Below, I'm posting my ComboFix and HiJackThis logs for review and suggestions on a path forward to ridding myself of this MAJOR pest.
Thanks in advance!
Jamie
ComboFix 08-01-04.1 - Owner 2008-01-06 17:45:49.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.158 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\desktop\ComboFix.exe
Command switches used :: /killall
.
The following files were disabled during the run:
C:\WINDOWS\system32\sockspy.dll
((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))
.
2008-01-06 15:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 15:02 . 2008-01-06 15:02 <DIR> d-------- C:\VundoFix Backups
2008-01-06 12:17 . 2008-01-06 12:21 <DIR> d-------- C:\Program Files\Ad-Aware 2007
2008-01-06 12:17 . 2008-01-06 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-06 12:11 . 2008-01-06 12:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-10 13:19 . 2007-12-10 13:19 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\MySpace
2007-12-09 11:50 . 2007-12-09 11:50 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-12-09 11:50 . 2007-12-09 11:50 <DIR> d-------- C:\Program Files\QuickTime
2007-12-09 11:47 . 2007-12-09 11:47 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-09 11:46 . 2007-12-09 11:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-07 01:21 --------- d-----w C:\Program Files\Palm
2008-01-07 01:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-07 00:54 --------- d-----w C:\Program Files\Documents To Go
2008-01-06 20:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-01-06 20:02 --------- d-----w C:\Documents and Settings\Owner\Application Data\MP3Rocket
2008-01-06 20:00 --------- d-----w C:\Program Files\SuperCleaner
2007-12-03 05:52 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-03 04:52 --------- d-----w C:\Program Files\Java
2007-12-03 04:39 --------- d-----w C:\Program Files\MP3 Rocket
2007-11-29 00:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Viewpoint
2007-11-25 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-17 20:54 --------- d-----w C:\Documents and Settings\Jacob\Application Data\MySpace
2007-11-15 23:40 --------- d-----w C:\Program Files\MySpace
2006-10-07 03:44 95,669 -c--a-w C:\Program Files\CA2V6V2L.zip
2006-07-19 18:08 1,798,936 -c--a-w C:\Program Files\CreataMailSetup.exe
2006-06-12 21:43 323 -c--a-w C:\Program Files\INSTALL.LOG
2005-05-12 07:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-09-26 19:28 48,640 ---ha-w C:\Documents and Settings\Owner\Application Data\eSelleratePlugin.DLL
.
((((((((((((((((((((((((((((( snapshot@2008-01-06_16.42.40.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-08-03 18:36:37 65,536 ----a-r C:\WINDOWS\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\ARPPRODUCTICON.exe
+ 2008-01-07 01:15:44 65,536 ----a-r C:\WINDOWS\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\ARPPRODUCTICON.exe
- 2007-08-03 18:36:37 65,536 ----a-r C:\WINDOWS\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut2_D7CAE58E26DE49B7A75DEAEDF76726BE.exe
+ 2008-01-07 01:15:44 65,536 ----a-r C:\WINDOWS\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut2_D7CAE58E26DE49B7A75DEAEDF76726BE.exe
- 2007-08-03 18:36:37 65,536 ----a-r C:\WINDOWS\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut3_D7CAE58E26DE49B7A75DEAEDF76726BE_3.exe
+ 2008-01-07 01:15:44 65,536 ----a-r C:\WINDOWS\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut3_D7CAE58E26DE49B7A75DEAEDF76726BE_3.exe
- 2007-08-03 18:36:37 65,536 ----a-r C:\WINDOWS\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut7_856D48883B484D0C99D439AA7CF9DB2E.exe
+ 2008-01-07 01:15:44 65,536 ----a-r C:\WINDOWS\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut7_856D48883B484D0C99D439AA7CF9DB2E.exe
- 2008-01-07 00:37:20 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
+ 2008-01-07 01:53:18 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
+ 2008-01-07 01:55:37 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_790.dat
+ 2008-01-07 01:55:40 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_d8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 16:04 5562368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 16:38 221184]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-02-11 21:28 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-13 07:26 180269]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-06-15 10:50 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-06-15 10:50 69632]
"Frontier Search Helper"="C:\PROGRA~1\FRONTI~1\SrchHelp\frSrcAs.dll" [2006-03-23 16:40 94208]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 08:52 218232]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 16:04 5562368]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
MP3 Rocket (Minimized).lnk - C:\Program Files\MP3 Rocket\MP3Rocket.exe [2007-08-01 14:49:16]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Messenger.lnk
