bigfkd22
2008-08-21, 13:16
Hi guys.
I have followed the instructions given in the stickies but I still have problems. My computer was infected with Antivrius 2008. I downloaded the AntiMalware software from Malwarebytes. But still I have the Windows Security pop-up informing me I still have a Trojan problem:
First it was Trojan-Spy.Win32.Keylogger.aa,
then Trojan-Clicker.Win32.Tinyh and now
Trojan-Downloader.Win32.Agent.Bq.
I have installed superantispyware and multiple antivirus and spyware programs.
But still I have the pop-up reporting Trojans.
I have run sdfix combofix but again still have problems. I have posted my hijackthis sdfix and combofix logs below
Thank you so much!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:49:15 AM, on 8/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\Media Manager\MediaManager.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ivkfspkr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [MediaManager] C:\Program Files\Verizon\Media Manager\MediaManager.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [actmon] C:\WINDOWS\system32\ivkfspkr.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - https://www.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158134407265
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: OmniForm Printer - Unknown owner - C:\WINDOWS\system32\ofps.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
--
End of file - 13049 bytes
ComboFix 08-08-19.06 - Valued Customer 2008-08-21 6:41:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.439 [GMT -4:00]
Running from: C:\Documents and Settings\Valued Customer\Desktop\downloads\MKSAP\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-07-21 to 2008-08-21 )))))))))))))))))))))))))))))))
.
2008-08-20 20:57 . 2008-08-20 20:58 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-20 20:45 . 2005-11-14 06:18 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-4105E587B6\Application Data\Symantec
2008-08-20 20:45 . 2005-11-14 06:15 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-4105E587B6\Application Data\Apple Computer
2008-08-20 20:45 . 2008-08-20 20:45 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-4105E587B6
2008-08-20 20:36 . 2008-08-21 06:34 <DIR> d-------- C:\SDFix
2008-08-20 20:17 . 2008-08-21 06:26 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-20 20:17 . 2008-08-20 20:17 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-20 20:17 . 2008-08-20 20:17 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-20 20:16 . 2008-08-20 20:16 <DIR> d-------- C:\Program Files\AVG
2008-08-20 17:30 . 2008-08-20 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-20 06:42 . 2008-08-20 06:42 280 --a------ C:\WINDOWS\system32\PDBootState
2008-08-19 21:51 . 2008-08-19 21:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-19 21:43 . 2008-08-19 21:43 <DIR> d-------- C:\Program Files\AdwareAlert
2008-08-19 21:43 . 2008-08-19 21:44 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\AdwareAlert
2008-08-19 21:16 . 2008-08-19 21:16 <DIR> d-------- C:\WINDOWS\0E6AB9FC76C2431B9C066C1CFFFEA8EB.TMP
2008-08-19 19:22 . 2008-08-19 19:22 49 --a------ C:\WINDOWS\hpntwksetup.ini
2008-08-19 14:29 . 2008-08-20 09:21 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-19 11:02 . 2008-08-20 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-18 10:30 . 2008-08-18 10:30 81,920 --a------ C:\Documents and Settings\Valued Customer\Application Data\ezpinst.exe
2008-08-17 07:05 . 2008-08-17 07:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-17 07:05 . 2008-08-17 07:05 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\Malwarebytes
2008-08-17 07:05 . 2008-08-17 07:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-17 07:05 . 2008-07-30 20:14 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-17 07:05 . 2008-07-30 20:14 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-17 05:47 . 2008-08-17 07:06 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-08-16 08:21 . 2008-08-16 08:21 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-16 07:52 . 2008-08-16 07:52 77,824 --a------ C:\WINDOWS\system32\ivkfspkr.exe
2008-08-16 00:02 . 2008-01-09 10:35 55,296 --a------ C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-08-16 00:00 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys
2008-08-15 23:58 . 2008-08-15 23:58 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-08-15 23:57 . 2008-08-15 23:57 <DIR> d-------- C:\Program Files\Raxco
