Solved Redirects, unable to open Regedit/cmd - almost all fixed

[Resolved] Redirects, unable to open Regedit/cmd - almost all fixed

Hi,

The issues I have been having are nearly identical to the ones outlined in this thread:
http://www.windowsbbs.com/malware-v...d-browser-hijack-unable-open-cmd-regedit.html

I have been carefully trying to get my system into good shape by following the great instructions in that thread.

These were the issues I was having:
Google redirects occasionaly
Couldn't open Regedit (I really didn't like that)
Couldn't open CMD window or MSConfig
Sometimes I couldn't see any of my desktop icons; just the wallpaper
Most of my normal statup utilities seemed disabled (like virus protection)

I'm in a much better state now, however I don't think everything is completely gone. Here is what I can do now:
I can now open Regedit (Yeah!)
I can open CMD window, MSConfig , and right-click > Edit BAT files
No Desktop icon issues

Here's one concern I have: No matter how many times I've tried, I cannot successfully download ComboFix.exe (even if I rename it). I always get a message about right-protected. Since my system is in better shape, the last time I tried to download, ETrust said this:

The Win32/SillyAutorun.AWH was detected in C:\DOCUMENTS AND SETTINGS\zzzz\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\HUKJ2XGB\COMBOFIX[1].EXE.
Machine: MyMachineName, User: MyMachineName\zzzz.
File Status: Cure failed, file restored.

If I turn off ETrust, I still can't download it. So I don't think I'm completely in the clear yet. I'm close, but not complete.

I'm hoping for some assistance in getting over the finish line.

Here is the DDS result:

DDS (Ver_09-03-16.01) - NTFSx86
Run by zzzz at 12:10:27.35 on Sun 05/10/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.612 [GMT -7:00]

AV: eTrust Antivirus *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\IT Connection Manager\SRUserService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\zzzz\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.dell4me.com/myway
uWindow Title = Windows Internet Explorer provided by Comcast
mDefault_Search_URL = about:blank
mSearch Page = about:blank
mWindow Title = Windows Internet Explorer provided by Comcast
mSearch Bar = about:blank
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
mSearchURL = about:blank
mSearchAssistant = about:blank
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Realtime Monitor] c:\program files\ca\etrust antivirus\realmon.exe -s
mRun: [tgcmd] c:\program files\support.com\bin\tgcmd.exe /server /startmonitor /deaf
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe "
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe "
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mi699f~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi699f~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: aol.com\free
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - hxxp://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} - hxxps://accounting.quickbooks.com/c3/v15.585/qboax9.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122603998046
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189887554406
DPF: {7A7BA269-2D21-4B33-B60A-8510A1865D5F} - hxxp://public1.uploader.officelive.com/_layouts/1033/wh/ActiveX/MsnPUpld.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c3/v18.170/qboax10.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} - hxxps://accounting.quickbooks.com/c3/v13.087/qboax8.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.disneyphotopass.com/software/ImageUploader4.cab
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2003-5-5 24365]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2003-4-21 10901]
R1 GhPciScan;GhostPciScanner;c:\program files\symantec\norton ghost 2003\GhPciScan.sys [2002-8-14 5632]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\VCdRom.sys [2006-3-9 8576]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 SRUserService;IT Connection Manager;c:\program files\it connection manager\SRUserService.exe [2007-4-6 255336]
S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2003-5-29 106496]

============== File Associations ===============

scrfile= "%1" %*

=============== Created Last 30 ================

2009-05-09 23:44 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-09 22:54 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-05-09 22:50 <DIR> --d----- c:\windows\ERUNT
2009-05-08 18:54 <DIR> --d----- c:\documents and settings\zzzz\DoctorWeb
2009-05-07 22:53 <DIR> --d----- c:\program files\Trend Micro
2009-05-07 22:46 <DIR> --d----- C:\SDFix
2009-05-07 21:41 <DIR> --d----- c:\docume~1\zzzz\applic~1\Malwarebytes
2009-05-07 21:41 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-07 21:41 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-07 21:41 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-07 21:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-07 00:14 16,244 a------- c:\windows\system32\rrt_is.wav
2009-05-07 00:14 7,302 a------- c:\windows\system32\rrt_vf.wav
2009-05-07 00:14 7,148 a------- c:\windows\system32\rrt_tv.wav
2009-05-07 00:14 6,282 a------- c:\windows\system32\rrt_tn.wav
2009-04-29 16:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PopCap
2009-04-19 11:30 <DIR> --d----- c:\windows\system32\scripting
2009-04-19 11:30 <DIR> --d----- c:\windows\system32\en
2009-04-19 11:30 <DIR> --d----- c:\windows\system32\bits
2009-04-19 11:30 <DIR> --d----- c:\windows\l2schemas
2009-04-19 11:28 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-19 11:24 <DIR> --d----- c:\windows\EHome
2009-04-16 12:20 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 12:20 215,552 -------- c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-04-19 11:40 96,384 a------- c:\windows\system32\drivers\sptd4733.sys
2009-04-19 11:32 78,375 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-21 07:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 07:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-27 21:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 03:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 03:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-19 22:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll

============= FINISH: 12:11:07.56 ===============


Here is the Attach Log:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/28/2005 2:34:42 PM
System Uptime: 5/10/2009 9:06:10 AM (3 hours ago)

