Thanks
------------------------------------------------------------------------------
ComboFix 09-09-14.02 - Owner 09/15/2009 22:39.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.201 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090913-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\_50BD26FBC591412489A7790C7170A6F0
c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe
c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE
c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
c:\documents and settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\_50BD26FBC591412489A7790C7170A6F0
c:\documents and settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe
c:\documents and settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE
c:\documents and settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
c:\documents and settings\Owner\Application Data\Microsoft\Installer\{5978F151-FB21-4F7A-9409-507558466E58}\Icon5978F1511.exe
c:\recycler\S-1-5-21-3439069515-923161970-3086684005-1003
c:\recycler\S-1-5-21-417589418-2803876157-246302942-1003
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
.
((((((((((((((((((((((((( Files Created from 2009-08-16 to 2009-09-16 )))))))))))))))))))))))))))))))
.
2009-09-12 16:27 . 2009-09-12 16:27 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-09-12 16:27 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-12 16:27 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-12 16:27 . 2009-09-12 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-12 16:27 . 2009-09-12 16:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-11 05:20 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-11 04:53 . 2009-09-11 04:53 -------- d-----w- c:\program files\AskBardis
2009-09-11 04:34 . 2009-09-11 04:34 -------- dc----w- C:\_OTM
2009-09-09 04:59 . 2009-09-11 05:09 -------- d-----w- c:\program files\trend micro
2009-09-09 04:59 . 2009-09-09 05:00 -------- dc----w- C:\rsit
2009-09-08 02:52 . 2009-09-08 02:52 -------- d-----w- c:\program files\The Weather Channel FW
2009-09-07 15:58 . 2009-09-07 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-09-05 18:41 . 2009-09-05 18:41 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-09-05 17:37 . 2009-09-11 05:27 -------- d-----w- c:\windows\ie8updates
2009-09-05 17:18 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-05 17:18 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-09-05 17:18 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-05 17:18 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-05 17:18 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-09-05 16:33 . 2009-09-05 16:33 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-05 16:16 . 2009-09-05 16:16 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-09-04 05:31 . 2009-09-04 05:37 -------- dc-h--w- c:\windows\ie8
2009-09-04 04:33 . 2009-09-04 04:34 38 -c--a-w- C:\BdUninstallTool2009.09.03-11.33.52.reg
2009-09-04 02:39 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-04 02:39 . 2009-08-24 19:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-04 02:39 . 2009-08-19 16:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-04 02:38 . 2009-09-04 02:45 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-04 02:38 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-04 02:38 . 2009-09-04 03:24 -------- d-----w- c:\program files\Spyware Doctor
2009-09-04 02:38 . 2009-09-04 02:38 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2009-09-04 02:38 . 2009-09-04 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-04 02:37 . 2009-09-16 03:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-31 03:00 . 2009-08-31 03:00 -------- d-----w- c:\program files\ESET
2009-08-30 22:36 . 2009-08-30 22:36 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-08-30 21:01 . 2009-09-01 00:14 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-30 17:33 . 2009-08-30 17:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Downloaded Installations
2009-08-30 02:47 . 2009-08-30 21:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-30 02:37 . 2009-08-30 02:36 411368 ----a-w- c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-13 04:44 . 2006-01-27 03:10 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-09-12 20:39 . 2009-04-20 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-11 05:19 . 2008-06-05 18:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-09 04:54 . 2005-05-09 18:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-30 02:36 . 2006-01-12 02:00 -------- d-----w- c:\program files\Java
2009-08-17 16:10 . 2008-10-11 16:14 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-10-11 16:14 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-10-11 16:14 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-10-11 16:14 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-10-11 16:14 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-10-11 16:14 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-10-11 16:14 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-10-11 16:14 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-10-11 16:14 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-14 11:58 . 2009-09-04 02:39 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-05 09:11 . 2008-10-13 18:24 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2008-10-13 18:24 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2005-03-23 16:53 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2008-10-13 18:23 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:44 . 2008-10-13 18:24 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2008-10-13 18:23 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2008-10-13 18:23 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2008-10-13 18:23 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2008-10-13 18:23 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:44 . 2008-10-13 18:23 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-22 11:34 . 2008-10-13 18:23 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2005-12-27 01:56 . 2005-12-27 01:56 0 --sha-w- c:\windows\SMINST\HPCD.sys
.
------- Sigcheck -------
[7] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[7] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 60734DDA69D843116FA41BAA3545FE76 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
[7] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll
[7] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mswsock.dll
[7] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-16 1830128]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-04-23 801904]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2005-12-13 222784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-30 180269]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-30 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SnoopFreeUI"="SnoopFreeUI.exe" - c:\windows\SnoopFreeUI.exe [2006-05-05 221184]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-31 14:49 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Registration Dogz 5 - Catz 5 Compilation Jewelcase.LNK]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Registration Dogz 5 - Catz 5 Compilation Jewelcase.LNK
backup=c:\windows\pss\Registration Dogz 5 - Catz 5 Compilation Jewelcase.LNKStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/3/2009 9:39 PM 206256]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/11/2008 11:14 AM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/28/2008 10:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/28/2008 10:33 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/11/2008 11:14 AM 20560]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/28/2008 10:33 AM 7408]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [8/30/2009 5:36 PM 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [8/30/2009 5:36 PM 29208]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [10/13/2008 1:23 PM 14336]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2A.tmp --> c:\windows\system32\2A.tmp [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/3/2009 9:38 PM 348752]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://tdsmail.tds.net/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {AC637FAB-ACAD-49AE-8A67-5753012D6FA6} = 216.165.129.157
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ovj89gt.default\
FF - prefs.js: browser.startup.homepage - www.tds.net
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ovj89gt.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-15 22:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2A.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(528)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3504)
c:\windows\system32\WININET.dll
c:\windows\SnoopFreeDll.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\netdde.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\SnoopFreeSvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-09-16 22:59 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-16 03:59
Pre-Run: 61,326,815,232 bytes free
Post-Run: 61,233,184,768 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
229 --- E O F --- 2009-09-12 18:34
------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:17:09 PM, on 9/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tdsmail.tds.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC637FAB-ACAD-49AE-8A67-5753012D6FA6}: NameServer = 216.165.129.157
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe