There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
acer black screen boot computer connection crash css dell display driver drivers email error ethernet excel explorer firefox firefox 3 game hard drive internet internet explorer itunes laptop lcd linux malware monitor network networking nvidia outlook outlook 2003 outlook express partition password printer problem router slow software sound trojan usb video virus vista windows windows xp wireless
Malware Removal & HijackThis Logs
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
delete help with winpcdoctor


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

Closed Thread
Page 7 of 15 « First < 456 7 8910 > Last »
 
Thread Tools
beenthere7659's Avatar
Computer Specs
Senior Member with 128 posts.
  
Join Date: Mar 2008
Location: near Sacramento, California
Experience: Intermediate
14-Apr-2008, 08:56 PM #91
Installing MSN toolbar
Went to kb/315346
Renamed a bunch of files as directed
Appeared to install latest Windows Installer

Rebooted
Attempted to download toolbar and got what appears to be the same message. See screenshot.

I'll go on to uninstall combofix as directed.
Attached Thumbnails
delete-help-winpcdoctor-attempting-install-msn-toolbar-4  
beenthere7659's Avatar
Computer Specs
Senior Member with 128 posts.
  
Join Date: Mar 2008
Location: near Sacramento, California
Experience: Intermediate
14-Apr-2008, 09:12 PM #92
uninstalling combofix
Followed instructions and got a note that combofix had expired. See screenshot
Ran a search for combofix and got (screenshot)
Followed previous uninstall instructions a 2nd time and Windows could not find combofix.
Attached Thumbnails
delete-help-winpcdoctor-attempting-uninstall-combofix-4-14  delete-help-winpcdoctor-search-combofix-4-14-08  
Cookiegal's Avatar
Administrator with 54,818 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
15-Apr-2008, 01:37 PM #93
Go ahead and download a new copy of ComboFix please and run the scan.
beenthere7659's Avatar
Computer Specs
Senior Member with 128 posts.
  
Join Date: Mar 2008
Location: near Sacramento, California
Experience: Intermediate
15-Apr-2008, 02:59 PM #94
Combofix log 4-15-08 noon
ComboFix 08-04-14.2 - Ben Gilmore 2008-04-15 11:41:30.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.251 [GMT -7:00]
Running from: C:\Documents and Settings\Ben Gilmore\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-13 10:37 . 2008-04-13 10:37 80,481,722 --a------ C:\registrybackup.reg
2008-04-12 13:49 . 2008-04-12 13:49 <DIR> d-------- C:\Program Files\MSECache
2008-04-08 09:51 . 2008-04-08 09:51 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-08 09:51 . 2008-04-08 09:51 <DIR> d-------- C:\Documents and Settings\Ben Gilmore\Application Data\Malwarebytes
2008-04-08 09:51 . 2008-04-08 09:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-06 11:55 . 2008-04-06 11:55 3,122 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-04-06 11:54 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2008-04-06 11:54 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2008-04-06 11:54 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe
2008-04-06 11:54 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
2008-04-06 11:54 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2008-04-06 11:54 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2008-04-06 11:54 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2008-04-05 10:06 . 2008-04-05 10:06 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-05 10:06 . 2008-04-15 08:00 <DIR> d-------- C:\Documents and Settings\Ben Gilmore\Application Data\AVG7
2008-04-05 10:05 . 2008-04-05 10:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-05 10:05 . 2008-04-05 12:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-02 08:55 . 2008-04-14 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-02 08:15 . 2008-04-02 08:16 <DIR> d-------- C:\Program Files\USS
2008-04-02 08:15 . 2006-11-09 14:48 11,776 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wasfsd.sys
2008-03-31 16:22 . 2008-03-31 16:22 <DIR> d-------- C:\Program Files\Computer stuff
2008-03-31 15:56 . 2008-03-31 15:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-29 15:07 . 2008-03-29 15:07 <DIR> d-------- C:\Documents and Settings\Ben Gilmore\Application Data\Uniblue
2008-03-28 20:36 . 2008-03-28 20:36 <DIR> d-------- C:\Program Files\Common Files\InternetAnonymizer
2008-03-28 20:36 . 2008-03-28 20:36 <DIR> d-------- C:\Documents and Settings\Ben Gilmore\Application Data\InternetAnonymizer
2008-03-28 20:36 . 2008-03-28 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InternetAnonymizer
2008-03-19 17:26 . 2008-03-19 17:27 <DIR> d-------- C:\Program Files\The Weather Channel FW

