Thread: No spyware remover works. Check it out.
View Single Post
Old 01-15-2008, 06:44 PM   #6 (permalink)
Danielle_2008
Registered User
 
Join Date: Jan 2008
Posts: 14
OS: Windows XP SP2


Re: No spyware remover works. Check it out.
Attached are the logs from the combofix and the new HJT.

ComboFix 08-01-16.3 - David Porter 2008-01-15 19:20:33.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.545 [GMT -6:00]
Running from: C:\Documents and Settings\David Porter\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\David Porter\Desktop\Online Security Center.URL
C:\Documents and Settings\David Porter\My Documents\TSKS~1
C:\Documents and Settings\LocalService\Desktop\Online Security Center.URL
C:\Program Files\Common Files\sks~1
C:\Program Files\Common Files\sks~1\??sks\
C:\Program Files\outerinfo
C:\Program Files\Router
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\hhhkj.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\winsrc.dll
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2007-12-16 to 2008-01-16 )))))))))))))))))))))))))))))))
.

2008-01-15 19:30 . 2008-01-15 19:30 <DIR> d-------- C:\Temp\tn3
2008-01-15 19:05 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-01-15 19:05 . 2008-01-15 16:02 211 --a------ C:\Boot.bak
2008-01-15 19:02 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 20:58 . 2008-01-14 20:58 <DIR> d-------- C:\Deckard
2008-01-13 19:40 . 2008-01-13 19:40 <DIR> d-------- C:\Documents and Settings\Rodney\Application Data\Grisoft
2008-01-13 19:40 . 2008-01-13 19:40 <DIR> d-------- C:\Documents and Settings\Rodney\Application Data\AVG7
2008-01-13 18:52 . 2008-01-13 18:52 <DIR> d-------- C:\Program Files\Common Files\RuleSpace
2008-01-13 18:51 . 2008-01-13 18:51 <DIR> d-------- C:\Program Files\Common Files\Aluria
2008-01-13 11:07 . 2008-01-13 11:07 2,230 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-12 21:46 . 2008-01-13 13:29 <DIR> d-------- C:\VundoFix Backups
2008-01-12 19:44 . 2007-01-18 06:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-01-12 12:41 . 2008-01-12 12:41 <DIR> d-------- C:\Documents and Settings\David Porter\Application Data\Grisoft
2008-01-12 12:41 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-12 12:31 . 2008-01-12 19:51 <DIR> d-------- C:\Documents and Settings\David Porter\Application Data\AVG7
2008-01-12 12:25 . 2008-01-12 12:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-12 12:25 . 2008-01-12 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-12 12:25 . 2008-01-12 17:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-12 11:05 . 2008-01-15 19:29 58,883 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-11 22:21 . 2008-01-12 16:39 <DIR> d--hs---- C:\WINDOWS\RGF2aWQgUG9ydGVy
2008-01-11 18:47 . 2008-01-11 18:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-11 18:46 . 2008-01-11 18:46 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-11 17:18 . 2008-01-11 17:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-11 17:06 . 2008-01-11 17:06 0 --a------ C:\WINDOWS\system32\wscmp.dll.tmp
2008-01-11 17:04 . 2008-01-12 12:43 <DIR> d-------- C:\WINDOWS\system32\svcd
2008-01-11 17:04 . 2008-01-11 17:04 111 --a------ C:\WINDOWS\system32\url3
2008-01-11 17:04 . 2008-01-11 17:04 102 --a------ C:\WINDOWS\system32\url1
2008-01-11 17:04 . 2008-01-11 17:04 99 --a------ C:\WINDOWS\system32\url2
2008-01-11 17:04 . 2008-01-11 17:04 8 --a------ C:\WINDOWS\system32\CID
2008-01-11 17:04 . 2008-01-11 17:04 4 --a------ C:\WINDOWS\system32\SvcNm
2008-01-11 17:03 . 2008-01-11 17:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-11 17:03 . 2008-01-11 17:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-10 22:03 . 2008-01-12 12:43 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-10 22:00 . 2008-01-11 18:28 <DIR> d-------- C:\WINDOWS\system32\vt8
2008-01-10 22:00 . 2008-01-10 22:00 <DIR> d-------- C:\WINDOWS\system32\nz0
2008-01-10 22:00 . 2008-01-10 22:00 <DIR> d-------- C:\WINDOWS\system32\mp2
2008-01-10 22:00 . 2008-01-10 22:00 <DIR> d-------- C:\WINDOWS\system32\che9
2008-01-10 22:00 . 2007-12-27 08:37 425,984 --a------ C:\WINDOWS\system32\memomfmg.dll
2008-01-10 22:00 . 2007-12-11 13:14 151,552 --a------ C:\WINDOWS\system32\rushpugr.exe
2008-01-10 22:00 . 2007-12-11 13:14 151,552 --a------ C:\WINDOWS\system32\bkmoopob.exe
2008-01-10 22:00 . 2008-01-10 22:00 86,016 --a------ C:\WINDOWS\system32\drivers\usbintell.sys
2008-01-10 22:00 . 2008-01-10 22:00 54,033 --a------ C:\WINDOWS\system32\memouint.exe
