IE7 screwed up by malware? virus obfustat.ADXW?

[lowellc]

Background: Referred by Nickster_UK in other thread.

Nickster helped me fix my broken IE broken desktop shortcuts by reassociating my URL files (Explorer->Tools->Folder Options->File Types.)
The only problem was my system started prompting my after every boot that IE was not the default browser, and would I like to make it the default. If I clicked yes the shortcuts would stop working until I once again reassociated the URL files.

An obvious workaround was to uncheck the box that caused the default question prompt, but when I posted some information about my anti-syware programs, and attached a screen print of my antivirus AVG Free vault contents, Nickster recommended the analysts of the 5 step program,so here I am.

If I understand correctly, first I'm supposed to attach the contents of the Panda scan (Activescan.txt). It shows 5 viruses disinfected.

Next,here is my Hijack this log:
Deckard's System Scanner v20071014.68
Run by Lowell on 2008-01-08 19:28:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
24: 2008-01-09 01:28:08 UTC - RP24 - Deckard's System Scanner Restore Point
23: 2008-01-09 00:34:44 UTC - RP23 - Software Distribution Service 3.0
22: 2008-01-08 01:47:45 UTC - RP22 - System Checkpoint
21: 2008-01-07 00:55:06 UTC - RP21 - Software Distribution Service 3.0
20: 2008-01-07 00:41:47 UTC - RP20 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-01-01 19:05:42 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Lowell.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:30 PM, on 1/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Pyrenean\eDexter\eDexter.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\WINDOWS\system32\IFXSPMGT.exe
c:\WINDOWS\system32\IFXTCS.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\WINDOWS\system32\acovcnt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
c:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lowell\Desktop\dss.exe
D:\NonRE\DOWNLO~1\Lowell.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/LWww2/NewXPHome2.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FE366D6-9974-4307-9CB5-7DACDDA3A061} - C:\WINDOWS\system32\inetcplcn.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {DD20E115-8C9F-4B57-827C-D34653EEE683} - c:\windows\system32\deskadpl.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd
O4 - HKLM\..\Run: [ABLKSR] C:\windows\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Startup: eDexter.lnk = C:\Program Files\Pyrenean\eDexter\eDexter.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} (Tkweb Control) - http://toolkitcma.com/tkweb/tkweb.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.0.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: icwnlfuf - deskadpl.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 13642 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.10.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 smihlp (SMI helper driver) - c:\program files\protector suite ql\smihlp.sys <Not Verified; UPEK Inc.; Protector Suite QL>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft(R) ASPI Shell>
R3 moufiltr (Mouse Filter Driver) - c:\windows\system32\drivers\moufiltr.sys <Not Verified; Chic Tech.; Chic Tech.>
R3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
R3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
R3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
R3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
R3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
R3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft(R) Windows NT(R) Operating System>

S3 PCTINDIS5 (PCTINDIS5 NDIS Protocol Driver) - c:\windows\system32\pctindis5.sys <Not Verified; PCTEL Inc.; PCTEL Rawether for Windows>
S3 pnetmdm (PdaNet Modem) - c:\windows\system32\drivers\pnetmdm.sys <Not Verified; June Fabrics Technology; PdaNet Driver>
S3 smserial - c:\windows\system32\drivers\smserial.sys (file missing)
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 IFXSpMgtSrv (Security Platform Management Service) - c:\windows\system32\ifxspmgt.exe <Not Verified; Infineon Technologies AG; Infineon TPM Software>
R2 IFXTCS (Trusted Platform Core Service) - c:\windows\system32\ifxtcs.exe <Not Verified; Infineon Technologies AG; Infineon TPM Software>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3055&SUBSYS_104310C6&REV_1007\4&16400D2E&0&0101
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3055&SUBSYS_104310C6&REV_1007\4&16400D2E&0&0101
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-01-08 18:42:32 436 --a------ C:\WINDOWS\Tasks\At1.job
2008-01-07 1102 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-01-06 20:40:10 478 --a------ C:\WINDOWS\Tasks\SmartDefrag.job


-- Files created between 2007-12-08 and 2008-01-08 -----------------------------

2008-01-08 18:21:02 0 d-------- C:\ie-spyad_zo
2008-01-08 18:16:43 0 d-------- C:\Program Files\SpywareBlaster
2008-01-08 16:51:49 8576 --a------ C:\WINDOWS\system32\drivers\kehmuyfogwki.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-08 16:03:41 8576 --a------ C:\WINDOWS\system32\drivers\dwvrswwoatll.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-08 15:48:01 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-07 17:10:04 0 d-------- C:\Program Files\Microsoft Silverlight
2008-01-07 12:10:19 45056 --a------ C:\WINDOWS\system32\acovcnt.exe
2008-01-05 20:24:30 0 d-------- C:\Program Files\Pyrenean
2008-01-05 17:43:10 0 d-------- C:\Program Files\ACW
2008-01-05 15:14:02 0 d-------- C:\Program Files\IObit
2008-01-05 14:50:37 0 dr-h----- C:\Documents and Settings\Lowell\Recent
2008-01-05 13:03:02 0 d-------- C:\Program Files\Common Files\supportsoft
2008-01-05 13:03:02 0 d-------- C:\Program Files\chatsupport.palm.com
2008-01-02 0021 0 d-------- C:\Program Files\Yahoo!
2008-01-02 0016 0 d-------- C:\Program Files\CCleaner
2008-01-01 14:53:46 0 d--hs---- C:\FOUND.010
2008-01-01 12:27:19 0 d-------- C:\Documents and Settings\Lowell\Application Data\Grisoft
2008-01-01 10:11:26 0 d-------- C:\Program Files\Lavasoft
2008-01-01 10:09:53 0 d-------- C:\Program Files\RogueRemover FREE
2007-12-31 09:35:44 120576 --a------ C:\WINDOWS\system32\kaqtquft.dat
2007-12-31 09:28:51 0 d-------- C:\WINDOWS\system32\AppCert
2007-12-20 17:07:30 0 d-------- C:\Program Files\REFN
2007-12-12 12:57:23 0 d-------- C:\WINDOWS\network diagnostic