Motherboard: Dell Inc. | | 0X8582
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 146 GiB total, 40.558 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1260: 2/9/2009 6:55:21 PM - System Checkpoint
RP1261: 2/10/2009 7:16:37 PM - System Checkpoint
RP1262: 2/11/2009 6:41:57 PM - Software Distribution Service 3.0
RP1263: 2/12/2009 7:02:32 PM - System Checkpoint
RP1264: 2/13/2009 7:22:15 PM - System Checkpoint
RP1265: 2/23/2009 7:44:38 PM - System Checkpoint
RP1266: 2/24/2009 9:10:25 PM - System Checkpoint
RP1267: 2/25/2009 9:49:39 PM - System Checkpoint
RP1268: 2/26/2009 6:12:38 PM - Software Distribution Service 3.0
RP1269: 2/27/2009 7:40:55 PM - System Checkpoint
RP1270: 2/28/2009 8:12:39 PM - System Checkpoint
RP1271: 3/1/2009 9:15:53 PM - System Checkpoint
RP1272: 3/2/2009 9:44:38 PM - System Checkpoint
RP1273: 3/3/2009 10:38:59 PM - System Checkpoint
RP1274: 3/4/2009 10:49:03 PM - System Checkpoint
RP1275: 3/6/2009 10:00:41 AM - System Checkpoint
RP1276: 3/7/2009 10:44:03 AM - System Checkpoint
RP1277: 3/8/2009 11:41:51 AM - System Checkpoint
RP1278: 3/9/2009 1:02:48 PM - System Checkpoint
RP1279: 3/10/2009 1:31:13 PM - System Checkpoint
RP1280: 3/10/2009 9:54:50 PM - Software Distribution Service 3.0
RP1281: 3/12/2009 11:42:27 AM - System Checkpoint
RP1282: 3/13/2009 12:00:57 AM - Software Distribution Service 3.0
RP1283: 3/14/2009 9:56:46 AM - System Checkpoint
RP1284: 3/15/2009 11:36:01 AM - System Checkpoint
RP1285: 3/16/2009 1:48:16 PM - System Checkpoint
RP1286: 3/17/2009 2:00:51 PM - System Checkpoint
RP1287: 3/18/2009 2:43:16 PM - System Checkpoint
RP1288: 3/19/2009 3:18:44 PM - System Checkpoint
RP1289: 3/20/2009 3:34:13 PM - System Checkpoint
RP1290: 3/21/2009 3:43:57 PM - System Checkpoint
RP1291: 3/22/2009 4:09:14 PM - System Checkpoint
RP1292: 3/23/2009 5:55:48 PM - System Checkpoint
RP1293: 3/24/2009 6:51:07 PM - System Checkpoint
RP1294: 3/25/2009 7:14:52 PM - System Checkpoint
RP1295: 3/26/2009 7:42:32 PM - System Checkpoint
RP1296: 3/27/2009 7:42:49 PM - System Checkpoint
RP1297: 3/28/2009 8:14:23 PM - System Checkpoint
RP1298: 3/29/2009 8:20:33 PM - System Checkpoint
RP1299: 3/30/2009 9:11:54 PM - System Checkpoint
RP1300: 3/31/2009 9:14:09 PM - System Checkpoint
RP1301: 4/1/2009 9:49:26 PM - System Checkpoint
RP1302: 4/3/2009 11:34:37 AM - System Checkpoint
RP1303: 4/4/2009 12:20:31 PM - System Checkpoint
RP1304: 4/5/2009 1:08:12 PM - System Checkpoint
RP1305: 4/6/2009 1:30:15 PM - System Checkpoint
RP1306: 4/7/2009 1:43:35 PM - System Checkpoint
RP1307: 4/8/2009 1:53:26 PM - System Checkpoint
RP1308: 4/9/2009 1:55:08 PM - System Checkpoint
RP1309: 4/10/2009 2:25:19 PM - System Checkpoint
RP1310: 4/12/2009 7:17:59 PM - System Checkpoint
RP1311: 4/13/2009 7:37:36 PM - System Checkpoint
RP1312: 4/14/2009 8:37:11 PM - System Checkpoint
RP1313: 4/15/2009 8:56:07 PM - System Checkpoint
RP1314: 4/16/2009 8:37:53 PM - Software Distribution Service 3.0
RP1315: 4/17/2009 9:40:14 PM - System Checkpoint
RP1316: 4/18/2009 10:40:48 PM - System Checkpoint
RP1317: 4/19/2009 11:19:50 AM - Software Distribution Service 3.0
RP1318: 4/19/2009 11:53:55 AM - Software Distribution Service 3.0
RP1319: 4/20/2009 1:06:41 PM - System Checkpoint
RP1320: 4/21/2009 2:29:28 PM - System Checkpoint
RP1321: 4/22/2009 2:32:29 PM - System Checkpoint
RP1322: 4/23/2009 7:21:00 PM - System Checkpoint
RP1323: 4/24/2009 7:28:51 PM - System Checkpoint
RP1324: 4/25/2009 7:49:35 PM - System Checkpoint
RP1325: 4/26/2009 8:15:38 PM - System Checkpoint
RP1326: 4/27/2009 8:49:01 PM - System Checkpoint
RP1327: 4/28/2009 9:53:00 PM - System Checkpoint
RP1328: 4/29/2009 9:03:29 PM - Software Distribution Service 3.0
RP1329: 5/1/2009 1:05:23 PM - System Checkpoint
RP1330: 5/2/2009 1:46:40 PM - System Checkpoint
RP1331: 5/3/2009 2:09:09 PM - System Checkpoint
RP1332: 5/4/2009 3:07:52 PM - System Checkpoint
RP1333: 5/5/2009 4:33:10 PM - System Checkpoint
RP1334: 5/6/2009 6:16:02 PM - System Checkpoint
RP1335: 5/7/2009 6:43:31 PM - System Checkpoint
RP1336: 5/8/2009 6:27:08 PM - Removed SonicStage
RP1337: 5/9/2009 8:05:51 PM - System Checkpoint
RP1338: 5/9/2009 11:44:31 PM - Installed Java(TM) 6 Update 13
RP1339: 5/9/2009 11:59:44 PM - Removed Java(TM) 6 Update 7

==== Installed Programs ======================

Ad-Aware
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.7
Adobe Shockwave Player
Amazon MP3 Downloader 1.0.3
AOLIcon
Apple Software Update
ATI Control Panel
ATI Display Driver
AutoUpdate
Beginning Sounds
Blue's Kindergarten
Boggle Supreme from Hewlett-Packard Desktops (remove only)
Business Contact Manager for Outlook 2003
CA eTrust Antivirus
Camtasia Studio 3
Cardmod_x86 and MSITPintool
CDBurnerXP Pro 3
ClueFinders 6th Grade Adventures
Comcast High-Speed Internet Install Wizard
Conexant D850 56K V.9x DFVc Modem
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Printer Setup
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Support 3.1
Dell System Restore
Desktop Doctor
Digital Line Detect
Disney's Lilo & Stitch Trouble in Paradise
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DubIt
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Install Maker Pro
Intel Matrix Storage Manager
Intel(R) PRO Network Connections Software v9.2.4.11
Intel(R) PROSafe for Wired Connections
Internet Explorer Default Page
IT Connection Manager
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch
Java(TM) 6 Update 13
Kid Pix Deluxe 3
Learn2 Player (Uninstall Only)
Lernout & Hauspie TruVoice American English TTS Engine
Little Mermaid II
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microangelo On Display 6
Microangelo Toolset 6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Analyzer 3.5
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft MapPoint North America 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Premium
Microsoft Office 97, Professional Edition
Microsoft Office Access 2003 Developer Extensions
Microsoft Office Access 2003 Inside Out
Microsoft Office FrontPage 2003
Microsoft Office Live Image Uploader
Microsoft Office Live Meeting 2005
Microsoft Office Live Small Business Image Uploader
Microsoft Office OneNote 2003
Microsoft Office Online Beta Control
Microsoft Office Professional Edition 2003
Microsoft Office Visio Professional 2003
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Virtual PC 2004
Microsoft® Flash
Mini Nutcracker 2.0
Modem Helper
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
My HP Games
NetWaiting
NOMAD MuVo TX
Norton Ghost
OpenMG Secure Module 4.7.00
Outlook Express Quick Backup
Photo Click
PowerDVD 5.5
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SnagIt 8
Sonic Audio module
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SpongeBob SquarePants Typing
Spybot - Search & Destroy
Symantec pcAnywhere
Tweak UI
Unlocker 1.8.0
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
Virtual Earth 3D (Beta)
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
Xenu's Link Sleuth
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