2008-08-15 23:57 . 2008-08-15 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-08-15 23:56 . 2008-08-16 08:21 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-08-15 23:56 . 2008-08-15 23:56 <DIR> d-------- C:\Program Files\CA
2008-08-15 23:43 . 2008-08-19 16:08 <DIR> d-------- C:\Program Files\oacvxsf
2008-08-15 23:43 . 2008-08-15 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\pwbkzsjy
2008-08-14 06:08 . 2008-05-01 10:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-07 16:49 . 2008-08-07 16:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-02 09:22 . 2008-08-07 16:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-29 20:55 . 2008-07-29 20:56 <DIR> d-------- C:\Program Files\MKSAP 14
2008-07-21 16:00 . 2008-07-21 16:00 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\Motive
2008-07-21 15:55 . 2008-07-21 15:55 <DIR> d-------- C:\WINDOWS\bin
2008-07-21 15:55 . 2008-08-15 23:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Verizon
2008-07-21 15:54 . 2008-07-21 15:54 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-07-21 15:54 . 2008-07-21 15:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-20 01:55 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-08-20 01:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-20 01:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-18 15:43 --------- d-----w C:\Program Files\Symantec
2008-08-18 14:30 47,360 ----a-w C:\Documents and Settings\Valued Customer\Application Data\pcouffin.sys
2008-08-18 14:30 --------- d-----w C:\Documents and Settings\Valued Customer\Application Data\Vso
2008-08-18 14:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-18 14:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-18 14:19 --------- d-----w C:\Program Files\Mail Forward
2008-08-18 13:49 --------- d-----w C:\Program Files\Avi2Dvd
2008-08-18 13:48 --------- d-----w C:\Program Files\AviSynth 2.5
2008-08-18 13:46 --------- d-----w C:\Program Files\Recovery for Word
2008-08-16 12:23 --------- d-----w C:\Documents and Settings\Valued Customer\Application Data\Verizon
2008-08-16 03:55 --------- d-----w C:\Program Files\Verizon
2008-08-15 07:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-08 08:11 724,992 ----a-w C:\WINDOWS\iun6002.exe
2008-08-08 08:11 --------- d-----w C:\Program Files\Common Files\Skyscape
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-03-10 22:45 2,953 ----a-w C:\Documents and Settings\Valued Customer\Application Data\SAS7_000.DAT
2007-10-11 10:30 430 ----a-w C:\Documents and Settings\Valued Customer\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((( snapshot@2008-08-20_21.34.54.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-21 00:58:55 6,029,312 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-08-21 10:08:06 6,029,312 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
- 2008-08-21 00:58:56 180,224 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-21 10:08:07 180,224 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-25 22:52 476702]
"actmon"="C:\WINDOWS\system32\ivkfspkr.exe" [2008-08-16 07:52 77824]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-04 11:50 405583]
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [2008-08-19 10:03 9093120]
"SetDefaultMIDI"="MIDIDef.exe" [2005-08-29 06:43 25600 C:\WINDOWS\MIDIDEF.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-10 01:05 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 16:50 729178]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 14:59 794624]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 17:54 253952]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 18:26 233534]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 17:15 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-08-24 19:39 397312]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 23:46 624248]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-09-28 14:30 936960]
"MediaManager"="C:\Program Files\Verizon\Media Manager\MediaManager.exe" [2007-10-19 11:22 1400832]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2008-02-13 13:03 2065648]
"Verizon Internet Security Suite"="C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe" [2008-02-26 17:10 318704]
"-FreedomNeedsReboot"="C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe" [2008-02-26 17:11 13552]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-20 20:17 1232152]