-- Find3M Report ---------------------------------------------------------------

2007-12-08 23:39:28 75 --a------ C:\StandbyRestart.bat
2007-11-26 15:10:34 0 d-------- C:\Documents and Settings\Lowell\Application Data\VREO
2007-11-16 11:55:08 0 d-------- C:\Documents and Settings\Lowell\Application Data\Real Estate Center
2007-11-16 11:53:40 0 d-------- C:\Program Files\Real Estate Center
2007-11-14 15:38:06 0 d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-11-11 10:58:38 0 d-------- C:\Program Files\Dictionary
2007-10-15 18:54:54 1165 --a------ C:\WINDOWS\mozver.dat
2007-10-13 11:15:40 20480 --a------ C:\WINDOWS\rmlluf32.dll
2007-10-10 22:11:54 2058 --a------ C:\WINDOWS\RenHosts.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FE366D6-9974-4307-9CB5-7DACDDA3A061}]
C:\WINDOWS\system32\inetcplcn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD20E115-8C9F-4B57-827C-D34653EEE683}]
c:\windows\system32\deskadpl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [05/30/2006 09:31 PM]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [08/04/2004 08:00 PM]
"TabletTip"="C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" [04/25/2005 09:10 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [02/28/2006 08:00 PM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [02/28/2006 08:00 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [02/28/2006 08:00 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [02/28/2006 08:00 PM]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [02/21/2006 03:20 PM]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [04/21/2006 01:18 PM]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [10/17/2005 05:09 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/26/2006 08:51 PM]
"Zshutdown"="c:\sysprep\patch\sysprep.cmd" []
"ABLKSR"="C:\windows\ABLKSR\ABLKSR.exe" [01/02/2006 07:14 PM]
"RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [01/12/2005 03:01 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [01/12/2006 04:40 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [04/14/2006 11:51 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [04/14/2006 11:52 AM]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [04/14/2006 11:56 AM]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [02/21/2006 07:36 PM]
"Lexmark X6100 Series"="C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" [09/23/2003 12:01 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [12/21/2007 07:12 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [03/23/2005 05:26 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 10:54 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 07:05 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [06/22/2007 08:32 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [06/22/2007 08:32 AM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [06/22/2007 08:32 AM]
"RTHDCPL"="RTHDCPL.EXE" [07/05/2007 04:08 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 08:00 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24 AM]
"updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/30/2007 12:50 PM]
"Steam"="" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 01:39 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TabletWizard"=%windir%\help\wizard.hta
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Lowell\Start Menu\Programs\Startup\
eDexter.lnk - C:\Program Files\Pyrenean\eDexter\eDexter.exe [7/29/2001 6:26:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [5/16/2006 11:42:52 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\icwnlfuf]
deskadpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
IfxWlxEN.dll 03/10/2006 12:20 AM 434176 C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 08/04/2004 08:00 PM 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 04/21/2006 01:29 PM 39936 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
TabBtnWL.dll 08/29/2002 03:41 AM 11776 C:\WINDOWS\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 08/04/2004 08:00 PM 30208 C:\WINDOWS\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
jqfhhuky




-- Hosts -----------------------------------------------------------------------

127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]

17322 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-01-08 19:29:52 ------------

And lastly I attach the extra.txt. Lord help me, I hope those uploads made it, they didn't show up on the preview. I can't figure out if I doing something wrong.

[lowellc]

OK - here goes another upload attempt of activescan and extra.

[Ried]

Hello lowellc,

Yes, this system is infected. This will require more than one round to properly eradicate. Please stay with me until given the 'all clear', even if symptoms seemingly abate.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Disconnect from the internet.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

[lowellc]

Thanks for taking this on Ried.

ComboFix 08-01-09.2 - Lowell 2008-01-09 8:46:14.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1289 [GMT -6:00]
Running from: C:\Documents and Settings\Lowell\Desktop\ComboFix.exe
Command switches used :: and Settings\Lowell\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Lowell\g2mdlhlpx.exe
C:\WINDOWS\system32\deskadpl.dll
C:\WINDOWS\Tasks.\At1.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_JQFHHUKY
-------\jqfhhuky


((((((((((((((((((((((((( Files Created from 2007-12-09 to 2008-01-09 )))))))))))))))))))))))))))))))
.