==== Event Viewer Messages From Past Week ========

5/9/2009 11:21:12 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
5/9/2009 11:21:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/9/2009 11:20:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/9/2009 11:20:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments " " in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
5/7/2009 9:23:05 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/6/2009 7:09:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD awlegacy Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vmm
5/6/2009 7:09:04 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/6/2009 7:09:04 PM, error: Service Control Manager [7001] - The IT Connection Manager service depends on the TCP/IP NetBIOS Helper service which failed to start because of the following error: The dependency service or group failed to start.
5/6/2009 7:09:04 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/6/2009 7:09:04 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/6/2009 7:09:04 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/6/2009 7:08:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/6/2009 7:07:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/5/2009 11:21:14 PM, error: SCardSvr [610] - Smart Card Reader 'OMNIKEY AG Smart Card Reader USB 0' rejected IOCTL GET_STATE: The device has been removed.
5/4/2009 12:24:21 PM, error: DCOM [10000] - Unable to start a DCOM Server: {1AFCDC7D-C666-485B-8829-416FCFD77E17}. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Embedding

==== End Of File ===========================

 

Hi Broni,

Thanks for your time and assistance.

I did all that you requested and here are the results. Not much found from what I can tell.

--------------------------
SuperAntiSpyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/15/2009 at 09:02 PM

Application Version : 4.26.1002

Core Rules Database Version : 3896
Trace Rules Database Version: 1844

Scan type : Complete Scan
Total Scan Time : 01:44:40

Memory items scanned : 240
Memory threats detected : 0
Registry items scanned : 7860
Registry threats detected : 0
File items scanned : 130105
File threats detected : 637

Adware.Tracking Cookie
<<< I removed all the tracking cookies from this log>>>

Trojan.Downloader-Gen/Suspicious
C:\DOCUMENTS AND SETTINGS\ZZZZ\DESKTOP\FILES FOR WORK\MBR.EXE

Please note! The above is one of the utilities I had previously downloaded and put on my Desktop.

-------------------------------

Log from Malwarebytes:

Malwarebytes' Anti-Malware 1.36
Database version: 2139
Windows 5.1.2600 Service Pack 3

5/15/2009 9:49:57 PM
mbam-log-2009-05-15 (21-49-57).txt

Scan type: Quick Scan
Objects scanned: 174686
Time elapsed: 26 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



-----------------------------
Log file from GMER:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-16 08:59:19
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xF7446B3A]
SSDT sptd.sys ZwEnumerateKey [0xF7446C7E]
SSDT sptd.sys ZwEnumerateValueKey [0xF7446FF6]
SSDT sptd.sys ZwOpenKey [0xF7446A18]
SSDT sptd.sys ZwQueryKey [0xF74470C0]
SSDT sptd.sys ZwQueryValueKey [0xF7446F58]
SSDT sptd.sys ZwSetValueKey [0xF7447148]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB2671DF0]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTD4733.SYS The process cannot access the file because it is being used by another process.
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F625C4D0 16 Bytes [D3, A6, 15, C1, C8, BE, 26, ...]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 F625C4E1 31 Bytes [B0, 25, F6, D1, C4, B4, 39, ...]
? C:\WINDOWS\System32\Drivers\dtscsi.sys The process cannot access the file because it is being used by another process.

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7442A32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7442B6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7442AF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74436CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74435A2] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 871D2A40

AttachedDevice \FileSystem\Ntfs \Ntfs ino_flpy.sys (CA eTrust Antivirus/InoculateIT File System Mounting Filter Driver for Windows 2000/XP/2003/Vista/Computer Associates)

Device \FileSystem\Fastfat \FatCdrom 8671D0E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0849A94D-939C-4E45-A7EF-5961A44DD4DC} 8646C2E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 87185550
Device \Driver\Ftdisk \Device\HarddiskVolume2 87185550
Device \Driver\Cdrom \Device\CdRom0 8663DEB0
Device \FileSystem\Rdbss \Device\FsWrap 8654C500
Device \Driver\Cdrom \Device\CdRom1 8663DEB0
Device \Driver\iastor \Device\Ide\iaStor0 871D2EB0
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume3 87185550
Device \Driver\Cdrom \Device\CdRom2 8663DEB0
Device \Driver\NetBT \Device\NetBt_Wins_Export 8646C2E8
Device \Driver\NetBT \Device\NetbiosSmb 8646C2E8
Device \Driver\00000076 \Device\0000004e sptd.sys
Device \Driver\Disk \Device\Harddisk0\DR0 871D2C78
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86595E08
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86595E08
Device \FileSystem\Npfs \Device\NamedPipe 86494EB0
Device \Driver\Ftdisk \Device\FtControl 87185550
Device \FileSystem\Msfs \Device\Mailslot 8646D2C0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 86731EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 86731EB0
Device \FileSystem\Fastfat \Fat 8671D0E8

AttachedDevice \FileSystem\Fastfat \Fat ino_fltr.sys (CA eTrust Antivirus/InoculateIT File System Filter Driver for Windows 2000/XP/2003/Vista/Computer Associates)

Device \FileSystem\Cdfs \Cdfs 86316EB0
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 1879393946
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1584662339
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 207569675
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x96 0xF4 0x17 0xD8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFA 0xC2 0xF6 0x33 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0B 0x66 0xCA 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x96 0xF4 0x17 0xD8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFA 0xC2 0xF6 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0B 0x66 0xCA 0xF4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x96 0xF4 0x17 0xD8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFA 0xC2 0xF6 0x33 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0B 0x66 0xCA 0xF4 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\ProgID@ CrystalAnalysis.EditItems.2
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Programmable@
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\TypeLib@ {7298800F-B896-4B55-BFE7-A84EE621C9A7}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\VersionIndependentProgID@ CrystalAnalysis.EditItems

---- EOF - GMER 1.0.15 ----



------------------

HiJackThis Log file results in next post.

