Dan her is the three log files:
Combo Fix:ComboFix 08-04-18.3 - Robert 2008-04-20 10:54:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.483 [GMT -5:00]
Running from: C:\Documents and Settings\Robert\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Robert\Desktop\Error Cleaner.url
C:\Documents and Settings\Robert\Desktop\Privacy Protector.url
C:\Documents and Settings\Robert\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Robert\Favorites\Error Cleaner.url
C:\Documents and Settings\Robert\Favorites\Privacy Protector.url
C:\Documents and Settings\Robert\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\cookies.ini
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\hjilVyxx.ini
C:\WINDOWS\system32\hjilVyxx.ini2
C:\WINDOWS\system32\iiffFwwx.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\omwbyksc.ini
C:\WINDOWS\system32\UBIQAJjl.ini
C:\WINDOWS\system32\UBIQAJjl.ini2
C:\WINDOWS\system32\uxorkkad.dll
.
((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))))
.
2008-04-20 11:01 . 2008-04-20 11:01 106,496 --a------ C:\WINDOWS\system32\pmpifivu.exe
2008-04-20 10:17 . 2008-04-20 10:17 <DIR> d-------- C:\Program Files\CCleaner
2008-04-14 17:26 . 2008-04-14 17:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-04-14 17:25 . 2008-04-14 17:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-04-14 17:08 . 2008-04-14 17:08 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-14 17:08 . 2008-04-20 11:00 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-14 16:49 . 2008-04-14 16:49 <DIR> d-------- C:\Program Files\Windows Defender
2008-04-14 16:29 . 2008-04-14 16:31 <DIR> d-------- C:\Program Files\XoftSpySE
2008-04-14 16:23 . 2008-04-20 10:07 10,752 --a------ C:\WINDOWS\DCEBoot.exe
2008-04-14 14:16 . 2008-04-14 14:16 <DIR> d-------- C:\WINDOWS\l2schemas
2008-04-14 14:15 . 2005-04-20 14:21 474,624 -----c--- C:\WINDOWS\system32\dllcache\wzcsvc.dll
2008-04-14 14:15 . 2006-11-01 02:14 69,120 --a------ C:\WINDOWS\system32\wlanapi.dll
2008-04-14 14:15 . 2005-04-20 14:21 52,736 -----c--- C:\WINDOWS\system32\dllcache\wzcsapi.dll
2008-04-14 14:15 . 2005-04-19 18:54 14,592 -----c--- C:\WINDOWS\system32\dllcache\ndisuio.sys
2008-04-14 13:59 . 2008-04-14 13:59 <DIR> d-------- C:\WINDOWS\kdefense
2008-04-14 13:59 . 2008-04-14 13:59 846,336 --a------ C:\WINDOWS\system32\kdfinj.dll
2008-04-14 13:59 . 2008-04-20 10:13 722,472 --a------ C:\WINDOWS\system32\kdfmgr.exe
2008-04-14 13:59 . 2008-04-20 10:13 192,512 --a------ C:\WINDOWS\system32\kdfvmgr.exe
2008-04-14 13:59 . 2008-04-20 10:13 77,824 --a------ C:\WINDOWS\system32\kdfapi.dll
2008-04-14 13:59 . 2008-04-20 10:13 53,248 --a------ C:\WINDOWS\system32\Kdfhok.dll
2008-04-14 13:57 . 2008-04-14 13:57 <DIR> d-------- C:\WINDOWS\LocalSSL
2008-04-14 13:55 . 2008-02-16 01:01 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-14 13:55 . 2008-02-16 01:01 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2008-04-14 13:55 . 2008-02-16 01:01 52,240 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2008-04-14 13:53 . 2008-04-14 17:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-04-14 13:52 . 2008-04-20 08:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-14 11:00 . 2008-04-20 09:03 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\TmpRecentIcons
2008-04-14 10:50 . 2008-04-14 13:23 <DIR> d-------- C:\Documents and Settings\Robert\.housecall6.6
2008-04-14 09:36 . 2008-04-14 09:36 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-14 09:06 . 2008-04-14 09:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ixgdevwn
2008-04-14 09:06 . 2008-04-14 01:39 217,088 --a------ C:\WINDOWS\dsktbwfe.dll
2008-04-14 09:06 . 2008-04-14 01:39 212,992 --a------ C:\WINDOWS\nslbvxpgtkn.dll
2008-04-14 09:06 . 2008-04-14 01:39 188,416 --a------ C:\WINDOWS\ogxtsepr.dll
2008-04-14 09:06 . 2008-04-14 01:39 155,648 --a------ C:\WINDOWS\sgoblxtm.dll
2008-04-14 09:06 . 2008-04-14 09:06 106,496 --a------ C:\WINDOWS\system32\wfqjqjeh.exe
2008-04-13 12:17 . 2008-04-20 11:04 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\OpenOffice.org2
2008-04-13 10:43 . 2008-04-13 10:43 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-04-08 23:46 . 2008-04-14 09:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-08 23:46 . 2008-04-08 23:46 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-03 20:37 . 2008-04-03 20:37 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Apple Computer
2008-04-02 21:13 . 2008-04-02 21:13 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\PC Tools
2008-04-02 20:28 . 2008-04-02 20:28 <DIR> d-------- C:\Program Files\QuickTime
2008-04-02 20:28 . 2008-04-03 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-29 09:23 . 2008-03-29 09:23 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-29 09:23 . 2008-03-29 09:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 16:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream
2008-04-20 15:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-20 13:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-14 22:27 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-13 15:43 --------- d-----w C:\Program Files\Java
2008-04-08 01:57 --------- d-----w C:\Program Files\Microsoft Money Plus
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 13:29 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-15 17:57 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-03-15 17:57 --------- d-----w C:\Program Files\AutoCAD LT 2008
2008-03-15 17:55 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-15 17:55 --------- d-----w C:\Documents and Settings\Robert\Application Data\Autodesk
2008-03-15 17:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-03-15 17:54 --------- d-----w C:\Program Files\Autodesk
2008-02-25 03:50 --------- d-----w C:\Program Files\SemSim 640-801 CCNA Exams
2008-02-25 03:49 831,488 ------w C:\WINDOWS\Setup1.exe
2008-02-25 03:49 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97EBE3CC-10A7-4619-B127-9B5D4FA476A8}]