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 21:24 --------- d-----w C:\Program Files\ACT
2008-03-31 23:24 14,265 ----a-w C:\Program Files\3-31-08 4-24pm hijackthis.log
2008-03-28 18:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-22 07:04 --------- d-----w C:\Documents and Settings\Ben Gilmore\Application Data\TheScruffs
2008-02-22 02:42 --------- d-----w C:\Program Files\MSN Games
2008-02-17 07:36 104,768 ----a-w C:\Documents and Settings\Ben Gilmore\Application Data\GDIPFONTCACHEV1.DAT
2008-02-16 20:13 --------- d-----w C:\Program Files\Microsoft Small Business
2008-02-16 20:07 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-02-16 20:03 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-16 20:02 --------- d-----w C:\Program Files\MSXML 6.0
2008-02-16 19:15 --------- d-----w C:\Program Files\Microsoft Silverlight
2006-05-17 20:21 630,784 ------w C:\Documents and Settings\Ben Gilmore\chatlnk.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-01_15.22.42.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-15 16:41:06 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
- 2000-08-31 15:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 15:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 15:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2008-03-12 10:06:05 2,560 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2000-08-31 15:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2005-12-21 17:23:51 2,684 ------w C:\WINDOWS\SoftwareDistribution\EventCache\{1D551155-A0EC-41CC-A7AF-D8287256948C}.bin
+ 2000-08-31 15:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 15:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 15:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2004-08-04 11:00:00 2,000 ------w C:\WINDOWS\SYSTEM\KEYBOARD.DRV
+ 2004-08-04 11:00:00 2,032 ------w C:\WINDOWS\SYSTEM\MOUSE.DRV
+ 2004-08-04 11:00:00 1,744 ------w C:\WINDOWS\SYSTEM\SOUND.DRV
+ 2004-08-04 11:00:00 2,176 ------w C:\WINDOWS\SYSTEM\VGA.DRV
+ 2004-08-12 13:56:48 1,788 ------w C:\WINDOWS\SYSTEM32\Dcache.bin
+ 2004-11-16 09:05:00 2,239 ------w C:\WINDOWS\SYSTEM32\dla\tfsndres.sys
+ 2004-08-12 13:58:39 2,000 -c----w C:\WINDOWS\SYSTEM32\DLLCACHE\keyboard.drv
+ 2004-08-12 13:59:09 2,560 -c----w C:\WINDOWS\SYSTEM32\DLLCACHE\lz32.dll
+ 2004-08-12 14:00:01 2,032 -c----w C:\WINDOWS\SYSTEM32\DLLCACHE\mouse.drv
+ 2004-08-12 14:02:43 2,944 -c----w C:\WINDOWS\SYSTEM32\DLLCACHE\null.sys
+ 2004-08-12 14:05:57 1,744 -c----w C:\WINDOWS\SYSTEM32\DLLCACHE\sound.drv
+ 2004-08-12 14:08:22 2,176 -c----w C:\WINDOWS\SYSTEM32\DLLCACHE\vga.drv
+ 2004-08-12 14:09:38 2,864 -c----w C:\WINDOWS\SYSTEM32\DLLCACHE\winsock.dll
+ 2004-08-12 14:09:39 2,112 -c----w C:\WINDOWS\SYSTEM32\DLLCACHE\winspool.exe
+ 2004-08-12 14:10:22 2,736 -c----w C:\WINDOWS\SYSTEM32\DLLCACHE\wowdeb.exe
+ 2008-04-05 17:05:46 821,856 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avg7core.sys
+ 2008-04-05 17:05:50 4,224 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsw.sys
+ 2008-04-05 17:05:51 27,776 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsxp.sys
+ 2008-04-05 17:05:58 10,760 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avgclean.sys
+ 2008-04-05 17:05:58 26,952 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys
+ 2004-08-12 14:06:15 2,944 ------w C:\WINDOWS\SYSTEM32\DRIVERS\drmkaud.sys
+ 2004-08-12 14:02:43 2,944 ------w C:\WINDOWS\SYSTEM32\DRIVERS\null.sys