"SbUsb AudCtrl"="sbusbdll.dll" [2004-08-19 08:31 97792 C:\WINDOWS\system32\sbusbdll.dll]
"CTHelper"="CTHELPER.EXE" [2005-08-29 06:54 16384 C:\WINDOWS\CTHELPER.EXE]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Valued Customer^Start Menu^Programs^Startup^Skyscape smARTupdate.lnk]
backup=C:\WINDOWS\pss\Skyscape SmartUpdate.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhc3nmj0et3t
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2007-05-10 23:46 624248 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-07-20 11:48 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--a------ 2004-12-02 18:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 06:48 157592 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2005-01-04 11:50 405583 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]
--a------ 2005-11-04 01:44 106496 C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 03:11 49152 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iobi]
--a------ 2006-06-01 17:33 774144 C:\Program Files\Verizon\iobi\IOBIClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2003-09-29 17:00 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-05-06 04:42 202088 C:\Program Files\TomTom HOME 2\HOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
--a------ 2005-11-04 00:29 266240 C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINREMOTE]
--a------ 2005-11-04 00:30 266240 C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\ScanSoft\\OmniForm Premium 5.0\\EReg\\NAVBrowser.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\temp\\HP_WebRelease\\Setup\\HPZnet01.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Verizon\\Media Manager\\MediaManager.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-20 20:17]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 16:03]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-20 20:16]
R2 nxsIO32;NextSensor Kernel I/O Driver;C:\WINDOWS\System32\DRIVERS\nxsIO32.sys [2006-07-07 22:38]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-05-02 20:33]
S3 ne2000;Novell/Eagle NE2000 Adapter Driver;C:\WINDOWS\system32\DRIVERS\ne2000.sys [2001-08-17 16:49]
S3 Radialpoint Security Services;Verizon Internet Security Suite;C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe [2008-02-26 17:10]
S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys [2004-08-26 09:47]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c9d75ad-393c-11dd-a725-000fb0c50f0c}]
\Shell\AutoRun\command - H:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder
2008-08-21 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
- C:\Program Files\AdwareAlert\AdwareAlert.exe [2008-08-19 10:03]
2008-08-21 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
- C:\Program Files\AdwareAlert [2008-08-19 21:43]
2008-08-14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\6ny402k8.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 06:45:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????Qj?w^k?w?????? ???B?????????????hLC? ??????
CTHelper = CTHELPER.EXE?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-21 6:47:23
ComboFix-quarantined-files.txt 2008-08-21 10:46:28
ComboFix2.txt 2008-08-21 01:35:48
Pre-Run: 25,286,512,640 bytes free
Post-Run: 25,268,404,224 bytes free
263 --- E O F --- 2008-08-15 07:22:00
SDFix: Version 1.218
Run by Valued Customer on Thu 08/21/2008 at 06:13 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 06:29:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:d4e99325
"s2"=dword:bbd931bb
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:d1,c0,b5,f9,ab,c1,03,43,d1,c9,32,10,66,fb,38,6f,d6,b4,41,1e,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,02,af,e1,87,87,74,46,9a,e8,2e,75,ce,09,25,6f,00,..
"khjeh"=hex:74,40,47,56,1f,c8,ca,65,c4,17,11,b0,63,2f,b2,de,8d,14,c7,53,34,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8a,e1,70,c3,24,ab,95,f0,1e,77,d9,d5,d8,c3,75,71,82,bd,20,8c,8b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:55,1b,a0,25,34,ec,1f,83,36,8c,d6,54,ae,76,79,28,43,89,5a,65,84,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:1d,be,88,0c,3b,5a,f1,44,8b,09,f7,19,d9,b4,88,7c,37,db,d4,3d,f9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:a1,ff,a4,09,43,63,4d,19,86,03,20,a4,2c,34,00,c9,f8,e4,25,93,2c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:d1,c0,b5,f9,ab,c1,03,43,d1,c9,32,10,66,fb,38,6f,d6,b4,41,1e,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,02,af,e1,87,87,74,46,9a,e8,2e,75,ce,09,25,6f,00,..
