Tech Support Forum - View Single Post - IE7 screwed up by malware? virus obfustat.ADXW?

lowellc · 01-09-2008, 08:28 AM

Thanks for taking this on Ried.

ComboFix 08-01-09.2 - Lowell 2008-01-09 8:46:14.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1289 [GMT -6:00]
Running from: C:\Documents and Settings\Lowell\Desktop\ComboFix.exe
Command switches used :: and Settings\Lowell\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Lowell\g2mdlhlpx.exe
C:\WINDOWS\system32\deskadpl.dll
C:\WINDOWS\Tasks.\At1.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_JQFHHUKY
-------\jqfhhuky

((((((((((((((((((((((((( Files Created from 2007-12-09 to 2008-01-09 )))))))))))))))))))))))))))))))
.

2008-01-09 08:45 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 19:27 . 2008-01-08 19:27 <DIR> d-------- C:\Deckard
2008-01-08 18:21 . 2008-01-08 18:21 <DIR> d-------- C:\ie-spyad_zo
2008-01-08 18:16 . 2008-01-08 18:16 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-08 16:51 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\kehmuyfogwki.sys
2008-01-08 16:03 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\dwvrswwoatll.sys
2008-01-08 15:48 . 2008-01-08 15:48 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-08 15:48 . 2008-01-08 16:50 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-08 15:48 . 2008-01-08 16:50 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-08 15:48 . 2008-01-08 16:50 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-07 17:10 . 2008-01-07 17:10 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-07 12:10 . 2008-01-09 08:50 45,056 --a------ C:\WINDOWS\system32\acovcnt.exe
2008-01-06 18:30 . 2008-01-08 18:36 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-01-05 20:25 . 2008-01-05 20:56 131 --a------ C:\WINDOWS\eDexter.INI
2008-01-05 20:24 . 2008-01-05 20:24 <DIR> d-------- C:\Program Files\Pyrenean
2008-01-05 17:43 . 2008-01-05 17:43 <DIR> d-------- C:\Program Files\ACW
2008-01-05 15:14 . 2008-01-05 15:14 <DIR> d-------- C:\Program Files\IObit
2008-01-05 13:03 . 2008-01-05 13:03 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-01-05 13:03 . 2008-01-05 13:03 <DIR> d-------- C:\Program Files\chatsupport.palm.com
2008-01-02 00:06 . 2008-01-02 00:06 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-02 00:06 . 2008-01-02 00:06 <DIR> d-------- C:\Program Files\CCleaner
2008-01-01 14:53 . 2008-01-01 14:53 <DIR> d--hs---- C:\FOUND.010
2008-01-01 12:27 . 2008-01-01 12:27 <DIR> d-------- C:\Documents and Settings\Lowell\Application Data\Grisoft
2008-01-01 12:27 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-01 10:11 . 2008-01-01 10:11 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-01 10:09 . 2008-01-01 10:09 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-12-31 09:35 . 2007-12-31 09:35 120,576 --a------ C:\WINDOWS\system32\kaqtquft.dat
2007-12-31 09:28 . 2007-12-31 09:28 <DIR> d-------- C:\WINDOWS\system32\AppCert
2007-12-31 09:28 . 2007-12-31 09:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-31 09:28 . 2007-12-31 09:28 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-20 17:07 . 2007-12-20 17:07 <DIR> d-------- C:\Program Files\REFN
2007-12-12 13:02 . 2007-10-10 17:55 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-12 13:02 . 2007-06-30 21:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-12 13:02 . 2007-06-30 21:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-12 13:02 . 2007-10-10 17:55 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-12 13:02 . 2007-10-10 17:55 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-12 13:02 . 2007-10-10 17:55 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-12 13:02 . 2007-10-10 17:55 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-12 13:02 . 2007-10-10 17:55 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-12 13:02 . 2007-10-10 04:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-12 12:57 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 15:30 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys_old
2007-12-09 05:39 75 ----a-w C:\StandbyRestart.bat
2007-11-26 21:10 --------- d-----w C:\Documents and Settings\Lowell\Application Data\VREO
2007-11-23 19:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-16 17:55 --------- d-----w C:\Documents and Settings\Lowell\Application Data\Real Estate Center
2007-11-16 17:53 --------- d-----w C:\Program Files\Real Estate Center
2007-11-14 21:38 --------- d-----w C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 16:58 --------- d-----w C:\Program Files\Dictionary
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-31 11:12 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 23:40 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-13 17:15 20,480 ----a-w C:\WINDOWS\rmlluf32.dll
2007-10-11 05:57 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 05:57 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 05:57 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 05:57 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 05:57 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 23:56 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:56 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-05-23 21:01 630,784 ------w C:\Documents and Settings\Lowell\GoToAssist_chat2way__317_en.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FE366D6-9974-4307-9CB5-7DACDDA3A061}]
C:\WINDOWS\system32\inetcplcn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 20:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
"updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 12:50 68856]
"Steam"="" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-05-30 21:31 98304]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [2004-08-04 20:00 16384]
"TabletTip"="C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" [2005-04-25 21:10 271872]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006-02-28 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-02-28 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-02-28 20:00 455168]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20 180224]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2006-04-21 13:18 29696]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-26 20:51 761946]
"Zshutdown"="c:\sysprep\patch\sysprep.cmd" [ ]
"ABLKSR"="C:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 19:14 61440]
"RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 11:51 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 11:52 602182]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 11:56 569413]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2006-02-21 19:36 17920]
"Lexmark X6100 Series"="C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 00:01 57344]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 07:12 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 17:26 217088]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-06-22 08:32 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-06-22 08:32 155648]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-06-22 08:32 131072]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16:08 16380416 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="%windir%\help\wizard.hta" [ ]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-27 07:58 219136]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 12:50 68856]