2008-01-10 21:59 . 2008-01-10 21:59 <DIR> d-------- C:\WINDOWS\system32\edcA18
2008-01-10 21:59 . 2008-01-10 22:00 <DIR> d-------- C:\Temp\Ryuan1
2008-01-09 22:15 . 2008-01-09 22:15 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-01-09 22:10 . 2008-01-11 16:58 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-05 15:01 . 2008-01-05 15:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Authentium
2008-01-05 15:00 . 2008-01-05 15:00 <DIR> d-------- C:\Program Files\Cox
2008-01-05 14:40 . 2008-01-13 18:50 <DIR> d-------- C:\Program Files\Common Files\Authentium Shared
2007-12-26 19:06 . 2007-12-26 19:06 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\MySpace
2007-12-20 22:33 . 2008-01-12 12:43 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-20 22:33 . 2007-12-20 22:33 <DIR> d-------- C:\Documents and Settings\David Porter\Application Data\SUPERAntiSpyware.com
2007-12-20 22:33 . 2007-12-20 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-20 22:32 . 2008-01-11 17:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-18 21:54 . 2007-08-01 16:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-18 21:51 . 2007-12-18 22:07 <DIR> d-------- C:\Documents and Settings\David Porter\Application Data\HouseCall 6.6
2007-12-18 21:29 . 2007-12-18 21:29 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-18 08:54 . 2007-12-18 08:54 319,488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
2007-12-16 19:58 . 2007-12-16 19:58 <DIR> d-------- C:\Program Files\Alienrazor Interactive
2007-12-16 19:43 . 2007-12-19 21:09 77,360 --a------ C:\WINDOWS\system32\dcads_sidebar_uninstall.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 23:18 --------- d-----w C:\Program Files\Lavasoft
2008-01-11 23:04 --------- d-----w C:\Documents and Settings\David Porter\Application Data\FrostWire
2008-01-11 22:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-11 04:42 --------- d-----w C:\Program Files\FrostWire
2008-01-09 19:51 --------- d-----w C:\Program Files\Incomplete
2008-01-06 13:51 --------- d-----w C:\Program Files\FinePixViewer
2007-12-21 23:15 --------- d-----w C:\Program Files\Ares
2007-12-20 00:44 469,600 ----a-w C:\Documents and Settings\David Porter\Application Data\GDIPFONTCACHEV1.DAT
2007-12-19 01:22 --------- d-----w C:\Program Files\Spytech Software
2007-12-19 01:22 --------- d-----w C:\Program Files\Motive
2007-12-19 01:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-07 01:16 --------- d-----w C:\Documents and Settings\Rodney Porter\Application Data\MySpace
2007-12-02 22:16 --------- d-----w C:\Program Files\AskSBar
2007-12-02 04:43 --------- d-----w C:\Documents and Settings\David Porter\Application Data\MP3Rocket
2007-12-02 04:35 --------- d-----w C:\Program Files\PFConfig
2007-12-02 02:25 --------- d-----w C:\Program Files\Java
2007-11-29 02:29 --------- d-----w C:\Program Files\Google
2007-11-28 04:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-28 04:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-11-28 04:53 --------- d-----w C:\Program Files\tunebite
2007-11-28 04:53 --------- d-----w C:\Program Files\Pegasys Inc
2007-11-28 04:44 --------- d-----w C:\Program Files\Hunting Unlimited
2007-11-28 04:42 --------- d-----w C:\Program Files\321Studios
2007-11-28 04:40 --------- d-----w C:\Program Files\DeductionPro 2006
2007-11-28 04:40 --------- d-----w C:\Program Files\AviSynth 2.5
2007-11-28 04:39 --------- d-----w C:\Program Files\Zittware
2007-11-28 04:35 --------- d-----w C:\Program Files\3D Live Pool
2007-11-22 13:31 --------- d-----w C:\Program Files\Simply Safe Backup 2005
2007-11-22 07:07 --------- d-----w C:\Program Files\QuickTime
2007-02-20 02:51 30,615 ----a-w C:\Documents and Settings\David Porter\x.exe
2003-09-17 22:24 560 ------w C:\Program Files\Global.sw
2005-12-19 17:34 56 --sh--r C:\WINDOWS\system32\3676101CED.sys
.
Code:
<pre>
----a-w            49,152 2008-01-12 18:18:30  C:\Program Files\Brother\Brmfl04a\BrStDvPt .exe
----a-w           851,968 2008-01-12 18:18:32  C:\Program Files\Brother\ControlCenter2\brctrcen .exe
----a-w            61,440 2008-01-12 18:18:37  C:\Program Files\Dot1XCfg\Dot1XCfg .exe
----a-w           171,448 2008-01-12 13:09:57  C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
----a-w           132,496 2008-01-12 18:18:31  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w           445,952 2008-01-12 13:09:26  C:\Program Files\QuickTime\bak\qttask  .exe
----a-w         1,318,912 2008-01-12 18:18:36  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
</pre>