"khjeh"=hex:74,40,47,56,1f,c8,ca,65,c4,17,11,b0,63,2f,b2,de,8d,14,c7,53,34,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8a,e1,70,c3,24,ab,95,f0,1e,77,d9,d5,d8,c3,75,71,82,bd,20,8c,8b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:55,1b,a0,25,34,ec,1f,83,36,8c,d6,54,ae,76,79,28,43,89,5a,65,84,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:1d,be,88,0c,3b,5a,f1,44,8b,09,f7,19,d9,b4,88,7c,37,db,d4,3d,f9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:a1,ff,a4,09,43,63,4d,19,86,03,20,a4,2c,34,00,c9,f8,e4,25,93,2c,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor"
"C:\\Program Files\\ScanSoft\\OmniForm Premium 5.0\\EReg\\NAVBrowser.exe"="C:\\Program Files\\ScanSoft\\OmniForm Premium 5.0\\EReg\\NAVBrowser.exe:*:Disabled:NAVBrowser"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw"
"C:\\temp\\HP_WebRelease\\Setup\\HPZnet01.exe"="C:\\temp\\HP_WebRelease\\Setup\\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Verizon\\Media Manager\\MediaManager.exe"="C:\\Program Files\\Verizon\\Media Manager\\MediaManager.exe:*:Enabled:Verizon Media Manager"
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe:*:Enabled:Kaspersky Internet Security 2009 Setup"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
Files with Hidden Attributes :
Wed 13 Oct 2004 1,694,208 A.SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Tue 11 Mar 2008 31,744 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL0001.tmp"
Sat 15 Sep 2007 30,208 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL0036.tmp"
Sat 30 Jun 2007 29,184 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL0058.tmp"
Sun 1 Jul 2007 25,088 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL0172.tmp"
Wed 15 Aug 2007 25,600 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL0774.tmp"
Thu 4 Oct 2007 26,112 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL1011.tmp"
Fri 5 Oct 2007 30,720 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL1137.tmp"
Wed 15 Aug 2007 25,600 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL1300.tmp"
Wed 19 Sep 2007 23,040 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL1530.tmp"
Fri 28 Mar 2008 30,208 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL1697.tmp"
Sat 30 Jun 2007 29,696 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL1703.tmp"
Wed 10 Oct 2007 33,280 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL1773.tmp"
Sun 1 Jul 2007 25,088 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL2255.tmp"
Sat 30 Jun 2007 28,160 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL2325.tmp"
Mon 9 Jul 2007 26,624 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL2446.tmp"
Sun 1 Jul 2007 24,064 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL3020.tmp"
Wed 15 Aug 2007 25,600 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL3033.tmp"
Sat 30 Jun 2007 27,648 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL3491.tmp"
Mon 2 Jul 2007 26,112 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL3714.tmp"
Sat 30 Jun 2007 29,184 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL3843.tmp"
Wed 10 Oct 2007 33,280 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL3896.tmp"
Sat 30 Jun 2007 29,184 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL4052.tmp"
Tue 15 Apr 2008 12,317 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL4085.tmp"
Wed 31 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv04.tmp"
Sat 12 Apr 2008 36,352 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\Brittney\~WRL1320.tmp"
Wed 19 Dec 2007 24,576 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\Letters\~WRL0001.tmp"
Thu 18 Oct 2007 49,152 ...H. --- "C:\Documents and Settings\Valued Customer\Application Data\Microsoft\Word\~WRL0089.tmp"
Sun 12 Aug 2007 48,128 ...H. --- "C:\Documents and Settings\Valued Customer\Application Data\Microsoft\Word\~WRL0605.tmp"
Tue 14 Aug 2007 48,128 ...H. --- "C:\Documents and Settings\Valued Customer\Application Data\Microsoft\Word\~WRL4065.tmp"
Mon 15 May 2006 24,576 ...H. --- "C:\Documents and Settings\Valued Customer\Desktop\Brittney\JumpBackUp\~WRL2053.tmp"
Finished!