+ 2004-08-12 13:58:39 2,000 ------w C:\WINDOWS\SYSTEM32\keyboard.drv
+ 2004-08-12 13:59:09 2,560 ------w C:\WINDOWS\SYSTEM32\lz32.dll
+ 2004-08-12 14:00:01 2,032 ------w C:\WINDOWS\SYSTEM32\mouse.drv
+ 2004-08-12 14:05:57 1,744 ------w C:\WINDOWS\SYSTEM32\sound.drv
+ 2005-03-03 19:00:00 2,693 ------w C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FAIFACA.DAT
+ 2005-03-03 19:00:00 2,693 ------w C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\epsonstylus_cx380080bf\E_FAIFACA.D AT
+ 2004-08-12 14:08:22 2,176 ------w C:\WINDOWS\SYSTEM32\vga.drv
+ 2004-08-12 14:09:38 2,864 ------w C:\WINDOWS\SYSTEM32\winsock.dll
+ 2004-08-12 14:09:39 2,112 ------w C:\WINDOWS\SYSTEM32\winspool.exe
+ 2004-08-12 14:10:22 2,736 ------w C:\WINDOWS\SYSTEM32\wowdeb.exe
+ 2000-08-31 15:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2000-08-31 15:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"Express ClickYes"="C:\Program Files\Express ClickYes\ClickYes.exe" [2005-07-27 01:39 32256]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 06:56 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"DW4"="" []
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 12:33 1388544]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-11-16 02:05 127035]
"WinFaxAppPortStarter"="wfxsnt40.exe" [1998-07-27 04:54 43008 C:\WINDOWS\SYSTEM32\WFXSNT40.EXE]
"EPSON Stylus CX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe" [2005-02-07 12:00 98304]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-12-22 12:16 98304]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-15 11:40 190464]
"WD Button Manager"="WDBtnMgr.exe" [2007-12-31 16:15 364544 C:\WINDOWS\SYSTEM32\WDBtnMgr.exe]
"USS"="C:\Program Files\USS\USS.exe" [2008-02-08 13:37 143360]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 05:47 579584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-05 10:05 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Controller.LNK - C:\Program Files\Symantec\WinFax\WFXCTL32.EXE [2005-05-14 12:32:22 503808]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 22:01:04 83360]
WD Backup Monitor.lnk - C:\Program Files\My Book\WD Backup\uBBMonitor.exe [2007-12-31 16:18:45 98304]
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearch.exe [2005-06-02 19:36:14 231936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SYSTEM32\\MMC.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\ACT\\ActUpdt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 wasfsd;wasfsd;C:\WINDOWS\system32\drivers\wasfsd.sys [2006-11-09 14:48]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R2 wfxsvc;WinFax PRO;C:\WINDOWS\system32\WFXSVC.EXE [1998-07-27 04:54]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-04-12 01:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (BEN-Ben Gilmore).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-04-15 18:50:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{78505AA2-5AFB-43D2-88F8-B35E9479A7C6}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2005-11-23 00:34:43 C:\WINDOWS\Tasks\WTR.job"
- C:\Program Files\BulletProofSoft.com\WinTrace Remover\44B367EE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 11:48:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-04-15 11:55:46
ComboFix-quarantined-files.txt 2008-04-15 18:54:43
ComboFix2.txt 2008-04-04 03:04:28
ComboFix3.txt 2008-04-04 02:56:55
ComboFix4.txt 2008-04-04 02:14:29
ComboFix5.txt 2008-04-01 22:23:08