 

Here is the HiJackThisLog results:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:57 AM, on 5/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\IT Connection Manager\SRUserService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Realtime Monitor] C:\Program Files\CA\eTrust Antivirus\realmon.exe -s
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI699F~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI699F~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} - https://accounting.quickbooks.com/c3/v15.585/qboax9.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122603998046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1189887554406
O16 - DPF: {7A7BA269-2D21-4B33-B60A-8510A1865D5F} (IWS Photo Upload Tool) - http://public1.uploader.officelive.com/_layouts/1033/wh/ActiveX/MsnPUpld.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c3/v18.170/qboax10.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} - https://accounting.quickbooks.com/c3/v13.087/qboax8.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.disneyphotopass.com/software/ImageUploader4.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 9684 bytes

 

Thanks Broni,

Here is the log result:

GooredFix v1.92 by jpshortstuff
Log created at 13:29 on 16/05/2009 running Option #1 (ZZZZ)
Firefox version [Unable to determine]

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com "= "C:\Program Files\Java\jre6\lib\deploy\jqs\ff "

 

OK, here are the results from the ComboFix log:

------------------
ComboFix 09-05-16.04 - ZZZZ 05/16/2009 14:59.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.776 [GMT -7:00]
Running from: c:\tools-av\18719\18719.exe
AV: eTrust Antivirus *On-access scanning enabled* (Outdated) {33EA71EA-56CF-40B5-A06B-BD3A27397C33}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ZZZZ\Local Settings\Temporary Internet Files\temp.dmf
c:\documents and settings\ZZZZ\Local Settings\Temporary Internet Files\zap13.tmp
c:\documents and settings\ZZZZ\Local Settings\Temporary Internet Files\zap16.tmp
c:\documents and settings\ZZZZ\Local Settings\Temporary Internet Files\zap18.tmp
c:\documents and settings\ZZZZ\Local Settings\Temporary Internet Files\zap1A.tmp
c:\documents and settings\ZZZZ\Local Settings\Temporary Internet Files\zap1C.tmp
c:\documents and settings\ZZZZ\Local Settings\Temporary Internet Files\zap1E.tmp
c:\documents and settings\ZZZZ\Local Settings\Temporary Internet Files\zap1F5.tmp
c:\documents and settings\ZZZZ\Local Settings\Temporary Internet Files\zap1F9.tmp
c:\documents and settings\ZZZZ\Local Settings\Temporary Internet Files\zap1FB.tmp
c:\documents and settings\ZZZZ\Local Settings\Temporary Internet Files\zap20.tmp
c:\documents and settings\ZZZZ\Local Settings\Temporary Internet Files\zap22.tmp
c:\documents and settings\ZZZZ\Local Settings\Temporary Internet Files\zap24.tmp
c:\documents and settings\ZZZZ\Local Settings\Temporary Internet Files\zapF.tmp
c:\documents and settings\ZZZZ\Local Settings\Temporary Internet Files\temp.dmf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc107.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc128\April-May2007 054.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc128\Special.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc128\Vacation 005.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc128\Vacation 008.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc128\Halloween.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc128\JanMarch2007 127.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc128\JanMarch2007 167.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc128\JulyAugust42007 020.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc128\May-July2007 007.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc128\May-July2007 033.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc128\May-July2007 060.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc128\May-July2007 061.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc128\May-July2007 077.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc128\May-July2007 110.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc128\May-July2007 139.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc128\May-July2007 143.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc128\May-July2007 153.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc128\NovDec2007 014.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc128\NovDec2007 041.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc128\NovDec2007 047.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc128\NovDec2007 061.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc128\SeptOct2007 003.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc128\SeptOct2007 004.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc128\SeptOct2007 011.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc129.pdf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc130.pub
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc131.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc132.pub
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc133.pdf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc134.pdf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc135.pdf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc136.pdf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc137.txt
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc138\couch 001.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc138\couch 002.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc138\couch 003.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc138\couch 004.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc138\couch 005.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc138\couch 006.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc138\couch 007.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc138\couch 008.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc138\couch 009.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc138\couch 010.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc138\couch 011.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\bot-dnk.ocm
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\ekb\00000002.ekb
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\ekb\00010001.ekb
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\ekb\00010002.ekb
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\ekb\0001000A.ekb
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\hdd-dnk.ocm
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\init2.ocm
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\maclist1.dat
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\maclist2.dat
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\omglog.txt
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\0D\010F510070000000000000002500000000012F0D.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\0D\010F510070000000000000002500000000012F0D.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\22\010F510070000000000000002500000000221122.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\22\010F510070000000000000002500000000221122.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\2A\010F510070000000000000002500000000485E2A.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\2A\010F510070000000000000002500000000485E2A.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\2E\010F510070000000000000002500000000485E2E.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\2E\010F510070000000000000002500000000485E2E.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\30\010F510070000000000000002500000000485E30.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\30\010F510070000000000000002500000000485E30.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\31\010F510070000000000000002500000000439E31.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\31\010F510070000000000000002500000000439E31.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\35\010F5100700000000000000025000000006A2F35.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\35\010F5100700000000000000025000000006A2F35.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\41\010F510070000000000000002500000000006841.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\41\010F510070000000000000002500000000006841.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\43\010F510070000000000000002500000000255743.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\43\010F510070000000000000002500000000255743.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\43\010F51007000000000000000250000000049DF43.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\43\010F51007000000000000000250000000049DF43.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\47\010F5100700000000000000025000000004F5847.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\47\010F5100700000000000000025000000004F5847.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\4B\010F510070000000000000002500000000674B4B.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\4B\010F510070000000000000002500000000674B4B.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\4C\010F51007000000000000000250000000044554C.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\4C\010F51007000000000000000250000000044554C.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\4F\010F5100700000000000000025000000007BB44F.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\4F\010F5100700000000000000025000000007BB44F.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\53\010F51007000000000000000250000000008EB53.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\53\010F51007000000000000000250000000008EB53.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\58\010F51007000000000000000250000000000E258.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\58\010F51007000000000000000250000000000E258.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\5B\010F510070000000000000002500000000450B5B.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\5B\010F510070000000000000002500000000450B5B.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\63\010F510070000000000000002500000000450B63.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\63\010F510070000000000000002500000000450B63.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\64\010F510070000000000000002500000000221A64.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\64\010F510070000000000000002500000000221A64.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\6D\010F5100700000000000000025000000002DD16D.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\6D\010F5100700000000000000025000000002DD16D.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\7D\010F5100700000000000000025000000007EF67D.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\7D\010F5100700000000000000025000000007EF67D.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\80\010F5100700000000000000025000000002EA680.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\80\010F5100700000000000000025000000002EA680.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\89\010F5100700000000000000025000000003E6189.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\89\010F5100700000000000000025000000003E6189.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\9E\010F51007000000000000000250000000041F39E.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\9E\010F51007000000000000000250000000041F39E.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\A6\010F5100700000000000000025000000003DD8A6.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\A6\010F5100700000000000000025000000003DD8A6.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\AB\010F5100700000000000000025000000003DE4AB.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\AB\010F5100700000000000000025000000003DE4AB.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\AB\010F5100700000000000000025000000004168AB.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\AB\010F5100700000000000000025000000004168AB.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\B3\010F5100700000000000000025000000004DD0B3.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\B3\010F5100700000000000000025000000004DD0B3.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\B5\010F51007000000000000000250000000007D2B5.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\B5\010F51007000000000000000250000000007D2B5.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\B9\010F5100700000000000000025000000004287B9.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\B9\010F5100700000000000000025000000004287B9.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\BA\010F5100700000000000000025000000002219BA.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\BA\010F5100700000000000000025000000002219BA.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\BD\010F51007000000000000000250000000000EBBD.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\BD\010F51007000000000000000250000000000EBBD.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\D5\010F510070000000000000002500000000218BD5.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\D5\010F510070000000000000002500000000218BD5.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\device.sal
