Hi hoping someone can help! Something is going on, my desktop and start menu (explorer) runs intermittently. When I boot up I ultimately get nothing but my background. The desktop icons and taskbar load and then they flash on and off, eventually disappearing all together.

I've gone into the task menu and run task "explorer", only to once again have explorer.exe disappear from the processes list along with the desktop and start menu going away too.

I noticed that vertcisd would pop on and off the processes list so I deleted it from the system32.

Windows Defender popped up a few alerts at about the same time the problem started. I thought I blocked them but it looks like these items were allowed. Please find those entries below along with my Hijack this log.

Thanks for any help you can offer!

-----------------------------------------------------------------
*Windows Defender entries that alerted at time of initial occurence:
.
Category:
Adware
Description:
This program displays advertisements and is often bundled with other programs.
Advice:
Review the alert details to see why the software was detected. If you do not like how the software operates or if you do not recognize and trust the publisher, consider blocking or removing the software.
Resources:
file:
C:\Documents and Settings\shields 2\Local Settings\Temp\uf137.exe
View more information about this item online


This program has potentially unwanted behavior.
Advice:
Permit this detected item only if you trust the program or the software publisher.
Resources:
regkey:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \\runner1
runkey:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \\runner1
file:
C:\WINDOWS\mrofinu1188.exe
Category:
Not Yet Classified

.
This program has potentially unwanted behavior.
Advice:
Permit this detected item only if you trust the program or the software publisher.
Resources:
regkey:
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\core
file:
C:\WINDOWS\system32\drivers\core.sys
Category:
Not Yet Classified

Description:
This program has potentially unwanted behavior.
Advice:
Permit this detected item only if you trust the program or the software publisher.
Resources:
regkey:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \\Host Process
runkey:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \\Host Process
file:
C:\WINDOWS\Fonts\svchost.exe
Category:
Not Yet Classified


**Hijack This Log
.Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:21:58 AM, on 1/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sprint\Pantech\Sprint PCS Connection Manager\PWIUtilityService.exe
C:\WINDOWS\system32\igfxtray .exe
C:\WINDOWS\system32\hkcmd .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\Program Files\Windows Defender\MSASCui .exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\shields 2\Local Settings\Temporary Internet Files\Content.IE5\E26JI1WS\HiJackThis_v2[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
F3 - REG:win.ini: load=C:\WINDOWS\system32\mllmk.exe
O2 - BHO: (no name) - {00DC0058-A87E-4D19-9C26-F1AAC98AD4D7} - C:\WINDOWS\system32\iifgfde.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {EFEB8697-0564-45CD-B4F0-E6FAF71991E4} - C:\WINDOWS\system32\mllmk.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe" /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [\\gtw-xp\EPSON Stylus Photo RX600] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2 M1.EXE" /P33 "\\gtw-xp\EPSON Stylus Photo RX600" /O6 "USB002" /M "Stylus Photo RX600"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo RX600 on gtw-xp] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2 M1.EXE" /P39 "Auto EPSON Stylus Photo RX600 on gtw-xp" /O14 "\\GTW-XP\RX600" /M "Stylus Photo RX600"
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI ACA.EXE" /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [American Airlines DealFinder] null
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe " -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavili on&pf=laptop
O15 - Trusted Zone: http://*.att.net
O15 - Trusted Zone: NetZero- Free Dial Up Internet Service - High Speed ISP - Net Zero Internet Provider - Netzero.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n035p/EN/install/gtdownlr.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1153555515864
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O20 - Winlogon Notify: iifgfde - C:\WINDOWS\SYSTEM32\iifgfde.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pantech Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Pantech\Sprint PCS Connection Manager\PWIUtilityService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 11729 bytes

Hi..

Download SDFix from here and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum.

=========================================
This will help to identify malware on your system.
Please download Combofix from any of these locations:
Here
or
Here
Save ComboFix to the desktop and please ensure that you disable realtime security/virus programs that monitors your PC while CF is running.
1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Caution...Never run and remove files using ComboFix without being supervised by a security analyst.