I have followed the instructions given in the stickies but I still have problems. My computer was infected with Antivrius 2008. I downloaded the AntiMalware software from Malwarebytes. But still I have the Windows Security pop-up informing me I still have a Trojan problem:
First it was Trojan-Spy.Win32.Keylogger.aa,
then Trojan-Clicker.Win32.Tinyh and now
Trojan-Downloader.Win32.Agent.Bq.
I have installed superantispyware and multiple antivirus and spyware programs.
But still I have the pop-up reporting Trojans.
I have run sdfix combofix but again still have problems. I have posted my hijackthis sdfix and combofix logs below
Thank you so much!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:49:15 AM, on 8/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\Media Manager\MediaManager.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ivkfspkr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [MediaManager] C:\Program Files\Verizon\Media Manager\MediaManager.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [actmon] C:\WINDOWS\system32\ivkfspkr.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - https://www.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158134407265
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: OmniForm Printer - Unknown owner - C:\WINDOWS\system32\ofps.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
--
End of file - 13049 bytes
ComboFix 08-08-19.06 - Valued Customer 2008-08-21 6:41:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.439 [GMT -4:00]
Running from: C:\Documents and Settings\Valued Customer\Desktop\downloads\MKSAP\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-07-21 to 2008-08-21 )))))))))))))))))))))))))))))))
.
2008-08-20 20:57 . 2008-08-20 20:58 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-20 20:45 . 2005-11-14 06:18 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-4105E587B6\Application Data\Symantec
2008-08-20 20:45 . 2005-11-14 06:15 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-4105E587B6\Application Data\Apple Computer
2008-08-20 20:45 . 2008-08-20 20:45 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-4105E587B6
2008-08-20 20:36 . 2008-08-21 06:34 <DIR> d-------- C:\SDFix
2008-08-20 20:17 . 2008-08-21 06:26 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-20 20:17 . 2008-08-20 20:17 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-20 20:17 . 2008-08-20 20:17 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-20 20:16 . 2008-08-20 20:16 <DIR> d-------- C:\Program Files\AVG
2008-08-20 17:30 . 2008-08-20 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-20 06:42 . 2008-08-20 06:42 280 --a------ C:\WINDOWS\system32\PDBootState
2008-08-19 21:51 . 2008-08-19 21:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-19 21:43 . 2008-08-19 21:43 <DIR> d-------- C:\Program Files\AdwareAlert
2008-08-19 21:43 . 2008-08-19 21:44 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\AdwareAlert
2008-08-19 21:16 . 2008-08-19 21:16 <DIR> d-------- C:\WINDOWS\0E6AB9FC76C2431B9C066C1CFFFEA8EB.TMP
2008-08-19 19:22 . 2008-08-19 19:22 49 --a------ C:\WINDOWS\hpntwksetup.ini
2008-08-19 14:29 . 2008-08-20 09:21 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-19 11:02 . 2008-08-20 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-18 10:30 . 2008-08-18 10:30 81,920 --a------ C:\Documents and Settings\Valued Customer\Application Data\ezpinst.exe
2008-08-17 07:05 . 2008-08-17 07:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-17 07:05 . 2008-08-17 07:05 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\Malwarebytes
2008-08-17 07:05 . 2008-08-17 07:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-17 07:05 . 2008-07-30 20:14 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-17 07:05 . 2008-07-30 20:14 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-17 05:47 . 2008-08-17 07:06 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-08-16 08:21 . 2008-08-16 08:21 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-16 07:52 . 2008-08-16 07:52 77,824 --a------ C:\WINDOWS\system32\ivkfspkr.exe
2008-08-16 00:02 . 2008-01-09 10:35 55,296 --a------ C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-08-16 00:00 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys
2008-08-15 23:58 . 2008-08-15 23:58 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-08-15 23:57 . 2008-08-15 23:57 <DIR> d-------- C:\Program Files\Raxco
