NR2005;C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlagent.EXE [2002-12-17 17:23]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18650f4c-1bb6-11da-989c-000f66171d6d}]
\Shell\AutoRun\command - L:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-13 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Delphi 5#Autostart - C:\Documents and Settings\Chuck\Local Settings\Temp\clientviewer.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O18 -: Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} -
O18 -: WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
O18 -: WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
O18 -: WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
O18 -: WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
O18 -: WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
O18 -: WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -

O16 -: {22945A69-1191-4DCF-9E6F-409BDE94D101} - hxxp://heva.solidworks.com/htdocs/pdownload/edrawings/e2007sp04/cab/eModelsStandard.cab
C:\WINDOWS\Downloaded Program Files\eModelsStandard.inf


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 23:08:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-08-12 23:19:34 - machine was rebooted [Chuck]
ComboFix-quarantined-files.txt 2008-08-13 03:19:25

Pre-Run: 128,937,426,944 bytes free
Post-Run: 130,613,940,224 bytes free

264 --- E O F --- 2008-08-12 14:26:05

 

20g heres the log

ComboFix 08-08-12.01 - Chuck 2008-08-12 23:00:03.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.469 [GMT -4:00]
Running from: C:\Documents and Settings\Chuck\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Chuck\Application Data\macromedia\Flash Player\#SharedObjects\7AWSV64A\interclick.com
C:\Documents and Settings\Chuck\Application Data\macromedia\Flash Player\#SharedObjects\7AWSV64A\interclick.com\ud.sol
C:\Documents and Settings\Chuck\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Chuck\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\LocalService\Application Data\521632863.exe
C:\Documents and Settings\LocalService\Application Data\624530661.exe
C:\Documents and Settings\LocalService\Application Data\629773861.exe
C:\Documents and Settings\LocalService\Application Data\633968421.exe
C:\Documents and Settings\LocalService\Application Data\721529861.exe
C:\Documents and Settings\LocalService\Application Data\728739263.exe
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system\oeminfo.ini
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\install.exe
C:\WINDOWS\system32\REGOBJ.DLL
D:\Autorun.inf
K:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CBEVTSVC


((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
.