Thanks Pancake, I really appreciate the response, I am going to get busy right now and give it a shot. I'll post the new logs as when finished.

Keeping fingers crossed ;o)

Brwn

Okay, had to come back and revise the post, I thought it was fixed, however, not long after running hijack this, the symptoms returned.........


As requested, here are my logs:


SDFix:

SDFix: Version 1.124
Run by shields 2 on Sun 01/06/2008 at 07:53 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\SHIELD~1\Desktop\SDFix
Safe Mode:
Checking Services:
Name:
core
Path:
system32\drivers\core.sys
core - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...

Normal Mode:
Checking Files:
Trojan Files Found:
C:\PROGRA~1\MICROS~1\XUXESO~1.HTM - Deleted
C:\PROGRA~1\MICROS~1\TEPAFU - Deleted
C:\Temp\1cb\syscheck.log - Deleted
C:\DOCUME~1\SHIELD~1\LOCALS~1\Temp\removalfile.bat - Deleted
C:\n.bat - Deleted
C:\winlogon.exe - Deleted
C:\x.dat - Deleted
C:\z.dat - Deleted
C:\WINDOWS\Fonts\Crack.exe - Deleted
C:\WINDOWS\mrofinu1000106.exe - Deleted
C:\WINDOWS\mrofinu1188.exe - Deleted
C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
C:\WINDOWS\system32\drivers\core.sys - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\Fonts\*.zip - 1 File(s) 637,907 bytes - Deleted
C:\WINDOWS\Fonts\'\*.zip - 1 File(s) 637,908 bytes - Deleted
x.dat and z.dat data copied to \SDFix\Data.txt

Folder C:\Temp\1cb - Removed
Folder C:\Temp\tn3 - Removed
Folder C:\WINDOWS\Fonts\' - Removed
Folder C:\WINDOWS\system32\Z1 - Removed
Folder C:\WINDOWS\system32\Z9 - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.


Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 22:01:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services:
------------------

Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Hp\\Photosmart Essential\\HP_IZE.exe"="C:\\Program Files\\Hp\\Photosmart Essential\\HP_IZE.exe:*:Enabled:HP Photosmart Essential"
"C:\\Program Files\\Hp\\Digital Imaging\\Product Assistant\\bin\\hprbui.exe"="C:\\Program Files\\Hp\\Digital Imaging\\Product Assistant\\bin\\hprbui.exe:*:Enabled:HP Product Assistant"
"C:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqdirec.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqdirec.exe:*:Enabled:HP Solution Center"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\ \Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Ena bled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Progra m Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Ya hoo! FT Server"
"C:\\Program Files\\American Airlines DealFinder\\American_Airlines_DealFinder.exe"="C:\ \Program Files\\American Airlines DealFinder\\American_Airlines_DealFinder.exe"
"C:\\Program Files\\Gizmo Project\\mDNSResponder.exe"="C:\\Program Files\\Gizmo Project\\mDNSResponder.exe:*isabled:Bonjour"
"C:\\Program Files\\NetZeroVoice\\GetNZVoice.exe"="C:\\Program Files\\NetZeroVoice\\GetNZVoice.exe:*isabled:Get NetZero Voice"
"C:\\Program Files\\Gizmo Project\\Gizmo.exe"="C:\\Program Files\\Gizmo Project\\Gizmo.exe:*isabled:Gizmo Project"
"C:\\Program Files\\NetZeroVoice\\NZVoice.exe"="C:\\Program Files\\NetZeroVoice\\NZVoice.exe:*isabled:NetZer o Voice"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\ \system32\\sessmgr.exe:*isabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\ \SAGENT4.EXE"="C:\\WINDOWS\\system32\\spool\\drive rs\\w32x86\\3\\SAGENT4.EXE:*isabled:SAgent4"
"C:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"="C:\\Progra m Files\\VoipCheapCom\\VoipCheapCom.exe:*isabled:V oipCheapCom"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\American Airlines DealFinder\\American_Airlines_DealFinder.exe"="C:\ \Program Files\\American Airlines DealFinder\\American_Airlines_DealFinder.exe"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\SHIELD~1\Desktop\SDFix\backups\backups .zip
Files with Hidden Attributes:
Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Mon 15 May 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 9 Oct 2006 19,968 ...H. --- "C:\Documents and Settings\shields 2\Desktop\~WRL0001.tmp"
Mon 30 Jul 2007 48,128 ...H. --- "C:\Documents and Settings\shields 2\Desktop\~WRL0002.tmp"
Thu 6 Sep 2007 24,064 ...H. --- "C:\Documents and Settings\shields 2\Desktop\~WRL0003.tmp"
Thu 21 Dec 2006 19,968 ...H. --- "C:\Documents and Settings\shields 2\Desktop\~WRL0004.tmp"
Tue 17 Oct 2006 21,504 ...H. --- "C:\Documents and Settings\shields 2\Desktop\~WRL0395.tmp"
Tue 17 Oct 2006 20,992 ...H. --- "C:\Documents and Settings\shields 2\Desktop\~WRL0412.tmp"
Fri 23 Feb 2007 24,064 ...H. --- "C:\Documents and Settings\shields 2\Desktop\~WRL0485.tmp"
Wed 4 Oct 2006 38,912 ...H. --- "C:\Documents and Settings\shields 2\Desktop\~WRL0693.tmp"
Fri 22 Dec 2006 20,992 ...H. --- "C:\Documents and Settings\shields 2\Desktop\~WRL0848.tmp"
Tue 17 Oct 2006 22,528 ...H. --- "C:\Documents and Settings\shields 2\Desktop\~WRL1148.tmp"
Tue 17 Oct 2006 20,992 ...H. --- "C:\Documents and Settings\shields 2\Desktop\~WRL1188.tmp"
Tue 17 Oct 2006 22,528 ...H. --- "C:\Documents and Settings\shields 2\Desktop\~WRL1572.tmp"
Tue 17 Oct 2006 21,504 ...H. --- "C:\Documents and Settings\shields 2\Desktop\~WRL1771.tmp"
Wed 23 May 2007 42,496 ...H. --- "C:\Documents and Settings\shields 2\Desktop\~WRL1971.tmp"
Tue 17 Oct 2006 22,528 ...H. --- "C:\Documents and Settings\shields 2\Desktop\~WRL2411.tmp"
Tue 27 Mar 2007 19,968 ...H. --- "C:\Documents and Settings\shields 2\Desktop\~WRL2748.tmp"