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\E1\010F51007000000000000000250000000000EBE1.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\E1\010F51007000000000000000250000000000EBE1.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\EA\010F5100700000000000000025000000004884EA.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\EA\010F5100700000000000000025000000004884EA.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\F5\010F510070000000000000002500000000220EF5.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\F5\010F510070000000000000002500000000220EF5.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\F8\010F51007000000000000000250000000024DFF8.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\F8\010F51007000000000000000250000000024DFF8.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\FC\010F5100700000000000000025000000002EBAFC.l3l
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\FC\010F5100700000000000000025000000002EBAFC.opf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\service\250000\certC.dat
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\service\250000\certS.dat
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\service\250000\dnk.dat
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\service\250000\sdata.dat
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\service\250001\certC.dat
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\service\250001\certS.dat
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\service\250001\dnk.dat
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\procfile\service\250001\sdata.dat
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\regsvr32.exe
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc160\umd-dnk.ocm
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc161\CdWalkman\CDRFormatter.log
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc161\CdWalkman\CdWalkman.log
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc161\FrankPACAPI.log
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc161\HiMDPACAPI.log
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc161\MscCommonps.dll
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc161\MsProPACAPI.log
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc162\StopMusicServer.exe
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc171.zip
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc192.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc193.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc195.url
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc196.url
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc197.url
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc198.url
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc199.url
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc200\SsEnvCheck\InstCheckTools\CheckComponentRegister.exe
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc200\SsEnvCheck\InstCheckTools\GetOmgInfo.exe
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc200\SsEnvCheck\InstCheckTools\Info.csv
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc200\SsEnvCheck\InstCheckTools\InstCheck_E.js
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc200\SsEnvCheck\Log-4.0.00.05080-20080219-095616\EnvCheck-4.0.00.05080-20080219-095616.csv
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc200\SsEnvCheck\Log-4.0.00.05080-20080219-095616\OpenMG\CheckComponentRegister.log
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc200\SsEnvCheck\Log-4.0.00.05080-20080219-095616\OpenMG\InstChecklog.txt
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc200\SsEnvCheck\Log-4.0.00.05080-20080219-095616\soniclauc\install.log
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc200\SsEnvCheck\Log-4.0.00.05080-20080219-095616\soniclauc\setup.iss
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc200\SsEnvCheck\Log-4.0.00.05080-20080219-095616\soniclauc\SetupSS.ini
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc200\SsEnvCheck\Log-4.0.00.05080-20080219-095616\SsInstall\Addon.log
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc200\SsEnvCheck\Log-4.0.00.05080-20080219-095616\SsInstall\SonicStage.log
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc200\SsEnvCheck\Log-4.0.00.05080-20080219-095616\SsInstall\ss-3.1-aftercare.log
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc200\SsEnvCheck\Log-4.0.00.05080-20080219-095616\SystemInformation.txt
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc200\SsEnvCheck\Log-4.0.00.zip
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc200\SsEnvCheck\Setting.ini
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc200\SsEnvCheck\SsEnvCheck.exe
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc200\SsEnvCheck\SsEnvCheckRes.dll
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc201.ptm
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc202.lnk
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc223.url
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc224.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc225.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc23.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc247.lnk
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc248.lnk
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc249.mp3
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc250.mp3
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc251.mp3
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc252.mp3
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc253.mp3
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc254.mp3
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc255.mp3
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc256.wma
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc257.mp3
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc258.mp3
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc259.mp3
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc260.mp3
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc261.mp3
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc281.wma
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc288.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc289.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc290.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc291.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc293.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc294.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc295.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc296.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc297.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc298.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc299.pub
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc300.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc301.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc302.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc303.xls
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc304.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc305.pdf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc306.ptm
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc307.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc308.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc309.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc310.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc311.pub
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc312.pub
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc313.pub
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc314.pdf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc315.ptm
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc316.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc317.pub
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc318.pub
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc358.pdf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc359.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc360\Broker Registration.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc360\CarPreshipCheckListTemp.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc360\Comcast Internet Order Form.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc360\Expense Report forZZZZ ZZZZZZ.doc.xls
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc360\Graebel Movers.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc360\Homeowner PDF 2007 (1).doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc360\Homeowner PDF 2007 for ZZZZ ZZZZZZ.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc360\Move Tips.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc360\MoveManagementContactInfo.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc360\Moving Date Confirmation.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc361.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc362.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc364.pdf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc366.lnk
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc367.lnk
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc387.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc388.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc389.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc390.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc411.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc412.txt
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc413.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc414.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc415.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc416.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc417.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc418.lnk
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc44.JPG
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc45.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc46.zip
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc48.zip
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc49.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc50.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc51.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc52.jpg
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc53.pdf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc54.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc55.pub
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc56.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc57.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc59.url
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc60.url
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc61.url
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc62.url
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc63.url
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc64.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc65.doc
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\Dc66.pdf
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1006\INFO2
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1010\Dc1.lnk
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1010\Dc2.lnk
c:\recycler\S-1-5-21-2948430612-2164995314-1287871972-1010\INFO2
c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.