C:\Documents and Settings\Lowell\Start Menu\Programs\Startup\
eDexter.lnk - C:\Program Files\Pyrenean\eDexter\eDexter.exe [2001-07-29 18:26:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-05-16 11:42:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
IfxWlxEN.dll 2006-03-10 00:20 434176 C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 2004-08-04 20:00 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 2006-04-21 13:29 39936 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
TabBtnWL.dll 2002-08-29 03:41 11776 C:\WINDOWS\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 2004-08-04 20:00 30208 C:\WINDOWS\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-08-14 09:52 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2005-11-29 03:50]
R2 smihlp;SMI helper driver;C:\Program Files\Protector Suite QL\smihlp.sys [2006-04-21 13:15]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-20 20:19]
R3 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2007-03-04 17:31]
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-10 00:07]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-04-21 13:25]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PCTINDIS5.SYS [2006-12-27 07:32]
S3 pnetmdm;PdaNet Modem;C:\WINDOWS\system32\DRIVERS\pnetmdm.sys [2006-09-28 15:32]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-07 17

02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-07 02:40:10 C:\WINDOWS\Tasks\SmartDefrag.job"
- C:\Program Files\IObit\IObit SmartDefrag\schedule.exeA
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 08:50:48
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll
.
Completion time: 2008-01-09 8:52:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-09 14:52:10
.
2008-01-02 09:01:07 --- E O F ---

Here is the new Hijack This scan:

Deckard's System Scanner v20071014.68
Run by Lowell on 2008-01-09 09:12:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Lowell.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:11 AM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\WINDOWS\system32\IFXSPMGT.exe
c:\WINDOWS\system32\IFXTCS.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Pyrenean\eDexter\eDexter.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\acovcnt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\Program Files\Infineon\Security Platform Software\PSDrt.exe
c:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Lowell\Desktop\dss.exe
D:\NonRE\DOWNLO~1\Lowell.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/LWww2/NewXPHome2.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FE366D6-9974-4307-9CB5-7DACDDA3A061} - C:\WINDOWS\system32\inetcplcn.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd
O4 - HKLM\..\Run: [ABLKSR] C:\windows\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Startup: eDexter.lnk = C:\Program Files\Pyrenean\eDexter\eDexter.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} (Tkweb Control) - http://toolkitcma.com/tkweb/tkweb.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.0.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 13511 bytes

-- Files created between 2007-12-09 and 2008-01-09 -----------------------------

2008-01-08 18:21:02 0 d-------- C:\ie-spyad_zo
2008-01-08 18:16:43 0 d-------- C:\Program Files\SpywareBlaster
2008-01-08 16:51:49 8576 --a------ C:\WINDOWS\system32\drivers\kehmuyfogwki.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-08 16:03:41 8576 --a------ C:\WINDOWS\system32\drivers\dwvrswwoatll.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-08 15:48:01 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-07 17:10:04 0 d-------- C:\Program Files\Microsoft Silverlight
2008-01-07 12:10:19 45056 --a------ C:\WINDOWS\system32\acovcnt.exe
2008-01-05 20:24:30 0 d-------- C:\Program Files\Pyrenean
2008-01-05 17:43:10 0 d-------- C:\Program Files\ACW
2008-01-05 15:14:02 0 d-------- C:\Program Files\IObit
2008-01-05 14:50:37 0 dr-h----- C:\Documents and Settings\Lowell\Recent
2008-01-05 13:03:02 0 d-------- C:\Program Files\Common Files\supportsoft
2008-01-05 13:03:02 0 d-------- C:\Program Files\chatsupport.palm.com
2008-01-02 00