2008-01-09 08:45 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 19:27 . 2008-01-08 19:27 <DIR> d-------- C:\Deckard
2008-01-08 18:21 . 2008-01-08 18:21 <DIR> d-------- C:\ie-spyad_zo
2008-01-08 18:16 . 2008-01-08 18:16 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-08 16:51 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\kehmuyfogwki.sys
2008-01-08 16:03 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\dwvrswwoatll.sys
2008-01-08 15:48 . 2008-01-08 15:48 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-08 15:48 . 2008-01-08 16:50 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-08 15:48 . 2008-01-08 16:50 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-08 15:48 . 2008-01-08 16:50 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-07 17:10 . 2008-01-07 17:10 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-07 12:10 . 2008-01-09 08:50 45,056 --a------ C:\WINDOWS\system32\acovcnt.exe
2008-01-06 18:30 . 2008-01-08 18:36 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-01-05 20:25 . 2008-01-05 20:56 131 --a------ C:\WINDOWS\eDexter.INI
2008-01-05 20:24 . 2008-01-05 20:24 <DIR> d-------- C:\Program Files\Pyrenean
2008-01-05 17:43 . 2008-01-05 17:43 <DIR> d-------- C:\Program Files\ACW
2008-01-05 15:14 . 2008-01-05 15:14 <DIR> d-------- C:\Program Files\IObit
2008-01-05 13:03 . 2008-01-05 13:03 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-01-05 13:03 . 2008-01-05 13:03 <DIR> d-------- C:\Program Files\chatsupport.palm.com
2008-01-02 00:06 . 2008-01-02 00:06 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-02 00:06 . 2008-01-02 00:06 <DIR> d-------- C:\Program Files\CCleaner
2008-01-01 14:53 . 2008-01-01 14:53 <DIR> d--hs---- C:\FOUND.010
2008-01-01 12:27 . 2008-01-01 12:27 <DIR> d-------- C:\Documents and Settings\Lowell\Application Data\Grisoft
2008-01-01 12:27 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-01 10:11 . 2008-01-01 10:11 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-01 10:09 . 2008-01-01 10:09 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-12-31 09:35 . 2007-12-31 09:35 120,576 --a------ C:\WINDOWS\system32\kaqtquft.dat
2007-12-31 09:28 . 2007-12-31 09:28 <DIR> d-------- C:\WINDOWS\system32\AppCert
2007-12-31 09:28 . 2007-12-31 09:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-31 09:28 . 2007-12-31 09:28 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-20 17:07 . 2007-12-20 17:07 <DIR> d-------- C:\Program Files\REFN
2007-12-12 13:02 . 2007-10-10 17:55 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-12 13:02 . 2007-06-30 21:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-12 13:02 . 2007-06-30 21:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-12 13:02 . 2007-10-10 17:55 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-12 13:02 . 2007-10-10 17:55 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-12 13:02 . 2007-10-10 17:55 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-12 13:02 . 2007-10-10 17:55 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-12 13:02 . 2007-10-10 17:55 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-12 13:02 . 2007-10-10 04:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-12 12:57 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 15:30 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys_old
2007-12-09 05:39 75 ----a-w C:\StandbyRestart.bat
2007-11-26 21:10 --------- d-----w C:\Documents and Settings\Lowell\Application Data\VREO
2007-11-23 19:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-16 17:55 --------- d-----w C:\Documents and Settings\Lowell\Application Data\Real Estate Center
2007-11-16 17:53 --------- d-----w C:\Program Files\Real Estate Center
2007-11-14 21:38 --------- d-----w C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 16:58 --------- d-----w C:\Program Files\Dictionary
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-31 11:12 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 23:40 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-13 17:15 20,480 ----a-w C:\WINDOWS\rmlluf32.dll
2007-10-11 05:57 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 05:57 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 05:57 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 05:57 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 05:57 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 23:56 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:56 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-05-23 21:01 630,784 ------w C:\Documents and Settings\Lowell\GoToAssist_chat2way__317_en.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FE366D6-9974-4307-9CB5-7DACDDA3A061}]
C:\WINDOWS\system32\inetcplcn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 20:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
"updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 12:50 68856]
"Steam"="" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-05-30 21:31 98304]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [2004-08-04 20:00 16384]
"TabletTip"="C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" [2005-04-25 21:10 271872]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006-02-28 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-02-28 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-02-28 20:00 455168]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20 180224]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2006-04-21 13:18 29696]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-26 20:51 761946]
"Zshutdown"="c:\sysprep\patch\sysprep.cmd" [ ]
"ABLKSR"="C:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 19:14 61440]
"RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 11:51 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 11:52 602182]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 11:56 569413]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2006-02-21 19:36 17920]
"Lexmark X6100 Series"="C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 00:01 57344]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 07:12 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 17:26 217088]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-06-22 08:32 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-06-22 08:32 155648]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-06-22 08:32 131072]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16:08 16380416 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="%windir%\help\wizard.hta" [ ]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-27 07:58 219136]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 12:50 68856]

C:\Documents and Settings\Lowell\Start Menu\Programs\Startup\
eDexter.lnk - C:\Program Files\Pyrenean\eDexter\eDexter.exe [2001-07-29 18:26:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-05-16 11:42:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
IfxWlxEN.dll 2006-03-10 00:20 434176 C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 2004-08-04 20:00 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 2006-04-21 13:29 39936 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
TabBtnWL.dll 2002-08-29 03:41 11776 C:\WINDOWS\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 2004-08-04 20:00 30208 C:\WINDOWS\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-08-14 09:52 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2005-11-29 03:50]
R2 smihlp;SMI helper driver;C:\Program Files\Protector Suite QL\smihlp.sys [2006-04-21 13:15]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-20 20:19]
R3 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2007-03-04 17:31]
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-10 00:07]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-04-21 13:25]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PCTINDIS5.SYS [2006-12-27 07:32]
S3 pnetmdm;PdaNet Modem;C:\WINDOWS\system32\DRIVERS\pnetmdm.sys [2006-09-28 15:32]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-07 1702 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-07 02:40:10 C:\WINDOWS\Tasks\SmartDefrag.job"
- C:\Program Files\IObit\IObit SmartDefrag\schedule.exeA
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 08:50:48
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll
.
Completion time: 2008-01-09 8:52:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-09 14:52:10
.
2008-01-02 09:01:07 --- E O F ---




Here is the new Hijack This scan:

Deckard's System Scanner v20071014.68
Run by Lowell on 2008-01-09 09:12:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Lowell.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:11 AM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\WINDOWS\system32\IFXSPMGT.exe
c:\WINDOWS\system32\IFXTCS.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Pyrenean\eDexter\eDexter.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\acovcnt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\Program Files\Infineon\Security Platform Software\PSDrt.exe
c:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Lowell\Desktop\dss.exe
D:\NonRE\DOWNLO~1\Lowell.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/LWww2/NewXPHome2.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FE366D6-9974-4307-9CB5-7DACDDA3A061} - C:\WINDOWS\system32\inetcplcn.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd
O4 - HKLM\..\Run: [ABLKSR] C:\windows\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Startup: eDexter.lnk = C:\Program Files\Pyrenean\eDexter\eDexter.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} (Tkweb Control) - http://toolkitcma.com/tkweb/tkweb.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.0.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 13511 bytes

-- Files created between 2007-12-09 and 2008-01-09 -----------------------------

2008-01-08 18:21:02 0 d-------- C:\ie-spyad_zo
2008-01-08 18:16:43 0 d-------- C:\Program Files\SpywareBlaster
2008-01-08 16:51:49 8576 --a------ C:\WINDOWS\system32\drivers\kehmuyfogwki.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-08 16:03:41 8576 --a------ C:\WINDOWS\system32\drivers\dwvrswwoatll.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-08 15:48:01 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-07 17:10:04 0 d-------- C:\Program Files\Microsoft Silverlight
2008-01-07 12:10:19 45056 --a------ C:\WINDOWS\system32\acovcnt.exe
2008-01-05 20:24:30 0 d-------- C:\Program Files\Pyrenean
2008-01-05 17:43:10 0 d-------- C:\Program Files\ACW
2008-01-05 15:14:02 0 d-------- C:\Program Files\IObit
2008-01-05 14:50:37 0 dr-h----- C:\Documents and Settings\Lowell\Recent
2008-01-05 13:03:02 0 d-------- C:\Program Files\Common Files\supportsoft
2008-01-05 13:03:02 0 d-------- C:\Program Files\chatsupport.palm.com
2008-01-02 0021 0 d-------- C:\Program Files\Yahoo!
2008-01-02 0016 0 d-------- C:\Program Files\CCleaner
2008-01-01 14:53:46 0 d--hs---- C:\FOUND.010
2008-01-01 12:27:19 0 d-------- C:\Documents and Settings\Lowell\Application Data\Grisoft
2008-01-01 10:11:26 0 d-------- C:\Program Files\Lavasoft
2008-01-01 10:09:53 0 d-------- C:\Program Files\RogueRemover FREE
2007-12-31 09:35:44 120576 --a------ C:\WINDOWS\system32\kaqtquft.dat
2007-12-31 09:28:51 0 d-------- C:\WINDOWS\system32\AppCert
2007-12-20 17:07:30 0 d-------- C:\Program Files\REFN
2007-12-12 12:57:23 0 d-------- C:\WINDOWS\network diagnostic


-- Find3M Report ---------------------------------------------------------------

2007-12-08 23:39:28 75 --a------ C:\StandbyRestart.bat
2007-11-26 15:10:34 0 d-------- C:\Documents and Settings\Lowell\Application Data\VREO
2007-11-16 11:55:08 0 d-------- C:\Documents and Settings\Lowell\Application Data\Real Estate Center
2007-11-16 11:53:40 0 d-------- C:\Program Files\Real Estate Center
2007-11-14 15:38:06 0 d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-11-11 10:58:38 0 d-------- C:\Program Files\Dictionary
2007-10-15 18:54:54 1165 --a------ C:\WINDOWS\mozver.dat
2007-10-13 11:15:40 20480 --a------ C:\WINDOWS\rmlluf32.dll
2007-10-10 22:11:54 2058 --a------ C:\WINDOWS\RenHosts.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FE366D6-9974-4307-9CB5-7DACDDA3A061}]
C:\WINDOWS\system32\inetcplcn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [05/30/2006 09:31 PM]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [08/04/2004 08:00 PM]
"TabletTip"="C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" [04/25/2005 09:10 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [02/28/2006 08:00 PM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [02/28/2006 08:00 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [02/28/2006 08:00 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [02/28/2006 08:00 PM]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [02/21/2006 03:20 PM]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [04/21/2006 01:18 PM]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [10/17/2005 05:09 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/26/2006 08:51 PM]
"Zshutdown"="c:\sysprep\patch\sysprep.cmd" []
"ABLKSR"="C:\windows\ABLKSR\ABLKSR.exe" [01/02/2006 07:14 PM]
"RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [01/12/2005 03:01 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [01/12/2006 04:40 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [04/14/2006 11:51 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [04/14/2006 11:52 AM]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [04/14/2006 11:56 AM]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [02/21/2006 07:36 PM]
"Lexmark X6100 Series"="C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" [09/23/2003 12:01 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [12/21/2007 07:12 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [03/23/2005 05:26 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 10:54 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 07:05 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [06/22/2007 08:32 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [06/22/2007 08:32 AM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [06/22/2007 08:32 AM]
"RTHDCPL"="RTHDCPL.EXE" [07/05/2007 04:08 PM C:\WINDOWS\RTHDCPL.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 08:00 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24 AM]
"updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/30/2007 12:50 PM]
"Steam"="" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 01:39 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TabletWizard"=%windir%\help\wizard.hta
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Lowell\Start Menu\Programs\Startup\
eDexter.lnk - C:\Program Files\Pyrenean\eDexter\eDexter.exe [7/29/2001 6:26:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [5/16/2006 11:42:52 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
IfxWlxEN.dll 03/10/2006 12:20 AM 434176 C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 08/04/2004 08:00 PM 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 04/21/2006 01:29 PM 39936 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
TabBtnWL.dll 08/29/2002 03:41 AM 11776 C:\WINDOWS\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 08/04/2004 08:00 PM 30208 C:\WINDOWS\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup




-- End of Deckard's System Scanner: finished at 2008-01-09 09:13:23 ------------




And I have uploaded the ComboFix text document log.