2009-05-16 21:10 . 2009-05-16 21:47 -------- d-----w C:\Tools-AV
2009-05-16 02:07 . 2009-05-16 02:07 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-16 02:07 . 2009-05-16 02:07 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-16 02:07 . 2009-05-16 02:07 -------- d-----w c:\documents and settings\ZZZZ\Application Data\SUPERAntiSpyware.com
2009-05-10 06:44 . 2009-05-10 06:44 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-10 05:54 . 2009-05-10 05:54 578560 ----a-w c:\windows\system32\dllcache\user32.dll
2009-05-10 05:50 . 2009-05-10 05:50 -------- d-----w c:\windows\ERUNT
2009-05-09 01:54 . 2009-05-09 03:43 -------- d-----w c:\documents and settings\ZZZZ\DoctorWeb
2009-05-08 05:53 . 2009-05-08 05:53 -------- d-----w c:\program files\Trend Micro
2009-05-08 05:46 . 2009-05-10 06:13 -------- d-----w C:\SDFix
2009-05-08 04:41 . 2009-05-08 04:41 -------- d-----w c:\documents and settings\ZZZZ\Application Data\Malwarebytes
2009-05-08 04:41 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-08 04:41 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-08 04:41 . 2009-05-08 04:41 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-08 04:41 . 2009-05-08 05:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-02 17:58 . 2009-05-02 18:01 -------- d-----w c:\documents and settings\ZZZZ\Application Data\U3
2009-04-29 23:22 . 2009-04-29 23:22 -------- d-----w c:\documents and settings\All Users\Application Data\PopCap
2009-04-19 18:30 . 2009-04-19 18:30 -------- d-----w c:\windows\system32\scripting
2009-04-19 18:30 . 2009-04-19 18:30 -------- d-----w c:\windows\l2schemas
2009-04-19 18:30 . 2009-04-19 18:30 -------- d-----w c:\windows\system32\en
2009-04-19 18:30 . 2009-04-19 18:30 -------- d-----w c:\windows\system32\bits
2009-04-19 18:28 . 2009-04-19 18:30 -------- d-----w c:\windows\ServicePackFiles
2009-04-19 18:24 . 2009-04-19 18:24 -------- d-----w c:\windows\EHome

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 02:06 . 2006-02-15 05:09 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-10 06:44 . 2005-07-21 19:03 -------- d-----w c:\program files\Java
2009-05-07 01:36 . 2005-07-29 03:45 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-06 22:35 . 2005-07-28 22:52 80520 ----a-w c:\documents and settings\ZZZZ\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-27 02:01 . 2005-07-29 02:21 80520 ----a-w c:\documents and settings\ZZZZ\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-19 18:40 . 2006-03-11 02:52 96384 ----a-w c:\windows\system32\drivers\sptd4733.sys
2009-03-25 00:22 . 2008-03-23 01:52 14 ----a-w c:\windows\popcinfo.dat
2009-03-06 14:22 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-10 17:51 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-10 17:51 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Realtime Monitor "= "c:\program files\CA\eTrust Antivirus\realmon.exe" [2004-04-07 504080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tgcmd "= "c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"Zune Launcher "= "c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-05-10 148888]
"SigmatelSysTrayApp "= "stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-7-21 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive "= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive "= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-05-29 18:00 8704 ----a-w c:\windows\system32\PCANotify.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave "= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Symantec\\pcAnywhere\\Winaw32.exe "=
"c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe "=
"c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009

R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [8/14/2002 3:11 PM 5632]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 2:22 PM 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
S1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\VCdRom.sys [3/9/2006 7:53 PM 8576]
S2 SRUserService;IT Connection Manager;c:\program files\IT Connection Manager\SRUserService.exe [4/6/2007 2:44 PM 255336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 2:22 PM 7408]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
------- Supplementary Scan -------
.
mWindow Title = Windows Internet Explorer provided by Comcast
mSearch Bar = about:blank
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
mSearchURL = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MI699F~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
DPF: {7A7BA269-2D21-4B33-B60A-8510A1865D5F} - hxxp://public1.uploader.officelive.com/_layouts/1033/wh/ActiveX/MsnPUpld.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-16 15:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(844)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-05-16 15:08
ComboFix-quarantined-files.txt 2009-05-16 22:08

Pre-Run: 45,943,582,720 bytes free
Post-Run: 46,765,350,912 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

448 --- E O F --- 2009-05-15 01:45

 

Hi Broni,

Apologies for forgetting to post the fresh HiJack log.

Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:33:25 PM, on 5/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\IT Connection Manager\SRUserService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\eTrust Antivirus\realmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Realtime Monitor] C:\Program Files\CA\eTrust Antivirus\realmon.exe -s
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI699F~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI699F~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.microsoftprime.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} - https://accounting.quickbooks.com/c3/v15.585/qboax9.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122603998046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1189887554406
O16 - DPF: {7A7BA269-2D21-4B33-B60A-8510A1865D5F} (IWS Photo Upload Tool) - http://public1.uploader.officelive.com/_layouts/1033/wh/ActiveX/MsnPUpld.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c3/v18.170/qboax10.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} - https://accounting.quickbooks.com/c3/v13.087/qboax8.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.disneyphotopass.com/software/ImageUploader4.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: A80119B4B1DA090AF43F1A43B51E8CCA - Unknown owner - cmd /k start /i "/dC:" "C:\18719\HIDEC.exe" "C:\WINDOWS\system32\CF18850.exe" /c RD /S/Q \$RECYCLE.bin \RECYCLER \RECYCLED (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 9835 bytes

 

Hi Broni,

I am unable to upload this file to the site:

- sptd4733.sys file, located at c:\windows\system32\drivers

I just get this:

0 bytes size received / Se ha recibido un archivo vacio


I was able to upload this file:

- popcinfo.dat file, located at c:\windows

Looks clean (I think). Here is the result:

File popcinfo.dat received on 05.17.2009 22:25:22 (CET)
Current status: finished


Result: 0/40 (0%)

Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.05.17 -
AhnLab-V3 5.0.0.2 2009.05.16 -
AntiVir 7.9.0.168 2009.05.17 -
Antiy-AVL 2.0.3.1 2009.05.15 -
Authentium 5.1.2.4 2009.05.17 -
Avast 4.8.1335.0 2009.05.16 -
AVG 8.5.0.336 2009.05.17 -
BitDefender 7.2 2009.05.17 -
CAT-QuickHeal 10.00 2009.05.15 -
ClamAV 0.94.1 2009.05.16 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.17 -
eSafe 7.0.17.0 2009.05.17 -
eTrust-Vet 31.6.6508 2009.05.16 -
F-Prot 4.4.4.56 2009.05.17 -
F-Secure 8.0.14470.0 2009.05.16 -
Fortinet 3.117.0.0 2009.05.17 -
GData 19 2009.05.17 -
Ikarus T3.1.1.49.0 2009.05.17 -
K7AntiVirus 7.10.737 2009.05.16 -
Kaspersky 7.0.0.125 2009.05.17 -
McAfee 5618 2009.05.17 -
McAfee+Artemis 5618 2009.05.17 -
McAfee-GW-Edition 6.7.6 2009.05.17 -
Microsoft 1.4602 2009.05.17 -
NOD32 4081 2009.05.17 -
Norman 6.01.05 2009.05.16 -
nProtect 2009.1.8.0 2009.05.17 -
Panda 10.0.0.14 2009.05.17 -
PCTools 4.4.2.0 2009.05.17 -
Prevx 3.0 2009.05.17 -
Rising 21.29.62.00 2009.05.17 -
Sophos 4.41.0 2009.05.17 -
Sunbelt 3.2.1858.2 2009.05.17 -
Symantec 1.4.4.12 2009.05.17 -
TheHacker 6.3.4.1.326 2009.05.17 -
TrendMicro 8.950.0.1092 2009.05.15 -
VBA32 3.12.10.5 2009.05.17 -
ViRobot 2009.5.15.1737 2009.05.15 -
VirusBuster 4.6.5.0 2009.05.17 -

File size: 14 bytes
MD5...: eadd2cc8443b7b45278775d08674fcfb
SHA1..: 1b4b3c94f39d9f5a1cb9365cb59a9a1a698d715f
SHA256: 51de3d68ea2eda51e5e52c620aaf3160a212d84e7e2224966951be3763bcf7f3
SHA512: 245a443e0009881eb68cd2b4bcac15627ec28d74a969105b3f5d4eb179f3b149
fd74fa226b2ed9852b7bf66b83a369e2a535ed04c17e3b2f6c1ee18cc4d7d449
ssdeep: 3:3oZAl:iAl

PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

 

Hi Broni,

Still no go with that file:

SystemLook v1.0 by jpshortstuff (24.04.09)
Log created at 17:16 on 17/05/2009 by ZZZZ (Administrator - Elevation successful)

========== file ==========

c:\windows\system32\drivers\sptd4733.sys - Unable to find/read file.

-=End Of File=-

 

Broni,

I tried to make a copy of that file to my Desktop using Windows Explorer, but I get an error that the file is in use.

I then went into Safe Mode with Command Prompt and executed an XCOPY command to try and make a copy of that file for uploading/analysis. I got this error on the XCOPY command:

Sharing violation.

Rats!!

What's interesting is that I have a file of similar name right next to it:
sptd.sys The size is 628 KB and Date Modified is 3/10/2006
Here is the same information for the other file:
sptd4733.sys The size is 95 KB and Date Modified is 4/19/2009

That seems a little odd based on the very recent date.

 

Hi Broni,

I followed your instructions with ComboFix. I went into Safe Mode with networking and used our previous technique for downloading and launching ComboFix. I dragged the text file into the EXE. The program launched, deleted that file and a couple of other files. It produced a Text file at the end. I closed the text file and restarted back into Safe Mode. No issues there so I rebooted back into regular mode.

I still have the issue about this error message coming up each time I boot the machine:

"Windows cannot find C:\18719\HIDEC.exe. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search. "

Nothing appeared to be odd so I restarted one more time just to check. Again, no major issues that I could see other than the above error which we already know about.

However, I decided to fire up my Microsoft Outlook 2003. I quickly saw this error message:

Microsoft Business Contact Manager
There was a problem connecting to the database engine. To try again, please click Retry. If problem persists, check Help.
Retry Cancel Help

I've never, ever, ever, ever, ever seen that error message before and I've been using the program for years. I don't use that particular feature of Outlook, but it comes up every time I use the program now. I still appear to be able to receive messages (I sent a test message to myself).
Very odd.

Here is the new ComboFix log:
-----------------------------

ComboFix 09-05-17.03 - ZZZZ 05/17/2009 21:18.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.786 [GMT -7:00]
Running from: c:\tools-av\16274\16274.exe
Command switches used :: c:\tools-av\16274\CFScript.txt
AV: eTrust Antivirus *On-access scanning enabled* (Outdated) {33EA71EA-56CF-40B5-A06B-BD3A27397C33}

FILE ::
c:\windows\System32\drivers\sptd4733.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\drivers\sptd4733.sys
c:\windows\system32\mfc70.dll
c:\windows\system32\mfc71.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
.