Pre-Run: 37,267,447,808 bytes free
Post-Run: 37,302,849,536 bytes free
.
2008-03-12 10:06:09 --- E O F ---
beenthere7659's Avatar
Computer Specs
Senior Member with 128 posts.
  
Join Date: Mar 2008
Location: near Sacramento, California
Experience: Intermediate
15-Apr-2008, 03:05 PM #95
Hijackthis log 4-15-08 noon
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:18 PM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\USS\USS.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Express ClickYes\ClickYes.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\wasffNT.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.techguy.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [USS] "C:\Program Files\USS\USS.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Express ClickYes] C:\Program Files\Express ClickYes\ClickYes.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.02.0000.1007\en-us\msntabres.dll/229?8a09e4a47a0547df8b10dd5e5f202be5
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.02.0000.1007\en-us\msntabres.dll/230?8a09e4a47a0547df8b10dd5e5f202be5
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/def...x.1.0.0.67.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1135186932531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1121183721218
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = workgroup
O17 - HKLM\Software\..\Telephony: DomainName = workgroup
O17 - HKLM\System\CCS\Services\Tcpip\..\{C14FE8EC-0A4B-454C-8108-C949F9DD1E46}: Domain = gilmores
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = workgroup
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = gilmores,belkin
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = workgroup
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = gilmores,belkin
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = gilmores,belkin
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 10407 bytes
Cookiegal's Avatar
Administrator with 54,818 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
15-Apr-2008, 04:51 PM #96
Open Notepad and copy and paste the text in the code box below into it:

Code:
File::
C:\WINDOWS\SYSTEM32\DRIVERS\wasfsd.sys

Folder::
C:\Documents and Settings\Ben Gilmore\Application Data\InternetAnonymizer
C:\Documents and Settings\All Users\Application Data\InternetAnonymizer

DirLook::
C:\Program Files\USS

Driver::
wasfsd

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW4"=-
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.




This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
__________________
Microsoft MVP - Consumer Security

Alliance of Security Analysis Professionals
beenthere7659's Avatar
Computer Specs
Senior Member with 128 posts.
  
Join Date: Mar 2008
Location: near Sacramento, California
Experience: Intermediate
15-Apr-2008, 07:24 PM #97
Combofix log 4-14-08 4-20PM --- Hijack this to follow
ComboFix 08-04-14.2 - Ben Gilmore 2008-04-15 15:58:24.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.244 [GMT -7:00]
Running from: C:\Documents and Settings\Ben Gilmore\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ben Gilmore\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\SYSTEM32\DRIVERS\wasfsd.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\InternetAnonymizer
C:\Documents and Settings\All Users\Application Data\InternetAnonymizer\Data\Abbr
C:\Documents and Settings\All Users\Application Data\InternetAnonymizer\Data\customeremail
C:\Documents and Settings\All Users\Application Data\InternetAnonymizer\Data\customername
C:\Documents and Settings\All Users\Application Data\InternetAnonymizer\Data\customerpassword
C:\Documents and Settings\All Users\Application Data\InternetAnonymizer\Data\oid
C:\Documents and Settings\All Users\Application Data\InternetAnonymizer\Data\PCID
C:\Documents and Settings\All Users\Application Data\InternetAnonymizer\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\InternetAnonymizer\Data\Suspicious
C:\Documents and Settings\Ben Gilmore\Application Data\InternetAnonymizer
C:\Documents and Settings\Ben Gilmore\Application Data\InternetAnonymizer\Logs\update.log
C:\WINDOWS\SYSTEM32\DRIVERS\wasfsd.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WASFSD
-------\Service_wasfsd


((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-13 10:37 . 2008-04-13 10:37 80,481,722 --a------ C:\registrybackup.reg
2008-04-12 13:49 . 2008-04-12 13:49 <DIR> d-------- C:\Program Files\MSECache
2008-04-08 09:51 . 2008-04-08 09:51 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-08 09:51 . 2008-04-08 09:51 <DIR> d-------- C:\Documents and Settings\Ben Gilmore\Application Data\Malwarebytes
2008-04-08 09:51 . 2008-04-08 09:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-06 11:55 . 2008-04-06 11:55 3,122 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-04-06 11:54 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2008-04-06 11:54 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2008-04-06 11:54 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe
2008-04-06 11:54 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
2008-04-06 11:54 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2008-04-06 11:54 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2008-04-06 11:54 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2008-04-05 10:06 . 2008-04-05 10:06 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-05 10:06 . 2008-04-15 08:00 <DIR> d-------- C:\Documents and Settings\Ben Gilmore\Application Data\AVG7
2008-04-05 10:05 . 2008-04-05 10:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-05 10:05 . 2008-04-05 12:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-02 08:55 . 2008-04-14 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-02 08:15 . 2008-04-02 08:16 <DIR> d-------- C:\Program Files\USS
2008-03-31 16:22 . 2008-03-31 16:22 <DIR> d-------- C:\Program Files\Computer stuff
2008-03-31 15:56 . 2008-03-31 15:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-29 15:07 . 2008-03-29 15:07 <DIR> d-------- C:\Documents and Settings\Ben Gilmore\Application Data\Uniblue
2008-03-28 20:36 . 2008-03-28 20:36 <DIR> d-------- C:\Program Files\Common Files\InternetAnonymizer
2008-03-19 17:26 . 2008-03-19 17:27 <DIR> d-------- C:\Program Files\The Weather Channel FW