Tue 17 Oct 2006 22,528 ...H. --- "C:\Documents and Settings\shields 2\Desktop\~WRL2938.tmp"
Tue 17 Oct 2006 22,528 ...H. --- "C:\Documents and Settings\shields 2\Desktop\~WRL3020.tmp"
Wed 23 May 2007 1,139,200 ...H. --- "C:\Documents and Settings\shields 2\Desktop\~WRL3106.tmp"
Tue 17 Oct 2006 20,992 ...H. --- "C:\Documents and Settings\shields 2\Desktop\~WRL3387.tmp"
Tue 27 Mar 2007 19,968 ...H. --- "C:\Documents and Settings\shields 2\Desktop\~WRL3969.tmp"
Wed 31 May 2006 19,968 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL0003.tmp"
Mon 2 Oct 2006 19,968 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL0004.tmp"
Wed 31 May 2006 19,968 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL0005.tmp"
Sat 24 Feb 2007 20,992 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL0006.tmp"
Fri 2 Jun 2006 23,552 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL0121.tmp"
Sat 3 Jun 2006 23,552 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL0263.tmp"
Thu 1 Jun 2006 19,968 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL0271.tmp"
Wed 31 May 2006 55,808 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL0273.tmp"
Wed 31 May 2006 101,888 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL0440.tmp"
Thu 1 Jun 2006 19,968 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL0673.tmp"
Sat 3 Jun 2006 23,552 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL0868.tmp"
Fri 29 Sep 2006 19,968 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL0905.tmp"
Sun 1 Oct 2006 19,968 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL1001.tmp"
Fri 2 Jun 2006 352,768 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL1182.tmp"
Tue 3 Oct 2006 24,064 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL1894.tmp"
Mon 2 Oct 2006 19,968 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL1946.tmp"
Thu 1 Jun 2006 19,968 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL1951.tmp"
Wed 31 May 2006 22,016 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL1956.tmp"
Wed 4 Oct 2006 25,600 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL1994.tmp"
Wed 31 May 2006 222,208 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL2107.tmp"
Fri 2 Jun 2006 22,528 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL2117.tmp"
Wed 31 May 2006 276,992 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL2148.tmp"
Sat 3 Jun 2006 24,064 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL3081.tmp"
Wed 31 May 2006 19,968 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL3470.tmp"
Tue 3 Oct 2006 19,968 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL3606.tmp"
Wed 4 Oct 2006 24,064 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL3667.tmp"
Mon 2 Oct 2006 19,968 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL3858.tmp"
Sat 3 Jun 2006 23,552 ...H. --- "C:\Documents and Settings\shields 2\My Documents\~WRL3896.tmp"
Sun 1 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun 18 Feb 2007 27,648 A..H. --- "C:\Documents and Settings\shields 2\Desktop\Boscoe\~WRL0001.tmp"
Fri 28 Jul 2006 45,568 ...H. --- "C:\Documents and Settings\shields 2\Desktop\Keisha\~WRL0002.tmp"
Sat 26 May 2007 48,640 ...H. --- "C:\Documents and Settings\shields 2\Desktop\Keisha\~WRL0453.tmp"
Tue 15 May 2007 251,904 A..H. --- "C:\Documents and Settings\shields 2\My Documents\FEVA\~WRL1392.tmp"
Sun 14 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72 525ea90a47679441587835c9\BIT296.tmp"
Wed 31 May 2006 477,696 ...H. --- "C:\Documents and Settings\shields 2\Application Data\Microsoft\Word\~WRL1751.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\Documents and Settings\shields 2\Application Data\U3\temp\Launchpad Removal.exe"