2008-08-15 23:57 . 2008-08-15 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-08-15 23:56 . 2008-08-16 08:21 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-08-15 23:56 . 2008-08-15 23:56 <DIR> d-------- C:\Program Files\CA
2008-08-15 23:43 . 2008-08-19 16:08 <DIR> d-------- C:\Program Files\oacvxsf
2008-08-15 23:43 . 2008-08-15 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\pwbkzsjy
2008-08-14 06:08 . 2008-05-01 10:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-07 16:49 . 2008-08-07 16:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-02 09:22 . 2008-08-07 16:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-29 20:55 . 2008-07-29 20:56 <DIR> d-------- C:\Program Files\MKSAP 14
2008-07-21 16:00 . 2008-07-21 16:00 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\Motive
2008-07-21 15:55 . 2008-07-21 15:55 <DIR> d-------- C:\WINDOWS\bin
2008-07-21 15:55 . 2008-08-15 23:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Verizon
2008-07-21 15:54 . 2008-07-21 15:54 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-07-21 15:54 . 2008-07-21 15:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-20 01:55 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-08-20 01:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-20 01:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-18 15:43 --------- d-----w C:\Program Files\Symantec
2008-08-18 14:30 47,360 ----a-w C:\Documents and Settings\Valued Customer\Application Data\pcouffin.sys
2008-08-18 14:30 --------- d-----w C:\Documents and Settings\Valued Customer\Application Data\Vso
2008-08-18 14:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-18 14:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-18 14:19 --------- d-----w C:\Program Files\Mail Forward
2008-08-18 13:49 --------- d-----w C:\Program Files\Avi2Dvd
2008-08-18 13:48 --------- d-----w C:\Program Files\AviSynth 2.5
2008-08-18 13:46 --------- d-----w C:\Program Files\Recovery for Word
2008-08-16 12:23 --------- d-----w C:\Documents and Settings\Valued Customer\Application Data\Verizon
2008-08-16 03:55 --------- d-----w C:\Program Files\Verizon
2008-08-15 07:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-08 08:11 724,992 ----a-w C:\WINDOWS\iun6002.exe
2008-08-08 08:11 --------- d-----w C:\Program Files\Common Files\Skyscape
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-03-10 22:45 2,953 ----a-w C:\Documents and Settings\Valued Customer\Application Data\SAS7_000.DAT
2007-10-11 10:30 430 ----a-w C:\Documents and Settings\Valued Customer\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((( snapshot@2008-08-20_21.34.54.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-21 00:58:55 6,029,312 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-08-21 10:08:06 6,029,312 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
- 2008-08-21 00:58:56 180,224 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-21 10:08:07 180,224 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-25 22:52 476702]
"actmon"="C:\WINDOWS\system32\ivkfspkr.exe" [2008-08-16 07:52 77824]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-04 11:50 405583]
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [2008-08-19 10:03 9093120]
"SetDefaultMIDI"="MIDIDef.exe" [2005-08-29 06:43 25600 C:\WINDOWS\MIDIDEF.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-10 01:05 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 16:50 729178]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 14:59 794624]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 17:54 253952]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 18:26 233534]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 17:15 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-08-24 19:39 397312]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 23:46 624248]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-09-28 14:30 936960]
"MediaManager"="C:\Program Files\Verizon\Media Manager\MediaManager.exe" [2007-10-19 11:22 1400832]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2008-02-13 13:03 2065648]
"Verizon Internet Security Suite"="C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe" [2008-02-26 17:10 318704]
"-FreedomNeedsReboot"="C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe" [2008-02-26 17:11 13552]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-20 20:17 1232152]
"SbUsb AudCtrl"="sbusbdll.dll" [2004-08-19 08:31 97792 C:\WINDOWS\system32\sbusbdll.dll]
"CTHelper"="CTHELPER.EXE" [2005-08-29 06:54 16384 C:\WINDOWS\CTHELPER.EXE]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Valued Customer^Start Menu^Programs^Startup^Skyscape smARTupdate.lnk]
backup=C:\WINDOWS\pss\Skyscape SmartUpdate.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhc3nmj0et3t
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2007-05-10 23:46 624248 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-07-20 11:48 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--a------ 2004-12-02 18:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 06:48 157592 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2005-01-04 11:50 405583 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]
--a------ 2005-11-04 01:44 106496 C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 03:11 49152 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iobi]
--a------ 2006-06-01 17:33 774144 C:\Program Files\Verizon\iobi\IOBIClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2003-09-29 17:00 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-05-06 04:42 202088 C:\Program Files\TomTom HOME 2\HOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
--a------ 2005-11-04 00:29 266240 C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINREMOTE]
--a------ 2005-11-04 00:30 266240 C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\ScanSoft\\OmniForm Premium 5.0\\EReg\\NAVBrowser.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\temp\\HP_WebRelease\\Setup\\HPZnet01.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Verizon\\Media Manager\\MediaManager.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-20 20:17]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 16:03]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-20 20:16]
R2 nxsIO32;NextSensor Kernel I/O Driver;C:\WINDOWS\System32\DRIVERS\nxsIO32.sys [2006-07-07 22:38]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-05-02 20:33]
S3 ne2000;Novell/Eagle NE2000 Adapter Driver;C:\WINDOWS\system32\DRIVERS\ne2000.sys [2001-08-17 16:49]
S3 Radialpoint Security Services;Verizon Internet Security Suite;C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe [2008-02-26 17:10]
S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys [2004-08-26 09:47]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c9d75ad-393c-11dd-a725-000fb0c50f0c}]
\Shell\AutoRun\command - H:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder
2008-08-21 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
- C:\Program Files\AdwareAlert\AdwareAlert.exe [2008-08-19 10:03]
2008-08-21 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
- C:\Program Files\AdwareAlert [2008-08-19 21:43]
2008-08-14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\6ny402k8.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 06:45:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????Qj?w^k?w?????? ???B?????????????hLC? ??????
CTHelper = CTHELPER.EXE?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-21 6:47:23
ComboFix-quarantined-files.txt 2008-08-21 10:46:28
ComboFix2.txt 2008-08-21 01:35:48
Pre-Run: 25,286,512,640 bytes free
Post-Run: 25,268,404,224 bytes free
263 --- E O F --- 2008-08-15 07:22:00
SDFix: Version 1.218
Run by Valued Customer on Thu 08/21/2008 at 06:13 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 06:29:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:d4e99325
"s2"=dword:bbd931bb
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:d1,c0,b5,f9,ab,c1,03,43,d1,c9,32,10,66,fb,38,6f,d6,b4,41,1e,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,02,af,e1,87,87,74,46,9a,e8,2e,75,ce,09,25,6f,00,..
"khjeh"=hex:74,40,47,56,1f,c8,ca,65,c4,17,11,b0,63,2f,b2,de,8d,14,c7,53,34,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8a,e1,70,c3,24,ab,95,f0,1e,77,d9,d5,d8,c3,75,71,82,bd,20,8c,8b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:55,1b,a0,25,34,ec,1f,83,36,8c,d6,54,ae,76,79,28,43,89,5a,65,84,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:1d,be,88,0c,3b,5a,f1,44,8b,09,f7,19,d9,b4,88,7c,37,db,d4,3d,f9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:a1,ff,a4,09,43,63,4d,19,86,03,20,a4,2c,34,00,c9,f8,e4,25,93,2c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:d1,c0,b5,f9,ab,c1,03,43,d1,c9,32,10,66,fb,38,6f,d6,b4,41,1e,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,02,af,e1,87,87,74,46,9a,e8,2e,75,ce,09,25,6f,00,..