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 21:24 --------- d-----w C:\Program Files\ACT
2008-03-31 23:24 14,265 ----a-w C:\Program Files\3-31-08 4-24pm hijackthis.log
2008-03-28 18:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-22 07:04 --------- d-----w C:\Documents and Settings\Ben Gilmore\Application Data\TheScruffs
2008-02-22 02:42 --------- d-----w C:\Program Files\MSN Games
2008-02-17 07:36 104,768 ----a-w C:\Documents and Settings\Ben Gilmore\Application Data\GDIPFONTCACHEV1.DAT
2008-02-16 20:13 --------- d-----w C:\Program Files\Microsoft Small Business
2008-02-16 20:07 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-02-16 20:03 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-16 20:02 --------- d-----w C:\Program Files\MSXML 6.0
2008-02-16 19:15 --------- d-----w C:\Program Files\Microsoft Silverlight
2006-05-17 20:21 630,784 ------w C:\Documents and Settings\Ben Gilmore\chatlnk.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\USS ----

2008-04-02 08:16 5849 --a------ C:\Program Files\USS\unins000.dat
2008-04-02 08:16 4 --a------ C:\Program Files\USS\#agents\53\#startup
2008-04-02 08:15 9664 --a------ C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\unins000.dat
2008-04-02 08:15 692569 --a------ C:\Program Files\USS\unins000.exe
2008-04-02 08:15 692569 --a------ C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\unins000.exe
2008-03-06 18:03 86165 --a------ C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\AMPlugin.xml
2008-02-08 13:37 143360 --a------ C:\Program Files\USS\USS.exe
2008-02-07 18:13 2142208 --a------ C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\AMPlugin.dll
2007-04-19 17:14 22941 --a------ C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\AsAgents.xml
2007-04-12 14:26 61440 --a------ C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\wasffNT.exe
2006-11-09 20:27 398336 --a------ C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\AsAgents.dll


((((((((((((((((((((((((((((( snapshot_2008-04-15_11.53.54.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-15 16:41:06 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-04-15 23:06:18 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
- 2000-08-31 15:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"Express ClickYes"="C:\Program Files\Express ClickYes\ClickYes.exe" [2005-07-27 01:39 32256]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 06:56 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 12:33 1388544]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-11-16 02:05 127035]
"WinFaxAppPortStarter"="wfxsnt40.exe" [1998-07-27 04:54 43008 C:\WINDOWS\SYSTEM32\WFXSNT40.EXE]
"EPSON Stylus CX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe" [2005-02-07 12:00 98304]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-12-22 12:16 98304]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-15 11:40 190464]
"WD Button Manager"="WDBtnMgr.exe" [2007-12-31 16:15 364544 C:\WINDOWS\SYSTEM32\WDBtnMgr.exe]
"USS"="C:\Program Files\USS\USS.exe" [2008-02-08 13:37 143360]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 05:47 579584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-05 10:05 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Controller.LNK - C:\Program Files\Symantec\WinFax\WFXCTL32.EXE [2005-05-14 12:32:22 503808]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 22:01:04 83360]
WD Backup Monitor.lnk - C:\Program Files\My Book\WD Backup\uBBMonitor.exe [2007-12-31 16:18:45 98304]
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearch.exe [2005-06-02 19:36:14 231936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SYSTEM32\\MMC.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\ACT\\ActUpdt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R2 wfxsvc;WinFax PRO;C:\WINDOWS\system32\WFXSVC.EXE [1998-07-27 04:54]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-04-12 01:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (BEN-Ben Gilmore).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-04-15 23:20:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{78505AA2-5AFB-43D2-88F8-B35E9479A7C6}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2005-11-23 00:34:43 C:\WINDOWS\Tasks\WTR.job"
- C:\Program Files\BulletProofSoft.com\WinTrace Remover\44B367EE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 16:07:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2008-04-15 16:20:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-15 23:20:23
ComboFix2.txt 2008-04-15 18:55:47
ComboFix3.txt 2008-04-04 03:04:28
ComboFix4.txt 2008-04-04 02:56:55
ComboFix5.txt 2008-04-04 02:14:29