Mon 15 May 2006 4,348 ...H. --- "C:\Documents and Settings\shields 2\My Documents\My Music\License Backup\drmv1key.bak"
Thu 18 May 2006 20 A..H. --- "C:\Documents and Settings\shields 2\My Documents\My Music\License Backup\drmv1lic.bak"
Mon 15 May 2006 400 A.SH. --- "C:\Documents and Settings\shields 2\My Documents\My Music\License Backup\drmv2key.bak"
Fri 17 Aug 2007 120 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0026B3DB-FDDF-409C-A651-CB093A7FA3CC.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS031DCDF5-5023-4100-BF00-FCB012FEE8CB.tmp"
Fri 17 Aug 2007 124 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS06EE7C20-9158-45FE-A7D9-CC1AF19C6EE8.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0A2C2F5D-D970-4D6E-A368-5DD1F55B1BBE.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0DF64A83-76C1-48AA-A605-923D809B2479.tmp"
Fri 17 Aug 2007 48 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS12FDA44A-0EED-4FFF-AE73-D8D7F4575EB7.tmp"
Fri 17 Aug 2007 30 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS158BE14D-01B9-4F25-BF91-7D146A298437.tmp"
Fri 17 Aug 2007 68 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS25CB9946-C88E-4DAE-90FB-BB4063F1891F.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2A229FD2-2A35-46C6-9982-715A112DAA75.tmp"
Fri 17 Aug 2007 100 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2A6658CD-F0A5-4E47-A248-FA5DBFB103D9.tmp"
Fri 17 Aug 2007 666 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2E16C355-A319-4E1E-8FBC-645E2B6B829B.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS338416A5-E1BE-4C6D-92C6-2A39AE2F6C43.tmp"
Fri 17 Aug 2007 196 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS35BA724B-3E42-4F1E-AF67-B46FF2D37CF0.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS37EC6BCF-553E-4F28-8795-B37CC78062C5.tmp"
Fri 17 Aug 2007 530 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3ACB9088-225D-4193-A27D-4893D79CABD1.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3E5ADC1A-C307-446F-BC76-B3D6B898A987.tmp"
Fri 17 Aug 2007 42 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3FA072C5-CAF8-47BD-B514-8F01D5AB4AE8.tmp"
Fri 17 Aug 2007 312 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS41D3C109-BD23-44C6-897F-C07C8A1832D0.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS50F84FF6-3067-434D-A24B-361BA01F0FA9.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS51E9DDCC-5DEC-40F1-A708-DA4C5C0B7F0F.tmp"
Fri 17 Aug 2007 410 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS55D9FDB0-42E3-4A08-98E8-3965AD4D6411.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS56C0C550-A8E1-4940-949F-59472C6253CB.tmp"
Fri 17 Aug 2007 330 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS56EAC80A-78FE-4E31-838E-3382AED5B0B7.tmp"
Fri 17 Aug 2007 30 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5707C51A-A5D6-48F4-845B-B9BF38C9EEAD.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS579A96B3-658B-4A0E-B7FC-17D33659977C.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS58E246AF-E587-4867-997B-C1E5E91AF482.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5CD5B58B-A8F2-46B1-A1FA-266FDBB0C5AB.tmp"
Fri 17 Aug 2007 50 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5C2EA122-C0EA-45B6-A5F9-18BC5267176E.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5EA23298-5599-4074-B108-282C883AA9C1.tmp"
Fri 17 Aug 2007 566 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS67D76D9D-928D-41A1-8A39-84DE6EA3E45D.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6F7DFCC1-1A99-4333-8AB7-0510223E7CEA.tmp"
Fri 17 Aug 2007 100 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6FE21F04-EF76-43DD-AEA1-4FBD2E180662.tmp"