21 0 d-------- C:\Program Files\Yahoo!
2008-01-02 00

16 0 d-------- C:\Program Files\CCleaner
2008-01-01 14:53:46 0 d--hs---- C:\FOUND.010
2008-01-01 12:27:19 0 d-------- C:\Documents and Settings\Lowell\Application Data\Grisoft
2008-01-01 10:11:26 0 d-------- C:\Program Files\Lavasoft
2008-01-01 10:09:53 0 d-------- C:\Program Files\RogueRemover FREE
2007-12-31 09:35:44 120576 --a------ C:\WINDOWS\system32\kaqtquft.dat
2007-12-31 09:28:51 0 d-------- C:\WINDOWS\system32\AppCert
2007-12-20 17:07:30 0 d-------- C:\Program Files\REFN
2007-12-12 12:57:23 0 d-------- C:\WINDOWS\network diagnostic

-- Find3M Report ---------------------------------------------------------------

2007-12-08 23:39:28 75 --a------ C:\StandbyRestart.bat
2007-11-26 15:10:34 0 d-------- C:\Documents and Settings\Lowell\Application Data\VREO
2007-11-16 11:55:08 0 d-------- C:\Documents and Settings\Lowell\Application Data\Real Estate Center
2007-11-16 11:53:40 0 d-------- C:\Program Files\Real Estate Center
2007-11-14 15:38:06 0 d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-11-11 10:58:38 0 d-------- C:\Program Files\Dictionary
2007-10-15 18:54:54 1165 --a------ C:\WINDOWS\mozver.dat
2007-10-13 11:15:40 20480 --a------ C:\WINDOWS\rmlluf32.dll
2007-10-10 22:11:54 2058 --a------ C:\WINDOWS\RenHosts.bat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FE366D6-9974-4307-9CB5-7DACDDA3A061}]
C:\WINDOWS\system32\inetcplcn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [05/30/2006 09:31 PM]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [08/04/2004 08:00 PM]
"TabletTip"="C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" [04/25/2005 09:10 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [02/28/2006 08:00 PM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [02/28/2006 08:00 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [02/28/2006 08:00 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [02/28/2006 08:00 PM]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [02/21/2006 03:20 PM]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [04/21/2006 01:18 PM]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [10/17/2005 05:09 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/26/2006 08:51 PM]
"Zshutdown"="c:\sysprep\patch\sysprep.cmd" []
"ABLKSR"="C:\windows\ABLKSR\ABLKSR.exe" [01/02/2006 07:14 PM]
"RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [01/12/2005 03:01 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [01/12/2006 04:40 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [04/14/2006 11:51 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [04/14/2006 11:52 AM]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [04/14/2006 11:56 AM]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [02/21/2006 07:36 PM]
"Lexmark X6100 Series"="C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" [09/23/2003 12:01 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [12/21/2007 07:12 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [03/23/2005 05:26 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 10:54 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 07:05 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [06/22/2007 08:32 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [06/22/2007 08:32 AM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [06/22/2007 08:32 AM]
"RTHDCPL"="RTHDCPL.EXE" [07/05/2007 04:08 PM C:\WINDOWS\RTHDCPL.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 08:00 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24 AM]
"updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/30/2007 12:50 PM]
"Steam"="" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 01:39 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TabletWizard"=%windir%\help\wizard.hta
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Lowell\Start Menu\Programs\Startup\
eDexter.lnk - C:\Program Files\Pyrenean\eDexter\eDexter.exe [7/29/2001 6:26:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [5/16/2006 11:42:52 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
IfxWlxEN.dll 03/10/2006 12:20 AM 434176 C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 08/04/2004 08:00 PM 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 04/21/2006 01:29 PM 39936 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
TabBtnWL.dll 08/29/2002 03:41 AM 11776 C:\WINDOWS\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 08/04/2004 08:00 PM 30208 C:\WINDOWS\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

-- End of Deckard's System Scanner: finished at 2008-01-09 09:13:23 ------------

And I have uploaded the ComboFix text document log.

For what it's worth, I still get the dialog box informing me IE is not the default, and asking if I want to make it so.

One other item. During the running of ComboFix, I received a Windows firewall message stating that it was blocking a certain part of the running program, and asking me if wanted to continue blocking. Of course, I stopped the blocking.

Thanks again!