((((((((((((((((((((((((((((( snapshot@2007-12-21_18.42.43.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-12-13 20:07:08 3,856 ----a-w C:\WINDOWS\crmtemp1.dat
+ 2000-08-31 14:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-01-16 01:04:00 245,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\ntuser.dat
+ 2008-01-16 01:04:00 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-16 01:04:01 245,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-16 01:04:01 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-16 01:04:01 10,121,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-16 01:04:01 450,560 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2000-08-31 14:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-01-11 23:18:39 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2008-01-11 23:18:39 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2008-01-11 23:18:39 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2008-01-11 23:18:39 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
+ 2007-05-09 19:39:52 103,968 ----a-w C:\WINDOWS\system32\authcrypt.dll
+ 2007-05-09 19:40:10 79,336 ----a-w C:\WINDOWS\system32\AuthWSC.dll
+ 2008-01-05 21:48:12 126,976 ----a-w C:\WINDOWS\system32\che9\farstadcom2.exe
+ 2006-07-30 18:04:40 221,184 ----a-w C:\WINDOWS\system32\DartSock.dll
- 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-01-12 18:25:31 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
+ 2008-01-12 18:25:36 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
+ 2008-01-12 18:25:36 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
+ 2007-01-31 13:33:46 5,632 ----a-w C:\WINDOWS\system32\drivers\avgarkt.sys
+ 2008-01-12 18:25:37 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
+ 2008-01-12 18:25:37 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2007-07-11 19:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-08-07 18:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-05-09 19:41:48 16,896 ----a-w C:\WINDOWS\system32\drivers\GRFilter.sys
+ 2007-05-09 19:41:48 36,864 ----a-w C:\WINDOWS\system32\drivers\GRTdiMon.sys
+ 2007-08-07 18:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
- 2006-04-20 11:51:50 359,808 ------w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ------w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2006-07-30 18:04:40 40,960 ----a-w C:\WINDOWS\system32\dwBkThrd.dll
+ 2006-07-30 18:04:40 200,704 ----a-w C:\WINDOWS\system32\dwSock6.dll
+ 2006-07-30 18:04:40 137,216 ----a-w C:\WINDOWS\system32\dwspy32.dll
- 2001-11-19 05:00:12 76,800 ------w C:\WINDOWS\system32\Dwspy36.dll
+ 2006-07-30 18:04:40 77,312 ----a-w C:\WINDOWS\system32\DWSPY36.dll
+ 2006-07-30 18:04:40 122,880 ----a-w C:\WINDOWS\system32\dwspyvb6.dll
+ 2008-01-09 07:35:44 32,768 ----a-w C:\WINDOWS\system32\edcA18\edcA182328.exe
+ 2006-07-30 18:04:40 405,504 ----a-w C:\WINDOWS\system32\ExComboBox.dll
+ 2006-07-30 18:04:40 63,488 ----a-w C:\WINDOWS\system32\FlexBag.dll
+ 2007-05-09 19:51:06 214,504 ----a-w C:\WINDOWS\system32\grfilter.dll
+ 2006-07-30 18:04:40 331,776 ----a-w C:\WINDOWS\system32\IMDBvb.dll
+ 2005-05-24 18:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 21:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 21:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2006-08-17 12:28:27 721,920 ------w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ------w C:\WINDOWS\system32\lsasrv.dll
+ 2007-04-13 20:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
- 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-01-03 19:12:54 157,189 ----a-w C:\WINDOWS\system32\nz0\jetzcomz22.exe
- 2007-12-18 04:46:53 1,311,680 ----a-w C:\WINDOWS\system32\sfklg.dat
+ 2008-01-12 14:39:59 1,362,920 ----a-w C:\WINDOWS\system32\sfklg.dat
+ 2006-07-30 18:04:40 103,424 ----a-w C:\WINDOWS\system32\sgRegExp.dll
+ 2006-07-30 18:04:40 22,528 ----a-w C:\WINDOWS\system32\SockIntf.dll
- 2002-10-06 22:11:48 129,024 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\Ps5ui.dll
+ 2004-08-04 08:56:44 132,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PS5UI.DLL
- 2002-10-06 22:11:48 455,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2004-08-04 08:56:44 464,384 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
- 2007-12-14 03:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 14:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-05-09 19:40:10 79,336 ----a-w C:\WINDOWS\system32\wscapi.dll
+ 2006-07-30 18:04:42 456,536 ----a-w C:\WINDOWS\system32\XceedZip.dll
+ 2008-01-16 01:30:00 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_254.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 313,472 2006-03-30 21:45:08 C:\Program Files\Adobe\Acrobat 7.0\Acrobat\bak\AdobeUpdateManager.exe
----a-r 307,200 2005-08-18 19:49:06 C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe

----a-w 483,328 2006-01-13 01:52:32 C:\Program Files\Adobe\Acrobat 7.0\Distillr\bak\Acrotray.exe
----a-w 483,328 2006-01-13 01:52:32 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

----a-w 57,344 2005-06-07 04:46:24 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe

----a-w 57,344 2006-04-06 02:31:52 C:\Program Files\ATI Multimedia\main\bak\ATIDtct.EXE

----a-w 26,624 2006-04-06 02:33:12 C:\Program Files\ATI Multimedia\main\bak\ATISched.EXE

----a-w 45,056 2006-01-02 22:41:22 C:\Program Files\ATI Technologies\ATI.ACE\bak\cli.exe

----a-w 49,152 2004-05-25 15:16:56 C:\Program Files\Brother\Brmfl04a\bak\BrStDvPt.exe

----a-w 851,968 2004-07-20 15:34:28 C:\Program Files\Brother\ControlCenter2\bak\brctrcen.exe

----a-w 445,952 2008-01-12 13:09:26 C:\Program Files\QuickTime\bak\qttask .exe

-c--a-w 278,528 2004-08-09 20:15:42 C:\Program Files\Western Digital Technologies\Spindown\bak\ExSpinDn.exe

-c--a-w 204,288 2006-10-19 02:05:26 C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe

-c--a-w 1,216,512 2001-12-07 15:24:24 C:\WINDOWS\bak\NewMixer.exe

-c--a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\system32\bak\ctfmon.exe

-c--a-w 40,960 2002-08-20 16:29:26 C:\WINDOWS\system32\bak\ezSP_Px.exe

-c--a-w 406,016 2003-12-04 17:34:44 C:\WINDOWS\system32\bak\PSDrvCheck.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467D7A87-876D-46B3-A008-5FC734531DCE}]
C:\WINDOWS\system32\jkhhh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E8F5D76-EF5B-46C8-B35B-C86F8BD6621A}]
2007-12-27 08:37 425984 --a------ C:\WINDOWS\system32\memomfmg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FB6F088-AACB-466D-ADF9-CA5A3C544FED}]
C:\WINDOWS\system32\geebc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C188FF47-43F8-4806-DE2B-4AE604820EC5}]
C:\WINDOWS\system32\qvzeelz.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-02 16:16 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC1B64D9-3499-4791-82D5-AABAC3FAEA45}]
C:\WINDOWS\system32\iifghfe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
{2C0A5F28-48D8-408B-9172-9C6121025BCE}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-12-02 16:16 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="" []
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~4\wcescomm.exe" [ ]
"Aim6"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [ ]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
"washindex"="C:\Program Files\Washer\washidx.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTXFIREG"="CTxfiReg.exe" []
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [ ]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [ ]
"Auto Run Software for Photo Frame"="" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]
"ESP"="c:\Program Files\Cox\Applications\app\start.exe" [2007-05-09 13:40 62952]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 01:56 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 18:04 5562368]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-12 12:25 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 02:48 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2006-12-28 17:19:06]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Monitor.lnk - C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2007-01-17 19:31:46]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-03-04 17:42:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
"DisableTaskMgr"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
"{FC1B64D9-3499-4791-82D5-AABAC3FAEA45}"= C:\WINDOWS\system32\iifghfe.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sfklg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ :\WINDOWS\system32\srrstr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\geebc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UStorage Server Service"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"service"=2 (0x2)
"bgsvcgen"=2 (0x2)
"AresChatServer"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