backup=C:\WINDOWS\pss\DataViz Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=C:\WINDOWS\pss\Event Reminder.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Loader supervisory.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk
backup=C:\WINDOWS\pss\Photo Loader supervisory.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=C:\WINDOWS\pss\spamsubtract.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Tools Check]
C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCSService]
2003-08-21 15:12 32768 --a--c--- C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 23:56 15360 --a------ C:\WINDOWS\System32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus Xtreme G]
2003-11-04 16:00 2502656 --a------ C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1127588510\ee\AOLHostManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-04-07 06:07 114688 --a------ C:\WINDOWS\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2003-05-23 01:55 483328 --a------ C:\WINDOWS\System32\hphmon05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 15:04 52736 --a--c--- c:\windows\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2003-02-11 19:02 61440 --a------ C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]
LTMSG.exe 7
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
2005-08-24 17:25 101080 --a------ C:\Program Files\Microsoft Location Finder\LocationFinder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2002-07-25 03:20 28672 --a--c--- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-02-05 07:24 53248 --a------ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
rundll32.exe nview.dll,nViewLoadHook
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2002-07-31 19:28 81920 --a------ C:\WINDOWS\system32\ps2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
C:\Program Files\Real\RealOne Player\realplay.exe /RunUPGToolCommandReBoot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-13 20:42 212992 --a--c--- C:\WINDOWS\SMINST\RECGUARD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12"=2 (0x2)
"NVSvc"=2 (0x2)
"MDM"=2 (0x2)
"LiveUpdate"=3 (0x3)
"comHost"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"SymWSC"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=3 (0x3)
"SAVScan"=3 (0x3)
"NSCService"=3 (0x3)
"navapsvc"=2 (0x2)
"KodakCCS"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"AOL ACS"=2 (0x2)
R1 bdftdif;BitDefender Firewall TDI Filter;C:\Program Files\Common Files\Softwin\BitDefender Firewall\bdftdif.sys [2007-06-15 10:48]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-06-15 10:51]
S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2003-07-30 01:15]
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2003-07-30 01:15]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2003-10-22 14:27]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
"2008-01-06 05:10:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-06-13 17:02:39 C:\WINDOWS\Tasks\SuperCleaner.job"
- C:\Program Files\SuperCleaner\SuperCleaner.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 17:57:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\sockspy.dll
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\sockspy.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\WINDOWS\system32\sockspy.dll
.
Completion time: 2008-01-06 18:00:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-07 02:00:34
ComboFix2.txt 2008-01-07 00:43:19
*******************************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:55 PM, on 1/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis2-0-2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.dlink.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {38E77F06-89FC-44f5-B3AB-11DDEB791947} - C:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {38E77F01-89FC-44f5-B3AB-11DDEB791947} - C:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FrontierBA BHO - {A93A3CC1-BA23-4d0d-9440-6A0148362B7E} - C:\Program Files\FrontierBA\BrowserAssistant\fbabar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Frontier Search Helper] rundll32 C:\PROGRA~1\FRONTI~1\SrchHelp\frSrcAs.dll,S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Startup: MP3 Rocket (Minimized).lnk = C:\Program Files\MP3 Rocket\MP3Rocket.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {6BAB93B7-1917-4214-A7D2-874FA6DB4740} (AOL Newport Editor Ctrl) - http://pictures.aolcdn.com/ap/Resources ... .1.0.0.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9181349421
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/B ... ofupld.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h ... mDlBrg.cab
O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://www.cmphotocenter.com/is/DragDropUploader.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://ipgweb.cce.hp.com/bus-nacons/caller/SysQuery.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 8175 bytes