"khjeh"=hex:74,40,47,56,1f,c8,ca,65,c4,17,11,b0,63,2f,b2,de,8d,14,c7,53,34,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8a,e1,70,c3,24,ab,95,f0,1e,77,d9,d5,d8,c3,75,71,82,bd,20,8c,8b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:55,1b,a0,25,34,ec,1f,83,36,8c,d6,54,ae,76,79,28,43,89,5a,65,84,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:1d,be,88,0c,3b,5a,f1,44,8b,09,f7,19,d9,b4,88,7c,37,db,d4,3d,f9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:a1,ff,a4,09,43,63,4d,19,86,03,20,a4,2c,34,00,c9,f8,e4,25,93,2c,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor"
"C:\\Program Files\\ScanSoft\\OmniForm Premium 5.0\\EReg\\NAVBrowser.exe"="C:\\Program Files\\ScanSoft\\OmniForm Premium 5.0\\EReg\\NAVBrowser.exe:*:Disabled:NAVBrowser"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw"
"C:\\temp\\HP_WebRelease\\Setup\\HPZnet01.exe"="C:\\temp\\HP_WebRelease\\Setup\\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Verizon\\Media Manager\\MediaManager.exe"="C:\\Program Files\\Verizon\\Media Manager\\MediaManager.exe:*:Enabled:Verizon Media Manager"
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe:*:Enabled:Kaspersky Internet Security 2009 Setup"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
Files with Hidden Attributes :
Wed 13 Oct 2004 1,694,208 A.SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Tue 11 Mar 2008 31,744 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL0001.tmp"
Sat 15 Sep 2007 30,208 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL0036.tmp"
Sat 30 Jun 2007 29,184 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL0058.tmp"
Sun 1 Jul 2007 25,088 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL0172.tmp"
Wed 15 Aug 2007 25,600 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL0774.tmp"
Thu 4 Oct 2007 26,112 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL1011.tmp"
Fri 5 Oct 2007 30,720 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL1137.tmp"
Wed 15 Aug 2007 25,600 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL1300.tmp"
Wed 19 Sep 2007 23,040 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL1530.tmp"
Fri 28 Mar 2008 30,208 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL1697.tmp"
Sat 30 Jun 2007 29,696 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL1703.tmp"
Wed 10 Oct 2007 33,280 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL1773.tmp"
Sun 1 Jul 2007 25,088 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL2255.tmp"
Sat 30 Jun 2007 28,160 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL2325.tmp"
Mon 9 Jul 2007 26,624 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL2446.tmp"
Sun 1 Jul 2007 24,064 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL3020.tmp"
Wed 15 Aug 2007 25,600 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL3033.tmp"
Sat 30 Jun 2007 27,648 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL3491.tmp"
Mon 2 Jul 2007 26,112 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL3714.tmp"
Sat 30 Jun 2007 29,184 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL3843.tmp"
Wed 10 Oct 2007 33,280 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL3896.tmp"
Sat 30 Jun 2007 29,184 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL4052.tmp"
Tue 15 Apr 2008 12,317 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\~WRL4085.tmp"
Wed 31 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv04.tmp"
Sat 12 Apr 2008 36,352 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\Brittney\~WRL1320.tmp"
Wed 19 Dec 2007 24,576 ...H. --- "C:\Documents and Settings\Valued Customer\My Documents\Letters\~WRL0001.tmp"
Thu 18 Oct 2007 49,152 ...H. --- "C:\Documents and Settings\Valued Customer\Application Data\Microsoft\Word\~WRL0089.tmp"
Sun 12 Aug 2007 48,128 ...H. --- "C:\Documents and Settings\Valued Customer\Application Data\Microsoft\Word\~WRL0605.tmp"
Tue 14 Aug 2007 48,128 ...H. --- "C:\Documents and Settings\Valued Customer\Application Data\Microsoft\Word\~WRL4065.tmp"
Mon 15 May 2006 24,576 ...H. --- "C:\Documents and Settings\Valued Customer\Desktop\Brittney\JumpBackUp\~WRL2053.tmp"
Finished!