2008-08-12 15:24 . 2008-08-12 15:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 15:24 . 2008-08-12 15:24 <DIR> d-------- C:\Documents and Settings\Chuck\Application Data\Malwarebytes
2008-08-12 15:24 . 2008-08-12 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-12 15:24 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-12 15:24 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-12 11:14 . 2008-08-12 11:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-12 10:58 . 2008-08-12 10:58 <DIR> d-------- C:\Documents and Settings\Administrator.CHIEF\Application Data\HotSync
2008-08-12 10:57 . 2008-08-12 10:57 <DIR> d-------- C:\Documents and Settings\Administrator.CHIEF\Application Data\ScanSoft
2008-08-12 10:56 . 2008-08-12 10:56 <DIR> d-------- C:\Documents and Settings\Administrator.CHIEF\Application Data\Roxio
2008-07-23 09:55 . 2008-07-23 09:55 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-07-21 14:46 . 2008-07-21 14:46 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-21 14:45 . 2008-07-21 14:45 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-21 14:45 . 2008-07-21 14:46 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-21 14:43 . 2008-07-21 14:43 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-21 14:28 . 2008-04-13 20:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-07-21 14:27 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-13 02:52 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-08-13 02:28 3,645 ----a-w C:\WINDOWS\viassary-hp.reg
2008-08-12 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-12 14:23 --------- d-----w C:\Program Files\DynDNS Updater
2008-08-07 05:07 --------- d-----w C:\Program Files\Google
2008-08-04 21:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-15 15:01 --------- d-----w C:\Program Files\NFPA
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 12:43 --------- d-----w C:\Program Files\MSECache
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-30 17:38 4,237 ----a-w C:\Program Files\MapPro50.Cfg
2008-04-30 17:38 4 ----a-w C:\Program Files\Cscm.bin
2007-08-16 20:00 112,408 ----a-w C:\Program Files\DBTools.log
2007-06-06 17:34 121,968 ----a-w C:\Program Files\Install.log
2006-12-18 21:33 27,526,922 ----a-w C:\Program Files\FH.EXE
2006-12-18 21:33 179,085 ----a-w C:\Program Files\FHWizWks.exe
2006-12-18 21:33 1,735,502 ----a-w C:\Program Files\FHARCHIV.EXE
2006-12-18 21:33 1,570,257 ----a-w C:\Program Files\FHDBTOOL.EXE
2006-12-18 21:33 1,303,542 ----a-w C:\Program Files\FHBACKUP.EXE
2006-12-18 21:33 1,071,262 ----a-w C:\Program Files\fhrecalc.exe
2006-12-18 21:33 1,053,305 ----a-w C:\Program Files\FHACTIV.EXE
2006-12-18 21:24 14,222,257 ----a-w C:\Program Files\FHEXPAND.EXE
2006-10-16 15:43 162,304 ----a-w C:\Program Files\UnInstal.exe
2005-09-14 15:09 0 ----a-w C:\Documents and Settings\Chuck\Application Data\wklnhst.dat
2005-07-22 16:21 1,074,497 ----a-w C:\Program Files\FHINetUp.exe
2005-07-05 19:29 16,893 ----a-w C:\Program Files\UpTemp.log
2004-11-24 21:13 155,648 ----a-w C:\Program Files\KeyLib32.dll
2004-11-24 21:13 15,840 ----a-w C:\Program Files\MachNm1.exe
2004-11-24 21:13 143,360 ----a-w C:\Program Files\emdialog.dll
2004-11-24 21:12 41,548 ----a-w C:\Program Files\FOXTOOLS.FLL
2004-11-24 21:12 16,896 ----a-w C:\Program Files\FFIX4_50.FLL
2001-05-14 12:23 38 ----a-w C:\Program Files\AutoLoad.str
2005-08-10 14:12 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 20:12 1695232]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 19:44 1200128]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 11:23 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-06-13 18:27 2752512]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 04:42 202088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 05:04 52736]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 07:53 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 07:42 659456]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 08:02 61440]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2002-01-01 04:59 180269]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 20:04 278528]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 09:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 10:17 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 10:54 253952]
"ToshibaSC3DocMon"="C:\PROGRA~1\TOSHIBA\TOSHIB~1\sc3docmon.exe" [2002-03-07 22:33 163840]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2005-09-01 13:56 868352]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2005-09-01 13:56 319488]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-02-27 23:01 36864]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-02-27 23:02 40960]
"WorkFlowTray"="C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe" [2004-03-08 14:34 155747]
"Opware14"="C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe" [2004-03-08 14:33 57344]
"OpScheduler"="C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe" [2004-03-08 14:36 114688]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58 856064]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 02:08 483328]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2002-01-01 05:06 98304]
"Tracker"="C:\Program Files\MySoftware\MyInvoices\tracker.exe" [2002-11-25 12:22 102400]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 09:47 131072]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 09:47 163840]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 09:46 135168]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 20:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 11:24 86016 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 16:32 2807808 C:\WINDOWS\ALCWZRD.EXE]

C:\Documents and Settings\Chuck\Start Menu\Programs\Startup\
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2002-01-01 05:09:38 36864]
Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\cinetray.exe [2002-09-18 15:16:30 98304]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-04-12 15:14:35 25214]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 02:05:26 29696]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2005-07-26 12:04:19 209016]
fireTRAX Server.lnk - C:\Program Files\Salamander\FireTrax\SalTech.FireTrax.Sync.Server.exe [2005-10-24 10:07:32 176128]
HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 14:16:08 471040]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 23:28:24 258048]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-02-27 05:00:46 972064]
Server4PC.lnk - C:\Program Files\Broadband4PC\bin\Server4PC.exe [2005-11-25 12:27:58 450560]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2002-01-01 05:10:26 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Salamander\\FireTrax\\SalTech.FireTrax.Sync.Server.exe"=
"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Broadband4PC\\bin\\Server4PC.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 sonypvl2;sonypvl2;C:\WINDOWS\system32\drivers\sonypvl2.sys [2003-07-25 15:02]
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 09:10]
R1 sonypvf2;sonypvf2;C:\WINDOWS\system32\drivers\sonypvf2.sys [2003-08-20 10:51]
R1 sonypvt2;sonypvt2;C:\WINDOWS\system32\drivers\sonypvt2.sys [2003-08-20 10:44]
R2 DynDNS_Updater_Service;DynDNS Updater Service;C:\Program Files\DynDNS Updater\DynDNS.exe [2006-09-17 10:32]
R2 MSSQL$NR2005;MSSQL$NR2005;C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe [2002-12-17 17:26]
R2 NeatReceipts Auto Backup;NeatReceipts Auto Backup;C:\Program Files\NeatReceipts Professional\exec\NeatReceiptsAutoBackup.exe [2007-02-09 16:10]
R2 WUSB54GSv2SVC;WUSB54GSv2SVC;C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54GSv2.exe []
S1 sonypvd2;sonypvd2;C:\WINDOWS\system32\DRIVERS\sonypvd2.sys [2003-06-24 10:29]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-07-15 23:14]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10]
S3 ECRDRV;ECRDRV;C:\WINDOWS\system32\drivers\ecrdrv.sys [2004-12-12 11:55]
S3 EraserUtilDrv10621;EraserUtilDrv10621;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10621.sys []
S3 ICDUSB2;Sony IC Recorder (P);C:\WINDOWS\system32\Drivers\ICDUSB2.sys [2002-11-28 22:23]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCNDIS5.SYS [2002-09-09 14:53]
S3 SKYNETU;B2C2 Broadband Receiver USB Adapter;C:\WINDOWS\system32\DRIVERS\SkyNETU.SYS [2004-10-14 01:41]
S3 SQLAgent$NR2005;SQLAgent$NR2005;C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlagent.EXE [2002-12-17 17:23]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18650f4c-1bb6-11da-989c-000f66171d6d}]
\Shell\AutoRun\command - L:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-13 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Delphi 5#Autostart - C:\Documents and Settings\Chuck\Local Settings\Temp\clientviewer.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O18 -: Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} -
O18 -: WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
O18 -: WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
O18 -: WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
O18 -: WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
O18 -: WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
O18 -: WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -

O16 -: {22945A69-1191-4DCF-9E6F-409BDE94D101} - hxxp://heva.solidworks.com/htdocs/pdownload/edrawings/e2007sp04/cab/eModelsStandard.cab
C:\WINDOWS\Downloaded Program Files\eModelsStandard.inf


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 23:08:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-08-12 23:19:34 - machine was rebooted [Chuck]
ComboFix-quarantined-files.txt 2008-08-13 03:19:25

Pre-Run: 128,937,426,944 bytes free
Post-Run: 130,613,940,224 bytes free

264 --- E O F --- 2008-08-12 14:26:05

 

2og

Sorry about multiple posts it never completed on my screen.....

Thanks for your help you rock......

 

what do you mean, never completed your screen??

 

Great Job fire27, 3 good ones.


Congratulations your log looks CLEAN

If you don’t have any problems, please complete this final… Else, let me know.

There are a few things you must do once you are completely clean:

1. Time for some housekeeping

Please download the OTMoveIt2 by OldTimer

• Save it to your desktop.
• Run the tool by clicking on the icon.
• Click the Cleanup button.

• The tools that we used as well as this one will be removed from your system.


2. Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.

• Under Main "Select Files to Delete" choose: Select All.
• Click the Empty Selected button.

• If you use Firefox browser click Firefox at the top and choose: Select All
• Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.

• If you use Opera browser click Opera at the top and choose: Select All
• Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.

• Click Exit on the Main menu to close the program.



3. Now Set a New Restore Point to prevent possible reinfection from an old one.
Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

• Go to Start > Programs > Accessories > System Tools and click "System Restore".

• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

• Then go to Start > Run and type: Cleanmgr
• Click "OK"
Select the drive you want to clean usually C:
Click OK
When it completes the scan:
• Click the "More Options" Tab.
• Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.


4. Defragment your Hard Drive

1.Open My Computer.
2.Right-click the local disk volume that you want to defragment, and then click Properties.
3.On the Tools tab, click Defragment Now.
4.Click Defragment.




And here are some tips to reduce the potential for spyware infection in the future:

Download and install Spywareblaster <= SpywareBlaster will prevent Bad ActiveX and spyware from being installed.

In order to prevent the installation of Trojans and Malware on your machine:
Download and install: Comodo BOClean

This little jewel is an AntiMalware/AntiTrojan program that is very non-invasive. It doesn’t scan for malware that has been installed, it just sits in the tray and captures malware BEFORE it is installed.. It has about 60,000 definitions in the data base and updates every day. Install this and you may never get another Trojan or Malware…..


Make sure you keep your Windows OS current by visiting Windows update
regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.


And also see TonyKlein's good advice
So how did I get infected in the first place?




Enjoy your clean computer. Any questions?


2OG

 

O2G

When I tried to post the logs last night it just sat there for about 20 minutes. I hit back button but didn't see that it posted them anyway so I did it again. Every thing seems good, no more norton warnings.

Thanks Again sir

 

You're welcome, fire27.

Happy Surfing............. oops.

Did I miss a bug?