2008-04-14 01:39 212992 --a------ C:\WINDOWS\nslbvxpgtkn.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{57ABA3CE-E927-4C81-BE2E-E20CAEC6645F}"= "C:\WINDOWS\sgoblxtm.dll" [2008-04-14 01:39 155648]
"{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}"= "C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll" [2008-02-15 06:38 103760]
[HKEY_CLASSES_ROOT\clsid\{57aba3ce-e927-4c81-be2e-e20caec6645f}]
[HKEY_CLASSES_ROOT\sgoblxtm.1]
[HKEY_CLASSES_ROOT\TypeLib\{CBA0A72A-C5B0-47F8-9BD7-307B7708A58D}]
[HKEY_CLASSES_ROOT\sgoblxtm]
[HKEY_CLASSES_ROOT\clsid\{e7620c98-fccc-40e5-92ec-c7685d2e1e40}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@={747E722C-CB46-4A9D-BDFE-192AAD5099B1}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@={EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4A9D-BDFE-192AAD5099B1}]
2008-01-04 18:47 2389296 --a------ C:\Program Files\MozyHome\mozyshell.dll
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}]
2008-01-04 18:47 2389296 --a------ C:\Program Files\MozyHome\mozyshell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-08 23:37 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"egoxfzet"="C:\WINDOWS\system32\wfqjqjeh.exe" [2008-04-14 09:06 106496]
"kkeawnme"="C:\WINDOWS\system32\pmpifivu.exe" [2008-04-20 11:01 106496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56 64512]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 18:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 18:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 18:45 118784]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 18:30 282624 C:\WINDOWS\stsystra.exe]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [2005-05-18 15:49 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 13:48 761947]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"08615be0"="C:\WINDOWS\system32\cskybwmo.dll" [ ]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-16 00:56 1398024]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
C:\Documents and Settings\Robert\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-08 23:37:51 125624]
MozyHome Status.lnk - C:\Program Files\MozyHome\mozystat.exe [2008-02-09 00:57:36 1877296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"ouOlBzLDt3"= C:\Documents and Settings\All Users\Application Data\ixgdevwn\ibsbwpen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgggffeB]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
R1 mozyFilter;mozyFilter;C:\WINDOWS\system32\DRIVERS\mozy.sys [2008-01-04 18:47]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-10 01:20:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-20 16:03:37 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-04-04 20:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-04-20 16:00:32 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-04-14 21:30:01 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-20 11:02:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\MozyHome\mozyshell.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-20 11:10:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-20 16:09:48
Pre-Run: 58,174,812,160 bytes free
Post-Run: 58,106,302,464 bytes free
234 --- E O F --- 2008-04-20 16:09:33
HijackThis:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:11 AM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\All Users\Application Data\ixgdevwn\ibsbwpen.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DIGStream\digstream.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\pmpifivu.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: DVA Storm - {97EBE3CC-10A7-4619-B127-9B5D4FA476A8} - C:\WINDOWS\nslbvxpgtkn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: sgoblxtm - {57ABA3CE-E927-4C81-BE2E-E20CAEC6645F} - C:\WINDOWS\sgoblxtm.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [08615be0] rundll32.exe "C:\WINDOWS\system32\cskybwmo.dll",b
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [egoxfzet] C:\WINDOWS\system32\wfqjqjeh.exe
O4 - HKCU\..\Run: [kkeawnme] C:\WINDOWS\system32\pmpifivu.exe
O4 - HKLM\..\Policies\Explorer\Run: [ouOlBzLDt3] C:\Documents and Settings\All Users\Application Data\ixgdevwn\ibsbwpen.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.samsung-emp.com
O15 - Trusted Zone: *.samsunggsbn.com
O15 - Trusted Zone: *.samsungwireless.com
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) -
http://www.trendsecure.com/easy_install ... stallX.CABO16 - DPF: {E463DD62-1D07-425E-B82A-539FBA2F4162} (GSBN_Updater.UserControl1) -
https://samsunggsbn.com/PSI3/Cab/GSBN_Updater.CABO20 - Winlogon Notify: hgggffeB - C:\WINDOWS\
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 8776 bytes
Intall:Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Apple Software Update
AutoCAD LT 2008 - English
Autodesk DWF Viewer 7
Broadcom 440x 10/100 Integrated Controller
CCleaner (remove only)
Conexant HDA D110 MDC V.92 Modem
Dell ResourceCD
ESPNMotion
GemMaster Mystic
Google Earth
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB918997)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 4
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Money Plus
Microsoft Money Shared Libraries
mIWA
mLogView
mMHouse
Mozilla Firefox (2.0.0.12)
MozyHome 1.8.6.21
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mWMI
mXML
mZConfig
Norton Security Scan
OpenOffice.org 2.4
Otto
Picasa 2
QuickTime
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
SemSim 640-801 CCNA Exams
SigmaTel Audio
Sonic Encoders
SpyHunter
Spyware Doctor 5.5
Synaptics Pointing Device Driver
Trend Micro Internet Security
Trend Micro Internet Security Pro
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
Windows Defender
Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12)
Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)
Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB839210
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB908250
XoftSpySE
Thanks Roundaboutrc