Fri 17 Aug 2007 482 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS75AF39FF-3C3B-485B-9884-5D2DB727A374.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8219B866-1A1F-4C63-90D2-2A9017DF2164.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8465E503-7117-4D8E-AB90-F4DBB595C52F.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS88DCC5E3-6DD5-48BA-AB3A-C73C34AB6A06.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8E5F0A21-E89E-4473-BCB3-F4AFDC6F177D.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8FB7EFCA-6514-41F1-AD4B-7CD9DAC1DADB.tmp"
Fri 17 Aug 2007 506 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS901CB21C-7678-4E41-81AC-906A8F59CFF9.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9BE3C79E-724D-4AB8-8F7B-4B18C9455211.tmp"
Fri 17 Aug 2007 42 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA7629BA1-8996-4647-81F1-16027BEB7EA7.tmp"
Fri 17 Aug 2007 342 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAD067142-35FA-48AC-9ECD-A8B89B195009.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAEF701F4-9879-48D0-BC39-A92C08625641.tmp"
Fri 17 Aug 2007 602 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB049D8E0-038C-4D60-9A58-9135F075EA72.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB0FF7618-A3A3-4474-A710-78A96DFCE96D.tmp"
Fri 17 Aug 2007 120 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB26CB2BB-C7BA-4EB5-939D-81682021DCE9.tmp"
Fri 17 Aug 2007 14 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB54D2383-FC9F-49A4-B71E-4748AC26D48B.tmp"
Fri 17 Aug 2007 136 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBB264749-43E2-41A3-AE0E-899766235757.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBCFBBCB0-54FD-4556-AE05-62F7E5FB3EAB.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBE26BA59-38C8-4066-A4EF-205452EB2A54.tmp"
Fri 17 Aug 2007 312 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC0B69636-7CB7-4AC8-AD2F-52B004E4B737.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC2A7A4B8-CF6A-4408-83F2-4E26A918A683.tmp"
Fri 17 Aug 2007 324 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC36A9692-C687-4772-B50A-6615A60493BA.tmp"
Fri 17 Aug 2007 48 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC8BBC733-D6C8-439A-A3A0-EF3E565F03C0.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD7C76DBF-9A68-45B0-8F8E-F2B78D585D8E.tmp"
Fri 17 Aug 2007 96 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDA5191F4-82C5-4323-994D-BFFC980816A4.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDE876422-F98F-4611-B8A2-9433018B1437.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE168A931-AA99-48F6-999C-1CE67CA0BECA.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE330158D-3304-4311-832F-DF1AC43690E8.tmp"
Fri 17 Aug 2007 102 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE59792B1-10DC-48C4-983A-B2317992AEE5.tmp"
Fri 17 Aug 2007 114 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE6D7973D-E050-4B20-8B9F-26F19DB06298.tmp"
Fri 17 Aug 2007 162 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE76A5245-C650-44D4-BD92-C59304764940.tmp"
Fri 17 Aug 2007 48 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE8FBA0CF-6FCF-4A4C-A89D-803C56731AB4.tmp"
Fri 17 Aug 2007 502 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE885B2A3-E5E6-457E-B6FC-8DBFA28A211B.tmp"
Fri 17 Aug 2007 118 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE86E766C-AC5B-4939-A5C7-20FEB9B1797B.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSED89E511-BDA7-49AE-98AD-C1DDC479A3ED.tmp"
Fri 17 Aug 2007 100 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEE62C12F-E3A6-4A48-8011-AA3763DA9076.tmp"
Fri 17 Aug 2007 416 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEF5B4B0C-0C12-4750-B325-A4BB4767D415.tmp"
Fri 17 Aug 2007 8 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF060ACCB-7CA8-4FF0-BFD0-2E78B26114C6.tmp"

