yardmaster

February 10, 2008

Deckard's System Scanner v20071014.68

Run by Owner on 2008-02-10 13:16:18

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --

50: 2008-02-10 18:16:34 UTC - RP670 - Deckard's System Scanner Restore Point

49: 2008-02-09 23:40:14 UTC - RP669 - System Checkpoint

48: 2008-02-08 23:39:16 UTC - RP668 - ComboFix created restore point

47: 2008-02-08 23:04:34 UTC - RP667 - Removed Kaspersky Anti-Virus 6.0 SOS.

46: 2008-02-08 06:53:16 UTC - RP666 - System Checkpoint

-- First Restore Point --

1: 2007-11-12 19:57:59 UTC - RP621 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:21, on 2008-02-10

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\system32\BrmfBAgS.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Softex\OmniPass\Omniserv.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

C:\Program Files\Softex\OmniPass\OPXPApp.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\S3tray2.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\WINDOWS\SM1BG.EXE

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe

C:\Program Files\TiVo\Desktop\TiVoNotify.exe

C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\TiVo\Desktop\TiVoServer.exe

C:\Documents and Settings\Owner\Desktop\Clean Up\dss.exe

C:\DOCUME~1\Owner\Desktop\CLEANU~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {90946E9B-5688-4E22-84D0-66098C7DA2E4} - C:\Program Files\Windows Media Player\hoke83122.dll (file missing)

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer

O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify

O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer

O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\Owner\LOCALS~1\Temp\HSPERF~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\UEUTPHOI\SPACER~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\UBSNT6BY\CPLPAR~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\UBSNT6BY\SHOWGU~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\UBSNT6BY\ADTARG~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\V2SJNLS5\SPACER~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\577B154E\SPACER~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\UEUTPHOI\SPACER~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\NZP1PT1M\SPACER~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\UEUTPHOI\CLICKC~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5J234N67\PARAML~1.SH!

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe

O4 - Startup: TVHarmony AutoPilot.lnk = C:\Program Files\TVHarmony\AutoPilot.exe

O4 - Global Startup: Creating Keepsakes Scrapbook Designer Event Reminder.lnk = C:\Program Files\Scrapbook Designer\scrapremind.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\WINDOWS\PSEXESVC.EXE

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: TiVo.Net Auto-Transcoding Service - Pipkin Technologies - C:\Program Files\Pipkin Technologies\TiVo.Net\TiVoDotNet.exe

O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

--

End of file - 12180 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 fasttx2k - c:\windows\system32\drivers\fasttx2k.sys <Not Verified; Promise Technology, Inc.; Promise FastTrak Series Driver>

R0 snapman (Acronis Snapshots Manager) - c:\windows\system32\drivers\snapman.sys <Not Verified; Acronis; Acronis Snapshot API>

R0 Vax347b - c:\windows\system32\drivers\vax347b.sys

R0 Vax347s - c:\windows\system32\drivers\vax347s.sys

R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

R1 StarOpen - c:\windows\system32\drivers\staropen.sys

R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 ATWPKT2 - c:\program files\america online 8.0\atwpkt2.sys (file missing)

S3 hamachi_oem (PlayLinc Adapter) - c:\windows\system32\drivers\gan_adapter.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver, OEM>

S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>

S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>

S3 PCDRDRV (Pcdr Helper Driver) - c:\progra~1\pc-doc~1\diagno~1\pcdrdrv.sys (file missing)

S3 SYMIDSCO - c:\windows\system32\drivers\symidsco.sys (file missing)

S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)

S3 WLAN_USB (Wireless LAN USB Driver) - c:\windows\system32\drivers\ma111nd5.sys <Not Verified; NETGEAR, Inc.; NETGEAR MA111USB adapter>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>

S3 PSEXESVC (PsExec) - c:\windows\psexesvc.exe <Not Verified; Sysinternals; Sysinternals PsExec>

S3 TiVo.Net Auto-Transcoding Service - "c:\program files\pipkin technologies\tivo.net\tivodotnet.exe" <Not Verified; Pipkin Technologies; DotNetTivoBeacon>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2003-09-06 23:52:37 412 -----n--- C:\WINDOWS\Tasks\Symantec NetDetect.job

-- Files created between 2008-01-10 and 2008-02-10 -----------------------------

2008-02-08 18:36:59 68096 --a------ C:\WINDOWS\system32\zip.exe

2008-02-08 18:36:59 98816 --a------ C:\WINDOWS\system32\sed.exe

2008-02-08 18:36:59 80412 --a------ C:\WINDOWS\system32\grep.exe

2008-02-08 18:36:59 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >

2008-02-08 18:36:50 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>

2008-02-08 18:24:45 0 dr-hs---- C:\cmdcons

2008-02-08 18:24:27 0 d-------- C:\WINDOWS\setupupd

2008-02-05 23:04:02 0 d-------- C:\Program Files\Lavasoft

2008-02-05 23:04:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-02-03 15:52:19 47392 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-02-03 15:52:19 29458720 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-02-03 15:43:08 0 d-------- C:\KAV