For what it's worth, I still get the dialog box informing me IE is not the default, and asking if I want to make it so.

One other item. During the running of ComboFix, I received a Windows firewall message stating that it was blocking a certain part of the running program, and asking me if wanted to continue blocking. Of course, I stopped the blocking.

Thanks again!

[Ried]

Hello lowellc, and thank you for the information. That's the first that I've heard of Windows Firewall throwing up a 'block'. Do you happen to recall what file, or process it was attempting to block?


As before, disable AV and Windows Firewall. Open notepad and copy/paste the text in the code box below into it:

Code:

FolderLook::
C:\WINDOWS\system32\AppCert

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FE366D6-9974-4307-9CB5-7DACDDA3A061}]

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------

Run a new scan with HijackThis and save the log. (No need for another dss.exe main.txt. A simple scan with just HijackThis.exe will do.)

---------------------------------------------------------------

Please include the following in your next reply:

(Please do not use quote marks as it makes it more difficult to read. Also. please copy/paste the reports directly into the reply box unless requested for it to be attached or if you receive an error that you're post is exceeding the character limit.) Thanks.

C:\ComboFix.txt
Kaspersky results
New HijackThis log
Update on system behavior

[lowellc]

Hello Ried - so far so good. Original problem, ie, broken desktop shortcuts, seems totally fixed. When prompted this time, I selected IE as my default browser, and they continued to work <HOORAY & THANKS!> The only problem - and it is small - is that when I create a new shortcut now, the icon generated on the desktop is a plain, ugly generic one. For example your forum's shortcut icon was a nice TSF logo, now it looks like the jpg I attached.

Anyway down to the business of pasting. (By the way, the reason I was placing the scans in quotes was I'm almost sure I read buried somewhere in those five step instructions, a note that said tag or quote the pasted scans. The reason given was for easier reading!)

COMBO FIX:
ComboFix 08-01-09.2 - Lowell 2008-01-09 14:31:34.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1349 [GMT -6:00]
Running from: C:\Documents and Settings\Lowell\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lowell\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-09 to 2008-01-09 )))))))))))))))))))))))))))))))
.

2008-01-09 08:45 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 19:27 . 2008-01-08 19:27 <DIR> d-------- C:\Deckard
2008-01-08 18:21 . 2008-01-08 18:21 <DIR> d-------- C:\ie-spyad_zo
2008-01-08 18:16 . 2008-01-08 18:16 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-08 16:51 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\kehmuyfogwki.sys
2008-01-08 16:03 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\dwvrswwoatll.sys
2008-01-08 15:48 . 2008-01-08 15:48 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-08 15:48 . 2008-01-08 16:50 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-08 15:48 . 2008-01-08 16:50 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-08 15:48 . 2008-01-08 16:50 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-07 17:10 . 2008-01-07 17:10 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-07 12:10 . 2008-01-09 08:50 45,056 --a------ C:\WINDOWS\system32\acovcnt.exe
2008-01-06 18:30 . 2008-01-08 18:36 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-01-05 20:25 . 2008-01-05 20:56 131 --a------ C:\WINDOWS\eDexter.INI
2008-01-05 20:24 . 2008-01-05 20:24 <DIR> d-------- C:\Program Files\Pyrenean
2008-01-05 17:43 . 2008-01-05 17:43 <DIR> d-------- C:\Program Files\ACW
2008-01-05 15:14 . 2008-01-05 15:14 <DIR> d-------- C:\Program Files\IObit
2008-01-05 13:03 . 2008-01-05 13:03 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-01-05 13:03 . 2008-01-05 13:03 <DIR> d-------- C:\Program Files\chatsupport.palm.com
2008-01-02 00:06 . 2008-01-02 00:06 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-02 00:06 . 2008-01-02 00:06 <DIR> d-------- C:\Program Files\CCleaner
2008-01-01 14:53 . 2008-01-01 14:53 <DIR> d--hs---- C:\FOUND.010
2008-01-01 12:27 . 2008-01-01 12:27 <DIR> d-------- C:\Documents and Settings\Lowell\Application Data\Grisoft
2008-01-01 12:27 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-01 10:11 . 2008-01-01 10:11 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-01 10:09 . 2008-01-01 10:09 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-12-31 09:35 . 2007-12-31 09:35 120,576 --a------ C:\WINDOWS\system32\kaqtquft.dat
2007-12-31 09:28 . 2007-12-31 09:28 <DIR> d-------- C:\WINDOWS\system32\AppCert
2007-12-31 09:28 . 2007-12-31 09:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-31 09:28 . 2007-12-31 09:28 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-20 17:07 . 2007-12-20 17:07 <DIR> d-------- C:\Program Files\REFN
2007-12-12 13:02 . 2007-10-10 17:55 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-12 13:02 . 2007-06-30 21:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-12 13:02 . 2007-06-30 21:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-12 13:02 . 2007-10-10 17:55 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-12 13:02 . 2007-10-10 17:55 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-12 13:02 . 2007-10-10 17:55 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-12 13:02 . 2007-10-10 17:55 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-12 13:02 . 2007-10-10 17:55 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-12 13:02 . 2007-10-10 04:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-12 12:57 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 15:30 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys_old
2007-12-09 05:39 75 ----a-w C:\StandbyRestart.bat
2007-11-26 21:10 --------- d-----w C:\Documents and Settings\Lowell\Application Data\VREO
2007-11-23 19:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-16 17:55 --------- d-----w C:\Documents and Settings\Lowell\Application Data\Real Estate Center
2007-11-16 17:53 --------- d-----w C:\Program Files\Real Estate Center
2007-11-14 21:38 --------- d-----w C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 16:58 --------- d-----w C:\Program Files\Dictionary
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-31 11:12 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 23:40 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-13 17:15 20,480 ----a-w C:\WINDOWS\rmlluf32.dll
2007-10-11 05:57 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 05:57 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 05:57 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 05:57 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 05:57 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 23:56 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:56 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-05-23 21:01 630,784 ------w C:\Documents and Settings\Lowell\GoToAssist_chat2way__317_en.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-09_ 8.51.58.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-09 14:46:04 1,413,120 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-09 20:31:32 1,413,120 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-09 14:46:04 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-09 20:31:32 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-09 14:46:04 1,413,120 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-09 20:31:32 1,413,120 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-09 14:46:04 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-09 20:31:32 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-09 14:46:06 12,128,256 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-09 20:31:32 12,128,256 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-09 14:46:06 1,490,944 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-09 20:31:32 1,490,944 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2000-08-31 14:00:00 163,328 ----a-w C:\WINDOWS\ERDNT\subs\F3M\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 20:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
"updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 12:50 68856]
"Steam"="" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-05-30 21:31 98304]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [2004-08-04 20:00 16384]
"TabletTip"="C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" [2005-04-25 21:10 271872]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006-02-28 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-02-28 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-02-28 20:00 455168]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20 180224]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2006-04-21 13:18 29696]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-26 20:51 761946]
"Zshutdown"="c:\sysprep\patch\sysprep.cmd" [ ]
"ABLKSR"="C:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 19:14 61440]
"RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 11:51 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 11:52 602182]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 11:56 569413]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2006-02-21 19:36 17920]
"Lexmark X6100 Series"="C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 00:01 57344]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 07:12 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 17:26 217088]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-06-22 08:32 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-06-22 08:32 155648]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-06-22 08:32 131072]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16:08 16380416 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="%windir%\help\wizard.hta" [ ]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-27 07:58 219136]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 12:50 68856]