R0 GRFILTER;Authentium NDIS Driver;C:\WINDOWS\system32\drivers\GRFILTER.sys [2007-05-09 13:41]
R1 usbintell;usbintell;C:\WINDOWS\system32\drivers\usbintell.sys [2008-01-10 22:00]
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 08:45]
R2 CINEMSUP;Software Cinemaster NT4.0 Driver;C:\WINDOWS\system32\DRIVERS\CINEMSUP.SYS [2002-01-08 10:16]
R2 GRTdiMon;Authentium TDI Mon;C:\WINDOWS\system32\Drivers\GRTdiMon.sys [2007-05-09 13:41]
R2 ousbehci;%OWC_USBEHCD.DeviceDesc%;C:\WINDOWS\system32\Drivers\ousbehci.sys [2002-01-31 17:39]
R3 DLKRTS;D-Link DFE-538TX 10/100 Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTS.SYS [2002-06-23 22:31]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2002-01-31 17:39]
R3 st3bus28;st3bus28;C:\WINDOWS\system32\DRIVERS\st3bus28.sys [2002-12-28 11:16]
R3 st3mp28;st3mp28;C:\WINDOWS\system32\DRIVERS\st3mp28.sys [2002-12-28 11:16]
S0 c2scsi;c2scsi;C:\WINDOWS\system32\DRIVERS\c2scsi.sys []
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys []
S2 HBJK;Security Service;C:\WINDOWS\system32\svcd\svchost.exe []
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 05:27]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 04:28]
S3 LxrSG20d;LxrSG20d;C:\WINDOWS\system32\Drivers\LxrSG20d.sys [2005-08-29 14:07]
S3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys []
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
S3 VICHW00;VICHW00;C:\WINDOWS\SYSTEM32\DRIVERS\VICHW00.SYS []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 19:33:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
.
Completion time: 2008-01-15 19:40:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-16 01:39:56
ComboFix2.txt 2007-12-22 00:56:28
ComboFix3.txt 2007-12-22 00:44:20
.
2008-01-10 03:59:57 --- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 7:11:17 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
c:\Program Files\Cox\Applications\App\syssvcnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\David Porter\Desktop\Yuckware\Hijackthis\Scanner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O2 - BHO: (no name) - {467D7A87-876D-46B3-A008-5FC734531DCE} - C:\WINDOWS\system32\jkhhh.dll (file missing)
O2 - BHO: On The Net Search Helper - {4E8F5D76-EF5B-46C8-B35B-C86F8BD6621A} - C:\WINDOWS\system32\memomfmg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8FB6F088-AACB-466D-ADF9-CA5A3C544FED} - C:\WINDOWS\system32\geebc.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C188FF47-43F8-4806-DE2B-4AE604820EC5} - C:\WINDOWS\system32\qvzeelz.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: (no name) - {FC1B64D9-3499-4791-82D5-AABAC3FAEA45} - C:\WINDOWS\system32\iifghfe.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ESP] c:\Program Files\Cox\Applications\app\start.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - ?p=ZSYYYYYYYYUS
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Active Whois - {BAB9A4F4-C201-4fcf-A5D3-BA77BC9FBEB2} - C:\Program Files\Active Whois\ieshow.exe
O9 - Extra 'Tools' menuitem: Active Whois - {BAB9A4F4-C201-4fcf-A5D3-BA77BC9FBEB2} - C:\Program Files\Active Whois\ieshow.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authentium.com/cssrelease/bin/wizard.exe
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.0.5.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-36.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1145321512640
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/download...2/axofupld.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://24.249.81.101/AxisCamControl.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: sfklg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Cox High Speed Internet Security Suite System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\Cox\Applications\App\syssvcnt.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Security Service (HBJK) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe (file missing)
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Lexar SG20 (LxrSG20s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSG20s.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
Attached Files
File Type: txt combofix_log1-15-08.txt (25.9 KB, 2 views)
File Type: txt hijackthislog1_15_08.txt (11.2 KB, 2 views)
Last edited by Ried; 01-15-2008 at 10:16 PM.
Danielle_2008 is offline