 

2OG

Does this log look infected ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:32 PM, on 8/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061207
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061207
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINDOWS\COUPON~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponBarIE.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [A00FB9492B5B.exe] C:\DOCUME~1\UPPERS~1\LOCALS~1\Temp\_A00FB9492B5B.exe
O4 - HKCU\..\Run: [A00F3055B7E.exe] C:\DOCUME~1\UPPERS~1\LOCALS~1\Temp\_A00F3055B7E.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUzeb004NYUS_ZUxdm082YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitialSetup1.0.1.0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171211989828
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: __c00328BA - C:\WINDOWS\system32\__c00328BA.dat (file missing)
O20 - Winlogon Notify: __c0068A9D - C:\WINDOWS\system32\__c0068A9D.dat (file missing)
O20 - Winlogon Notify: __c00DA139 - C:\WINDOWS\system32\__c00DA139.dat
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12761 bytes

 

Hey fire27,

Yes, very highly infected!

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Please post contents of that file in your next reply.



Download ComboFix from Here But, BEFORE saving it to your Desktop, Rename it to Combo-Fix.exe with a hyphen – in the middle.

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post the Combofix log, MBAM Log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Extra-Note: Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist.

TNX
2OG

 

Here we go again.

Malwarebytes' Anti-Malware 1.24
Database version: 1059
Windows 5.1.2600 Service Pack 2

10:27:47 PM 8/16/2008
mbam-log-8-16-2008 (22-27-47).txt

Scan type: Full Scan (C:\|)
Objects scanned: 83928
Time elapsed: 26 minute(s), 46 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 7
Registry Keys Infected: 183
Registry Values Infected: 14
Registry Data Items Infected: 0
Folders Infected: 71
Files Infected: 156

Memory Processes Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (Adware.Shopper) -> Delete on reboot.
C:\Program Files\alot\bin\alot.dll (Adware.BHO) -> Delete on reboot.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\WINDOWS\system32\__c00DA139.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\__c00F8016.dat (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\alot (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotToolbar (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00da139 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00328ba (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0068a9d (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Delete on reboot.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Delete on reboot.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> Delete on reboot.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\alot (Adware.BHO) -> Delete on reboot.
C:\Program Files\alot\bin (Adware.BHO) -> Delete on reboot.
C:\Documents and Settings\Upper Saucon EMC\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\BrowserSearch (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_0 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_1 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_10 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_11 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_2 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_3 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_4 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_5 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_6 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_7 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_8 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_9 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\configurator (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\ErrorSearch (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\postInstallLayout (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\products (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_0 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_0\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_1 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_1\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_2 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_2\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_3 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_3\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_4 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_4\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_5 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_5\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_6 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_6\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_7 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_7\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_8 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_8\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Shared (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Shared\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\TimerManager (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\ToolbarSearch (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Updater (Adware.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (Adware.Shopper) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\alot\bin\alot.dll (Adware.BHO) -> Delete on reboot.
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\5D0E7F05 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\5D0E83E7.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\5D0E85EB.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\5D0E927D.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\5D0E93B6.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\alot\alotUninst.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\toolbar.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\BrowserSearch\BrowserSearch.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_0\Button_0.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_0\Button_0.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_1\Button_1.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_1\Button_1.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_10\Button_10.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_10\Button_10.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_11\Button_11.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_11\Button_11.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_2\Button_2.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_2\Button_2.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_3\Button_3.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_3\Button_3.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_4\Button_4.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_4\Button_4.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_5\Button_5.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_5\Button_5.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_6\Button_6.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_6\Button_6.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_7\Button_7.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_7\Button_7.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_8\Button_8.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_8\Button_8.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_9\Button_9.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Button_9\Button_9.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\configurator\configurator.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\configurator\configurator.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\ErrorSearch\ErrorSearch.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\postInstallLayout\postInstallLayout.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\products\products.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\products\products.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_0\images\alot_icon_35x16.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_1\images\alot_search_24x16.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_2\images\default_216_alot_recipe_recipesearch.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_3\images\clear.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_3\images\default_281_alot_weather_widget.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_3\images\nclear.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_4\images\default_338_alot_recipe_reciperssfeed.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_5\images\default_218_alot_recipe_cupboard.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_6\images\default_219_alot_recipe_recipevideos.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_7\images\default_205_alot_mrkt_harry_david.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Button_8\images\default_441_alot_mrkt_tv.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Shared\domains.dat (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Shared\images\alot_brand.png (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Shared\images\spinner.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Shared\images\widget_bottom.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Shared\images\widget_btnmin0.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Shared\images\widget_btnmin1.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Shared\images\widget_caption.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Shared\images\widget_error_close.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\TimerManager\TimerManager.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\TimerManager\TimerManager.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\ToolbarSearch\ToolbarSearch.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Updater\Updater.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Upper Saucon EMC\Application Data\alot\Updater\Updater.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0010698.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00DA139.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\__c00F8016.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