2008-01-31 22:57:34 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft

2008-01-31 22:44:02 0 dr-h----- C:\$VAULT$.AVG

2008-01-31 19:07:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

-- Find3M Report ---------------------------------------------------------------

2008-02-10 08:00:14 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7

2008-02-05 23:03:07 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-02-03 13:04:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe

2008-01-31 19:00:28 0 d-------- C:\Program Files\Common Files

2008-01-28 14:53:40 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire

2008-01-22 00:02:52 0 d-------- C:\Documents and Settings\Owner\Application Data\WeatherBug

2008-01-10 22:59:09 0 d-------- C:\Documents and Settings\Owner\Application Data\VideoReDoPlus

2008-01-06 16:00:24 0 d-------- C:\Program Files\PrintKey2000

2008-01-06 15:57:24 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE

2008-01-03 22:32:01 0 d-------- C:\Program Files\Java

2007-12-16 03:22:53 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2007-12-15 14:04:17 0 d-------- C:\Program Files\IncrediMail

2007-12-15 14:03:11 0 d-------- C:\Program Files\Microsoft IntelliPoint

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90946E9B-5688-4E22-84D0-66098C7DA2E4}]

C:\Program Files\Windows Media Player\hoke83122.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04]

"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 19:11]

"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02]

"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 10:01]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 23:42]

"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 21:28]

"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2003-02-27 01:12]

"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2003-02-27 01:40]

"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32]

"S3TRAY2"="S3tray2.exe" [2003-02-25 04:33 C:\WINDOWS\system32\S3tray2.exe]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 20:54]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]

"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-08 21:13]

"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 14:20]

"NWEReboot"="" []

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-06-14 22:01]

"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 18:14]

"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 18:15]

"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-09-22 18:20]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]

"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-06-06 18:52]

"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 08:33]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-31 19:09]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" []

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-04-21 16:03]

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

"TivoTransfer"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2007-09-25 10:33]

"TivoNotify"="C:\Program Files\TiVo\Desktop\TiVoNotify.exe" [2007-09-25 10:34]

"TivoServer"="C:\Program Files\TiVo\Desktop\TiVoServer.exe" [2007-09-25 10:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]

"DelayShred"="c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\Owner\LOCALS~1\Temp\HSPERF~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\UEUTPHOI\SPACER~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\UBSNT6BY\CPLPAR~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\UBSNT6BY\SHOWGU~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\UBSNT6BY\ADTARG~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\V2SJNLS5\SPACER~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\577B154E\SPACER~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\UEUTPHOI\SPACER~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\NZP1PT1M\SPACER~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\UEUTPHOI\CLICKC~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5J234N67\PARAML~1.SH!

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\

PowerReg Scheduler V3.exe [2005-04-05 19:08:26]

spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [2003-04-10 05:53:45]

TVHarmony AutoPilot.lnk - C:\Program Files\TVHarmony\AutoPilot.exe [2006-03-26 01:07:24]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Creating Keepsakes Scrapbook Designer Event Reminder.lnk - C:\Program Files\Scrapbook Designer\scrapremind.exe [2004-03-05 14:40:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]

C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 05:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

-- End of Deckard's System Scanner: finished at 2008-02-10 13:22:26 ------------

extra.txt

February 8, 2008

Please visit the webpage HERE for instructions for downloading and running ComboFix.
Post the log from ComboFix when you've accomplished that.

Thanks...i get to this as soon as i get home.

Edit: Ok...i've tried to run ComboFix twice...each time the PC reboots without completing the process. ????

The first time it rebooted i got this msg:

Didnt get it the 2nd time.

This is all it got for the log:

ComboFix 08-02.05.3 - Owner 2008-02-08 19:28:27.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.524 [GMT -5:00]

Running from: C:\Documents and Settings\Owner\Desktop\Clean Up\ComboFix.exe

February 8, 2008

my free subscription to McAfee recently ran out...i uninstalled it and installed free version of AVG anti-virus along with AVG's anti-spyware. Both have run and come up clean...but for some unknown reason i keep getting blank (no images, no address in address bar)IE windows opening up all by themselves...I use Firefox.

Ran Kapersky...already had Spybot but also got AdAware...all cleaned somethings...but IE is still popping up....still blank screens..

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:19:42, on 2/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe

C:\WINDOWS\system32\BrmfBAgS.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Softex\OmniPass\Omniserv.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

C:\Program Files\Softex\OmniPass\OPXPApp.exe

C:\WINDOWS\Explorer.EXE

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\WINDOWS\system32\S3tray2.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\WINDOWS\SM1BG.EXE

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe

C:\Program Files\TiVo\Desktop\TiVoNotify.exe

C:\Program Files\TiVo\Desktop\TiVoServer.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Owner\Desktop\Clean Up\HJTInstall.exe