C:\Documents and Settings\Lowell\Start Menu\Programs\Startup\
eDexter.lnk - C:\Program Files\Pyrenean\eDexter\eDexter.exe [2001-07-29 18:26:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-05-16 11:42:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
IfxWlxEN.dll 2006-03-10 00:20 434176 C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 2004-08-04 20:00 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 2006-04-21 13:29 39936 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
TabBtnWL.dll 2002-08-29 03:41 11776 C:\WINDOWS\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 2004-08-04 20:00 30208 C:\WINDOWS\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-08-14 09:52 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2005-11-29 03:50]
R2 smihlp;SMI helper driver;C:\Program Files\Protector Suite QL\smihlp.sys [2006-04-21 13:15]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-20 20:19]
R3 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2007-03-04 17:31]
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-10 00:07]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-04-21 13:25]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PCTINDIS5.SYS [2006-12-27 07:32]
S3 pnetmdm;PdaNet Modem;C:\WINDOWS\system32\DRIVERS\pnetmdm.sys [2006-09-28 15:32]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-07 1702 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-07 02:40:10 C:\WINDOWS\Tasks\SmartDefrag.job"
- C:\Program Files\IObit\IObit SmartDefrag\schedule.exeA
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 14:32:17
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-09 14:32:34
ComboFix-quarantined-files.txt 2008-01-09 20:32:34
ComboFix2.txt 2008-01-09 14:52:12
.
2008-01-02 09:01:07 --- E O F ---

KAPERSKY:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 09, 2008 4:14:57 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/01/2008
Kaspersky Anti-Virus database records: 505265
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
G:\

Scan Statistics:
Total number of scanned objects: 94485
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:01:11

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Lowell\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Lowell\Local Settings\Temp\~DF99AA.tmp Object is locked skipped
C:\Documents and Settings\Lowell\Local Settings\Temp\~DF79E2.tmp Object is locked skipped
C:\Documents and Settings\Lowell\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Lowell\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lowell\Local Settings\History\History.IE5\MSHist012008010920080110\index.dat Object is locked skipped
C:\Documents and Settings\Lowell\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lowell\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Lowell\Local Settings\Temporary Internet Files\Content.Word\~WRS0000.tmp Object is locked skipped
C:\Documents and Settings\Lowell\Local Settings\Temporary Internet Files\Content.Word\~WRF0001.tmp Object is locked skipped
C:\Documents and Settings\Lowell\Local Settings\Application Data\ApplicationHistory\TCServer.exe.7c11743d.ini.inuse Object is locked skipped
C:\Documents and Settings\Lowell\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Lowell\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Lowell\Local Settings\Application Data\Microsoft\Outlook\archive.pst Object is locked skipped
C:\Documents and Settings\Lowell\Local Settings\Application Data\Microsoft\Outlook\OutlookMain.pst Object is locked skipped
C:\Documents and Settings\Lowell\Local Settings\Application Data\Microsoft\Outlook\archive1.pst Object is locked skipped
C:\Documents and Settings\Lowell\Local Settings\Application Data\Microsoft\FORMS\Location.000\FSB.tmp Object is locked skipped
C:\Documents and Settings\Lowell\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Lowell\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Lowell\Application Data\Microsoft\IMJP8_1\imjp81u.dic Object is locked skipped
C:\Documents and Settings\Lowell\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Lowell\Application Data\Microsoft\Outlook\Office~1.srs Object is locked skipped
C:\Documents and Settings\Lowell\Application Data\Microsoft\Outlook\Office.NK2 Object is locked skipped
C:\Documents and Settings\Lowell\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Lowell\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LowellC\Local Settings\Application Data\Microsoft\Outlook\archive.pst Object is locked skipped
C:\System Volume Information\_restore{DE0B45A4-CE08-45BD-BD30-A979FD5D9C77}\RP26\change.log Object is locked skipped
D:\System Volume Information\_restore{DE0B45A4-CE08-45BD-BD30-A979FD5D9C77}\RP26\change.log Object is locked skipped

Scan process completed.

HIJACK THIS

-- HijackThis (run as Lowell.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:53:15 PM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\WINDOWS\system32\IFXSPMGT.exe
c:\WINDOWS\system32\IFXTCS.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Pyrenean\eDexter\eDexter.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\acovcnt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\Program Files\Infineon\Security Platform Software\PSDrt.exe
c:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\twain_32\escndv\escndv.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Lowell\Desktop\dss.exe
D:\NonRE\DOWNLO~1\Lowell.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/LWww2/NewXPHome2.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd
O4 - HKLM\..\Run: [ABLKSR] C:\windows\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Startup: eDexter.lnk = C:\Program Files\Pyrenean\eDexter\eDexter.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} (Tkweb Control) - http://toolkitcma.com/tkweb/tkweb.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.0.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 13559 bytes

-- Files created between 2007-12-09 and 2008-01-09 -----------------------------

2008-01-09 14:44:50 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-09 14:44:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-09 14:44:46 0 d-------- C:\WINDOWS\LastGood
2008-01-08 18:21:02 0 d-------- C:\ie-spyad_zo
2008-01-08 18:16:43 0 d-------- C:\Program Files\SpywareBlaster
2008-01-08 16:51:49 8576 --a------ C:\WINDOWS\system32\drivers\kehmuyfogwki.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-08 16:03:41 8576 --a------ C:\WINDOWS\system32\drivers\dwvrswwoatll.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-08 15:48:01 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-07 17:10:04 0 d-------- C:\Program Files\Microsoft Silverlight
2008-01-07 12:10:19 45056 --a------ C:\WINDOWS\system32\acovcnt.exe
2008-01-05 20:24:30 0 d-------- C:\Program Files\Pyrenean
2008-01-05 17:43:10 0 d-------- C:\Program Files\ACW
2008-01-05 15:14:02 0 d-------- C:\Program Files\IObit
2008-01-05 14:50:37 0 dr-h----- C:\Documents and Settings\Lowell\Recent
2008-01-05 13:03:02 0 d-------- C:\Program Files\Common Files\supportsoft
2008-01-05 13:03:02 0 d-------- C:\Program Files\chatsupport.palm.com
2008-01-02 0021 0 d-------- C:\Program Files\Yahoo!
2008-01-02 0016 0 d-------- C:\Program Files\CCleaner
2008-01-01 14:53:46 0 d--hs---- C:\FOUND.010
2008-01-01 12:27:19 0 d-------- C:\Documents and Settings\Lowell\Application Data\Grisoft
2008-01-01 10:11:26 0 d-------- C:\Program Files\Lavasoft
2008-01-01 10:09:53 0 d-------- C:\Program Files\RogueRemover FREE
2007-12-31 09:35:44 120576 --a------ C:\WINDOWS\system32\kaqtquft.dat
2007-12-31 09:28:51 0 d-------- C:\WINDOWS\system32\AppCert
2007-12-20 17:07:30 0 d-------- C:\Program Files\REFN
2007-12-12 12:57:23 0 d-------- C:\WINDOWS\network diagnostic


-- Find3M Report ---------------------------------------------------------------

2007-12-08 23:39:28 75 --a------ C:\StandbyRestart.bat
2007-11-26 15:10:34 0 d-------- C:\Documents and Settings\Lowell\Application Data\VREO
2007-11-16 11:55:08 0 d-------- C:\Documents and Settings\Lowell\Application Data\Real Estate Center
2007-11-16 11:53:40 0 d-------- C:\Program Files\Real Estate Center
2007-11-14 15:38:06 0 d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-11-11 10:58:38 0 d-------- C:\Program Files\Dictionary
2007-10-15 18:54:54 1165 --a------ C:\WINDOWS\mozver.dat
2007-10-13 11:15:40 20480 --a------ C:\WINDOWS\rmlluf32.dll
2007-10-10 22:11:54 2058 --a------ C:\WINDOWS\RenHosts.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [05/30/2006 09:31 PM]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [08/04/2004 08:00 PM]
"TabletTip"="C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" [04/25/2005 09:10 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [02/28/2006 08:00 PM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [02/28/2006 08:00 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [02/28/2006 08:00 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [02/28/2006 08:00 PM]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [02/21/2006 03:20 PM]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [04/21/2006 01:18 PM]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [10/17/2005 05:09 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/26/2006 08:51 PM]
"Zshutdown"="c:\sysprep\patch\sysprep.cmd" []
"ABLKSR"="C:\windows\ABLKSR\ABLKSR.exe" [01/02/2006 07:14 PM]
"RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [01/12/2005 03:01 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [01/12/2006 04:40 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [04/14/2006 11:51 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [04/14/2006 11:52 AM]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [04/14/2006 11:56 AM]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [02/21/2006 07:36 PM]
"Lexmark X6100 Series"="C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" [09/23/2003 12:01 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [12/21/2007 07:12 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [03/23/2005 05:26 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 10:54 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 07:05 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [06/22/2007 08:32 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [06/22/2007 08:32 AM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [06/22/2007 08:32 AM]
"RTHDCPL"="RTHDCPL.EXE" [07/05/2007 04:08 PM C:\WINDOWS\RTHDCPL.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 08:00 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24 AM]
"updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/30/2007 12:50 PM]
"Steam"="" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 01:39 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TabletWizard"=%windir%\help\wizard.hta
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Lowell\Start Menu\Programs\Startup\
eDexter.lnk - C:\Program Files\Pyrenean\eDexter\eDexter.exe [7/29/2001 6:26:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [5/16/2006 11:42:52 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
IfxWlxEN.dll 03/10/2006 12:20 AM 434176 C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 08/04/2004 08:00 PM 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 04/21/2006 01:29 PM 39936 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
TabBtnWL.dll 08/29/2002 03:41 AM 11776 C:\WINDOWS\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 08/04/2004 08:00 PM 30208 C:\WINDOWS\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup




-- End of Deckard's System Scanner: finished at 2008-01-09 16:53:26 ------------

Again, thank you so much. Just let me mention one more item. I notice my hosts file was totally cleaned out except for the one local IP number. Can I load that up with the MVPS HOSTS file to block ads? It's kind of fun with eDexter. You probably know, but it's a program that substitutes a gif image in place of the ad that is blocked. I uploaded six different mushroom clouds for my replacement gifs.

Any other tests? What should I do routinely as maintenance?

Oh, I also notice that in the status bar in lower left hand corner on many pages - this page for example, on my computer - is the message Done, but with errors on page. Do you know that is?

[Ried]

Hello lowellc,

Quote:

when I create a new shortcut now, the icon generated on the desktop is a plain, ugly generic one. For example your forum's shortcut icon was a nice TSF logo, now it looks like the jpg I attached.

Has that always happened--or is this a recent occurrence, for instance after running dss.exe, and ComboFix.exe?

The reason I'm asking is that sometimes those are stored in the Temp Internet Cache and both of those tools cleaned the Temp and Temp Internet files when they ran.

You may want to take a look at this thread for an alternative method of storing those favicons --> Desktop [Favicons] Icons missing

--------------------------------------------------------------

Quote:

I'm almost sure I read buried somewhere in those five step instructions, a note that said tag or quote the pasted scans.

Step 5:

Quote:

When posting the log please DO NOT:

Perhaps we should color code that so it stands out a bit more--especially since generally speaking, most instructions one comes across are 'To-Do', not 'Don't'.

**************************

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will clear out ComboFix.exe, as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

• It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

**Kindly respond one more time and let me know if we may consider this thread resolved.


**edit** Oops..almost forgot...

Quote:

I also notice that in the status bar in lower left hand corner on many pages - this page for example, on my computer - is the message Done, but with errors on page. Do you know that is?

That would be due to the MVPS HOSTS files. It's nothing to be concerned about. And yes, go ahead and put that back in if you haven't already. ComboFix.exe automatically resets the hosts file to Windows default as so very many malware invade that section these days.

[lowellc]

Yes, Ried. RESOLVED. Thanks so much. This forum and its volunteers are magnificent.

The only glitch is I can't seem to make McAffee Site Advisor work. Nothing seems to be happening. No color coded threat indicator boxes by search results or in the brower toolbars. I'm probably missing something.

Oh btw, I installed the FavOrg program took, and am working on figuring it out too. And yes, the icons did lose their logo look after running those fixes. They're returning now but kind of randomly it seems like. Anyway, cheers. Lowellc

[Ried]

I'm so glad that worked out for you.

Regarding McAfee SiteAdvisor, in IE, look way over to the right and click on the gear icon with 'Tools' next to it.

In the dropdown menu, select Tools

Do you see McAfee Site Advisor there? Is there a 'check' next to it?

[lowellc]

I don't see it. Note post, please.

[lowellc]

I meant, note attachment.

[Ried]

Ohhhh.

Here's a crazy question--did you use the download link for IE browser? If so, then I'd just try downloading it again.

[lowellc]

I'm a little lost here. The link you sent was for Firefox version, so I just figured that was a mistake, and I browsed the site downloads and downloaded the IE version. Is that what you mean? Was that right?

[Ried]

The link I provided has download links 3 browsers. Firefox is the big box, with small print below it for IE and 'other'.

So yes, if you want it for IE, that would be the download.


Do you see McAfee Site Advisor in your Add/Remove programs panel?

[lowellc]

Yes, it is in the add/remove list. (I'll catch this in the morning zzzzzzz, I've got to hit the hay. Thanks a million.)

[Ried]

Same here.

Uninstall it via the Add/Remove programs, then try reinstalling it again.

Talk to you tomorrow.

[lowellc]

I tried that and also spent a couple of the most unproductive hours in my life trying to get some support from McAfee. They are the absolute worst I've seen. Worst chat experience, worst navigation, worst interface. McAfee - Such a contrast to working with TSF

I'm trying out their free email support but I'm not optimistic. Basically I can't get tech support until I'm registered with them. And registration is an occult process I haven't been able to crack.

Anyway, wanted to let you know. I'll probably just give up on them.

Do you think it's possible that something in that citadel of spyware/malware defenses I have installed, some good intentioned code is preventing that Site Advisor tool bar from installing??

Thanks again Ried.

[Ried]

That's a possibility. Make sure you're disconnected from the internet, and disable all your protection programs, then try re-installing McAfee Site Advisor again.

**Don't forget to re-enable your protective programs when you're through.