 

ComboFix 08-08-16.01 - Upper Saucon EMC 2008-08-17 10:23:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.152 [GMT -4:00]
Running from: C:\Documents and Settings\Upper Saucon EMC\My Documents\Combo-Fix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Upper Saucon EMC\Application Data\macromedia\Flash Player\#SharedObjects\J3NQRW24\interclick.com
C:\Documents and Settings\Upper Saucon EMC\Application Data\macromedia\Flash Player\#SharedObjects\J3NQRW24\interclick.com\ud.sol
C:\Documents and Settings\Upper Saucon EMC\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Upper Saucon EMC\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Upper Saucon EMC\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@2o7[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@a.hasbro[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@abpa.yahoo.idx.prupattwhite[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@ad.yieldmanager[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@adopt.specificclick[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@adrevolver[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@ads.pointroll[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@ads.revsci[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@advertising[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@allaboardtoys[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@allentownbethlehempa.yahoo.idx.prudentialregency[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@arn.aavalue[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@azjmp[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@bluestreak[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@buycostumes[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@c.realtytrac[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@cafepress[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@cc-dt[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@citysearch[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@cts.metricsdirect[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@discovery[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@ds.contextweb[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@ebay[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@edge.ru4[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@ehg-cygnusbm.hitbox[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@ehg-equifax.hitbox[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@ehg-gatehousemedia.hitbox[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@ehg-hasbro.hitbox[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@ehg-hersheyentertainment.hitbox[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@ehg-legacy.hitbox[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@ehg-ltdcommodities.hitbox[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@ehg-nestleusainc.hitbox[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@ehg-traderelectronicmedia.hitbox[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@ehg-traderpublishing.hitbox[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@ehg-wachovia.hitbox[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@ehg-warnerbrothers.hitbox[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@everythingbags[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@fastclick[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@fiction.randomhouse[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@go[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@homedepot[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@imiclk[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@insightexpressai[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@interclick[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@kohls.shoplocal[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@main.ebayrtm[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@metacafe[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@overture[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@phg.hitbox[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@philadelphia.yahoo.idx.prufoxroach[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@promobenef[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@proworldinc[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@questionmarket[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@realmedia[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@revsci[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@roiservice[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@shop.advanceweb[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@specificclick[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@stat.dealtime[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@statcounter[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@store.yahoo[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@topix[3].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@toysrus.shoplocal[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@track.bestbuy[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@trafficmp[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@turn[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@usatoday[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@vendorweb.citibank[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@walmart[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@www.buycostumes[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@www.cafemom[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@www.lowes[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@www.mypix[3].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@www35.vzw[1].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@yahoo.idx.prukeystoneproperties[2].txt
C:\Documents and Settings\Upper Saucon EMC\Cookies\upper_saucon_emc@yelp[2].txt
C:\WINDOWS\system32\__c008D1F2.dat
C:\WINDOWS\system32\__c0093DD0.dat
C:\xcrashdump.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2008-07-17 to 2008-08-17 )))))))))))))))))))))))))))))))
.

2008-08-16 21:53 . 2008-08-16 21:53 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-16 21:53 . 2008-08-16 21:53 <DIR> d-------- C:\Documents and Settings\Upper Saucon EMC\Application Data\Malwarebytes
2008-08-16 21:53 . 2008-08-16 21:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-16 21:53 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-16 21:53 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-16 21:42 . 2008-08-16 21:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-14 20:56 . 2008-05-01 10:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-17 14:29 --------- d-----w C:\Documents and Settings\Upper Saucon EMC\Application Data\AVG7
2008-07-16 00:27 144 ----a-w C:\domains.dat
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 14:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 04:24 20480]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 23:57 395776]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 18:55 68856]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 11:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 11:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 11:45 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 20:48 761947]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 11:28 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 11:28 602182]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-03 20:51 1032192]
"CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 17:57 57344]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-12-07 06:32 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-07 06:33 98304]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 07:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50 81920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-12-07 06:34 236544]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2006-08-22 17:32 184320]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 18:15 579584]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 01:30 282624 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 17:19 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2006-12-07 06:32:32 156784]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-12-07 06:31:42 24576]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-04 00:07:32 81920]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 17:08]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-07-16 12:14]
.
- - - - ORPHANS REMOVED - - - -