2009-05-16 21:50 . 2009-05-16 22:08 -------- d-----w C:\18719
2009-05-16 21:10 . 2009-05-18 04:14 -------- d-----w C:\Tools-AV
2009-05-16 02:07 . 2009-05-16 02:07 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-16 02:07 . 2009-05-16 02:07 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-16 02:07 . 2009-05-16 02:07 -------- d-----w c:\documents and settings\ZZZZ\Application Data\SUPERAntiSpyware.com
2009-05-10 06:44 . 2009-05-10 06:44 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-10 05:54 . 2009-05-10 05:54 578560 ----a-w c:\windows\system32\dllcache\user32.dll
2009-05-10 05:50 . 2009-05-10 05:50 -------- d-----w c:\windows\ERUNT
2009-05-09 01:54 . 2009-05-09 03:43 -------- d-----w c:\documents and settings\ZZZZ\DoctorWeb
2009-05-08 05:53 . 2009-05-08 05:53 -------- d-----w c:\program files\Trend Micro
2009-05-08 05:46 . 2009-05-10 06:13 -------- d-----w C:\SDFix
2009-05-08 04:41 . 2009-05-08 04:41 -------- d-----w c:\documents and settings\ZZZZ\Application Data\Malwarebytes
2009-05-08 04:41 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-08 04:41 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-08 04:41 . 2009-05-08 04:41 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-08 04:41 . 2009-05-08 05:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-02 17:58 . 2009-05-02 18:01 -------- d-----w c:\documents and settings\ZZZZ\Application Data\U3
2009-04-29 23:22 . 2009-04-29 23:22 -------- d-----w c:\documents and settings\All Users\Application Data\PopCap
2009-04-19 18:30 . 2009-04-19 18:30 -------- d-----w c:\windows\system32\scripting
2009-04-19 18:30 . 2009-04-19 18:30 -------- d-----w c:\windows\l2schemas
2009-04-19 18:30 . 2009-04-19 18:30 -------- d-----w c:\windows\system32\en
2009-04-19 18:30 . 2009-04-19 18:30 -------- d-----w c:\windows\system32\bits
2009-04-19 18:28 . 2009-04-19 18:30 -------- d-----w c:\windows\ServicePackFiles
2009-04-19 18:24 . 2009-04-19 18:24 -------- d-----w c:\windows\EHome

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 02:06 . 2006-02-15 05:09 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-10 06:44 . 2005-07-21 19:03 -------- d-----w c:\program files\Java
2009-05-07 01:36 . 2005-07-29 03:45 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-06 22:35 . 2005-07-28 22:52 80520 ----a-w c:\documents and settings\ZZZZ\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-27 02:01 . 2005-07-29 02:21 80520 ----a-w c:\documents and settings\ZZZZ\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-25 00:22 . 2008-03-23 01:52 14 ----a-w c:\windows\popcinfo.dat
2009-03-06 14:22 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-10 17:51 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-10 17:51 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Realtime Monitor "= "c:\program files\CA\eTrust Antivirus\realmon.exe" [2004-04-07 504080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tgcmd "= "c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"Zune Launcher "= "c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-05-10 148888]
"SigmatelSysTrayApp "= "stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-7-21 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive "= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive "= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-05-29 18:00 8704 ----a-w c:\windows\system32\PCANotify.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave "= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Symantec\\pcAnywhere\\Winaw32.exe "=
"c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe "=
"c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009

R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [8/14/2002 3:11 PM 5632]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 2:22 PM 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
S1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\VCdRom.sys [3/9/2006 7:53 PM 8576]
S2 A80119B4B1DA090AF43F1A43B51E8CCA;A80119B4B1DA090AF43F1A43B51E8CCA;cmd /k start /i "/dC:" "c:\18719\HIDEC.exe" "c:\windows\system32\CF18850.exe" /c RD /S/Q \$RECYCLE.bin \RECYCLER \RECYCLED --> cmd [?]
S2 SRUserService;IT Connection Manager;c:\program files\IT Connection Manager\SRUserService.exe [4/6/2007 2:44 PM 255336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 2:22 PM 7408]
.
.
------- Supplementary Scan -------
.
mWindow Title = Windows Internet Explorer provided by Comcast
mSearch Bar = about:blank
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
mSearchURL = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MI699F~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
DPF: {7A7BA269-2D21-4B33-B60A-8510A1865D5F} - hxxp://public1.uploader.officelive.com/_layouts/1033/wh/ActiveX/MsnPUpld.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 21:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\A80119B4B1DA090AF43F1A43B51E8CCA]
"ImagePath "= "cmd /k start /i \ "/d%systemdrive%\" \ "c:\18719\HIDEC.exe\" \ "c:\windows\system32\CF18850.exe\" /c RD /S/Q \$RECYCLE.bin \RECYCLER \RECYCLED "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-05-18 21:24
ComboFix-quarantined-files.txt 2009-05-18 04:24
ComboFix2.txt 2009-05-16 22:08

Pre-Run: 46,680,670,208 bytes free
Post-Run: 46,679,994,368 bytes free

146 --- E O F --- 2009-05-15 01:45




Here is the new Hijack Log:
-------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:56 PM, on 5/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\eTrust Antivirus\realmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\IT Connection Manager\SRUserService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Realtime Monitor] C:\Program Files\CA\eTrust Antivirus\realmon.exe -s
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI699F~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI699F~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} - https://accounting.quickbooks.com/c3/v15.585/qboax9.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122603998046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1189887554406
O16 - DPF: {7A7BA269-2D21-4B33-B60A-8510A1865D5F} (IWS Photo Upload Tool) - http://public1.uploader.officelive.com/_layouts/1033/wh/ActiveX/MsnPUpld.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c3/v18.170/qboax10.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} - https://accounting.quickbooks.com/c3/v13.087/qboax8.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.disneyphotopass.com/software/ImageUploader4.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: A80119B4B1DA090AF43F1A43B51E8CCA - Unknown owner - cmd /k start /i "/dC:" "C:\18719\HIDEC.exe" "C:\WINDOWS\system32\CF18850.exe" /c RD /S/Q \$RECYCLE.bin \RECYCLER \RECYCLED (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 9716 bytes

 

I don't think it dequarantied the files - at least it didn't appear to be that way from the logs from Combo Fix.

I still see the same error with the Business Contact Manager in Outlook after reboot.

You asked for a new HiJack log. Here it is:
-------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:09 PM, on 5/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\eTrust Antivirus\realmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\IT Connection Manager\SRUserService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Realtime Monitor] C:\Program Files\CA\eTrust Antivirus\realmon.exe -s
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI699F~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI699F~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} - https://accounting.quickbooks.com/c3/v15.585/qboax9.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122603998046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1189887554406
O16 - DPF: {7A7BA269-2D21-4B33-B60A-8510A1865D5F} (IWS Photo Upload Tool) - http://public1.uploader.officelive.com/_layouts/1033/wh/ActiveX/MsnPUpld.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c3/v18.170/qboax10.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} - https://accounting.quickbooks.com/c3/v13.087/qboax8.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.disneyphotopass.com/software/ImageUploader4.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: A80119B4B1DA090AF43F1A43B51E8CCA - Unknown owner - cmd /k start /i "/dC:" "C:\18719\HIDEC.exe" "C:\WINDOWS\system32\CF18850.exe" /c RD /S/Q \$RECYCLE.bin \RECYCLER \RECYCLED (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 9706 bytes