Pre-Run: 37,502,468,096 bytes free
Post-Run: 37,489,102,848 bytes free
.
2008-03-12 10:06:09 --- E O F ---
beenthere7659's Avatar
Computer Specs
Senior Member with 128 posts.
  
Join Date: Mar 2008
Location: near Sacramento, California
Experience: Intermediate
15-Apr-2008, 07:26 PM #98
Hijackthis log 4-15-08 4-26PM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:24:46 PM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\USS\USS.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Express ClickYes\ClickYes.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.techguy.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [USS] "C:\Program Files\USS\USS.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Express ClickYes] C:\Program Files\Express ClickYes\ClickYes.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.02.0000.1007\en-us\msntabres.dll/229?8a09e4a47a0547df8b10dd5e5f202be5
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.02.0000.1007\en-us\msntabres.dll/230?8a09e4a47a0547df8b10dd5e5f202be5
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/def...x.1.0.0.67.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1135186932531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1121183721218
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = workgroup
O17 - HKLM\Software\..\Telephony: DomainName = workgroup
O17 - HKLM\System\CCS\Services\Tcpip\..\{C14FE8EC-0A4B-454C-8108-C949F9DD1E46}: Domain = gilmores
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = workgroup
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = gilmores,belkin
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = workgroup
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = gilmores,belkin
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = gilmores,belkin
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 10427 bytes
Cookiegal's Avatar
Administrator with 54,818 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
15-Apr-2008, 07:49 PM #99
Did you just install this?

C:\Program Files\ACT


Please delete this entire folder. If you can't delete it in normal mode then boot to safe mode to delete it:

C:\Program Files\USS


Reboot and post a new HijackThis log please.
beenthere7659's Avatar
Computer Specs
Senior Member with 128 posts.
  
Join Date: Mar 2008
Location: near Sacramento, California
Experience: Intermediate
15-Apr-2008, 08:35 PM #100
Girl- You've scared me to death!
"Delete C:\Program Files\ACT"

ACT is a contact management file in which I have data on 8000 contacts with notes. It is my bread and butter-- I live and die by ACT.

The software was originally from Symantec, now Sage Software.
What prompted your recommendation?

"Delete C:\Program Files\USS"
I don't recognize anything in this area. I've opened it for you (screenshot)

Please reconfirm your instructions before I delete them.
Attached Thumbnails
delete-help-winpcdoctor-c-program-files-uss-3  
Cookiegal's Avatar
Administrator with 54,818 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
15-Apr-2008, 11:02 PM #101
I didn't tell you to delete the ACT folder.

You should only delete the one that follows:

C:\Program Files\USS
beenthere7659's Avatar
Computer Specs
Senior Member with 128 posts.
  
Join Date: Mar 2008
Location: near Sacramento, California
Experience: Intermediate
16-Apr-2008, 12:05 AM #102
Hijackthis log 4-15-08 9PM (after del USS)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:01 PM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Express ClickYes\ClickYes.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.techguy.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [USS] "C:\Program Files\USS\USS.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Express ClickYes] C:\Program Files\Express ClickYes\ClickYes.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.02.0000.1007\en-us\msntabres.dll/229?8a09e4a47a0547df8b10dd5e5f202be5
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.02.0000.1007\en-us\msntabres.dll/230?8a09e4a47a0547df8b10dd5e5f202be5
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/def...x.1.0.0.67.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1135186932531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1121183721218
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = workgroup
O17 - HKLM\Software\..\Telephony: DomainName = workgroup
O17 - HKLM\System\CCS\Services\Tcpip\..\{C14FE8EC-0A4B-454C-8108-C949F9DD1E46}: Domain = gilmores
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = workgroup
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = gilmores,belkin
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = workgroup
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = gilmores,belkin
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = gilmores,belkin
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 10489 bytes