Notify-__c008D1F2 - C:\WINDOWS\system32\__c008D1F2.dat


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061207
O8 -: &Search
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O16 -: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://onlinedesigner.hgtv.com/images/app/view22rte.cab
C:\WINDOWS\Downloaded Program Files\v22.inf
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\system32\shfolder.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll
C:\WINDOWS\system32\DXFLib.dll
C:\WINDOWS\system32\devil.dll
C:\WINDOWS\system32\opcode.dll
C:\WINDOWS\Downloaded Program Files\View22RTE.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 10:28:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\System32\CSCDLL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Grisoft\AVG7\avgw.exe
.
**************************************************************************
.
Completion time: 2008-08-17 10:33:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-17 14:33:00

Pre-Run: 64,754,442,240 bytes free
Post-Run: 65,021,710,336 bytes free

244 --- E O F --- 2008-08-16 00:14:59

 

And heres the hijack this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:52 AM, on 8/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061207
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171211989828
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9850 bytes

 

Congratulations fire27, your log now looks CLEAN

Things to do:
Install a firewall – see below.

Get XP SP3 -> HERE

Update your Java – see below.

Your AVG7 is has been replaced with AVG8 and will soon stop updating. I recommend Avira Antivir as your Antivirus it’s FREE. It is better than AVG and most of the Paid AV’s. Most people won’t use it because of the Nag screens after it updates, trying to get you to buy it, but there is a way around that…. ; )


Download Avira Antivir -> HERE


In order to disable the Nag screens in Avira Antivir you must use the Safe Mode in an Administrator account.

1. Boot into Safe Mode (tap F8 repeatedly after you restart the computer)
2. Log in using the Administrator account
3. Go to C:\Program Files\(Avira)\AntiVir PersonalEdition Classic\avnotify.exe
4. Right-click avnotify.exe-> properties-> security tab
5. Under the Group or user names: you will see all of the users. Start with the first user and click, highlight….
6. Check the Deny Read and Execute box the Read box will automatically check.
7. Now perform step 6 for all of the other users-> apply-> yes/ok-> close all open windows
8. Reboot the computer into Normal Mode (start-> shutdown-> restart)


Here are a few other things you must do once you are completely clean:

1. Time for some housekeeping

Please download the OTMoveIt2 by OldTimer

• Save it to your desktop.
• Run the tool by clicking on the icon.
• Click the Cleanup button.

• The tools that we used as well as this one will be removed from your system.


2. Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.

• Under Main "Select Files to Delete" choose: Select All.
• Click the Empty Selected button.

• If you use Firefox browser click Firefox at the top and choose: Select All
• Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.

• If you use Opera browser click Opera at the top and choose: Select All
• Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.

• Click Exit on the Main menu to close the program.


3. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them.

Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 7 and save it to your desktop.
• Scroll down to where it says The Java SE Runtime Environment (JRE) allows end-users to run Java applications..
• Click the Download button to the right.
• Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.




4. Now Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

• Go to Start > Programs > Accessories > System Tools and click "System Restore".

• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

• Then go to Start > Run and type: Cleanmgr
• Click "OK"
Select the drive you want to clean usually C:
Click OK
When it completes the scan:
• Click the "More Options" Tab.
• Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.


5. Defragment your Hard Drive

1.Open My Computer.
2.Right-click the local disk volume that you want to defragment, and then click Properties.
3.On the Tools tab, click Defragment Now.
4.Click Defragment.




And here are some tips to reduce the potential for spyware infection in the future:


It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions. Two good ones are are Comodo Free and Online Armor Personal Firewall
I have recently changed my firewall to Comodo, love it and highly recommend it..

Make sure you keep your Windows OS current by visiting Windows update
regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

I strongly recommend installing the following applications:

• Spywareblaster <= SpywareBlaster will prevent spyware from being installed.


Go to these sites and read about these you may decide to use them, I do, because they work.

• Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Malware, Cookies etc) from the sites listed, although you will still be able to connect to the sites.

• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know Malware sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer



Also, see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.


And see TonyKlein's good advice
So how did I get infected in the first place?




Enjoy your clean computer. Any questions?

The oldgeek knows how to get the bugs out…. Oops, missed one..



2OG

 

2OG
Wow thats quite a bit of information.. Thanks!I am learning alot.