Finished!




ComboFix:
ComboFix 08-01-04.1 - shields 2 2008-01-06 22:56:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.525 [GMT -6:00]
Running from: C:\Documents and Settings\shields 2\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\shields 2\Application Data\FunWebProducts
C:\Documents and Settings\shields 2\Application Data\FunWebProducts\Data\shields 2\avatar.dat
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\14DA0F55.u rr
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\Video\ManifestEngine.exe
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\web buying
C:\Program Files\web buying\v1.8.6\wbuninst.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\iifgfde.dll
C:\WINDOWS\system32\kmllm.ini
C:\WINDOWS\system32\kmllm.ini2
C:\WINDOWS\system32\mllmk.dll
C:\WINDOWS\system32\mllmk.exe
C:\WINDOWS\system32\RCX65.tmp
C:\WINDOWS\system32\RCX68.tmp
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIA CA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M 1.EXE
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CORE

((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))
.
2008-01-06 22:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 19:50 . 2008-01-06 19:51 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-06 19:12 . 2005-08-02 00:52 <DIR> d-------- C:\Documents and Settings\Administrator.LAPTOP2\Application Data\Symantec
2008-01-06 19:12 . 2005-08-02 00:49 <DIR> d-------- C:\Documents and Settings\Administrator.LAPTOP2\Application Data\Apple Computer
2008-01-06 12:48 . 2008-01-06 12:48 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-06 12:48 . 2008-01-06 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-06 12:46 . 2008-01-06 12:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-06 12:01 . 2008-01-06 12:01 221,184 --a------ C:\WINDOWS\system32\LVCOMSX .EXE
2008-01-06 12:00 . 2008-01-06 19:02 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe
2008-01-06 12:00 . 2008-01-06 12:00 126,976 --a------ C:\WINDOWS\system32\hkcmd .exe
2008-01-06 11:03 . 2008-01-06 11:03 <DIR> d-------- C:\Documents and Settings\shields 2\Application Data\Lavasoft
2008-01-06 02:13 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-01-05 15:49 . 2008-01-05 15:49 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-01-05 15:46 . 2008-01-06 11:57 <DIR> d-------- C:\WINDOWS\system32\mr9
2008-01-05 15:46 . 2008-01-05 15:46 <DIR> d-------- C:\WINDOWS\system32\ardCo18
2008-01-05 15:46 . 2008-01-06 11:57 <DIR> d-------- C:\WINDOWS\system32\aj2
2008-01-05 15:46 . 2008-01-05 15:46 <DIR> d-------- C:\Temp\cEeer12
2008-01-05 15:46 . 2008-01-06 22:01 <DIR> d-------- C:\Temp
2008-01-05 15:44 . 2008-01-05 16:16 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-04 16:55 . 2008-01-04 16:55 <DIR> d-------- C:\WINDOWS\Cache
2008-01-04 16:55 . 2008-01-04 16:55 <DIR> d-------- C:\Program Files\Coupons
2008-01-04 16:55 . 2008-01-04 16:55 193,880 -rah----- C:\WINDOWS\system32\cpnprt2.cid
2008-01-04 00:33 . 2008-01-04 00:33 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-01-04 00:33 . 2008-01-04 00:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-01-03 12:16 . 2008-01-03 12:22 <DIR> d-------- C:\Program Files\Macromedia
2008-01-03 12:16 . 2008-01-03 12:21 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-01-02 22:59 . 2008-01-02 22:13 36 --a------ C:\mediamp3.dat
2008-01-02 22:29 . 2008-01-02 22:29 <DIR> d-------- C:\record
2008-01-02 22:23 . 2008-01-02 22:23 <DIR> d-------- C:\music
2008-01-02 22:14 . 2008-01-02 22:59 74 --a------ C:\WINDOWS\MediaManager.INI
2008-01-02 22:04 . 2008-01-02 22:05 <DIR> d-------- C:\Program Files\MP3 Player Utilities 4.18
2007-12-26 21:33 . 2007-12-26 21:33 <DIR> d-------- C:\Program Files\MGA Games
2007-12-24 13:08 . 2007-12-24 13:08 <DIR> d-------- C:\Documents and Settings\shields 2\Application Data\Motive
2007-12-20 12:04 . 2007-12-25 16:19 <DIR> d-------- C:\Documents and Settings\shields 2\Application Data\VoipCheapCom
2007-12-18 22:20 . 2005-05-10 00:36 81,920 --a------ C:\WINDOWS\system32\W32n50.dll
2007-12-18 22:20 . 2007-01-31 09:58 43,387 --a------ C:\WINDOWS\browser.exe
2007-12-18 22:20 . 2005-05-10 00:36 17,162 --a------ C:\WINDOWS\system32\Pcandis5.sys
2007-12-18 22:20 . 2005-05-10 00:36 16,848 --a------ C:\WINDOWS\system32\Pcandis4.sys
2007-12-18 22:20 . 2005-05-10 00:36 16,073 --a------ C:\WINDOWS\system32\Pcandis3.vxd
2007-12-18 22:20 . 2007-01-31 09:58 6,246 --a------ C:\WINDOWS\atty.ico
2007-12-18 22:19 . 2007-12-18 22:19 <DIR> d-------- C:\WINDOWS\Motive
2007-12-18 22:19 . 2007-12-24 13:08 <DIR> d-------- C:\Program Files\SBC Self Support Tool
2007-12-18 22:19 . 2007-12-24 13:08 <DIR> d-------- C:\Program Files\Common Files\Motive
2007-12-18 22:19 . 2007-12-18 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2007-12-15 09:12 . 2007-12-15 09:12 <DIR> d-------- C:\Program Files\BroadJump
2007-12-15 09:03 . 2007-01-31 09:58 6,345 -ra------ C:\WINDOWS\system32\DevMngr.vxd
2007-12-15 09:01 . 2007-01-31 09:58 266,240 --------- C:\WINDOWS\SBCDSL.exe
2007-12-11 21:17 . 2007-12-11 21:17 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-11 21:17 . 2007-12-11 21:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-07 05:07 --------- d-----w C:\Program Files\Apoint2K
2008-01-07 02:06 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-07 01:20 --------- d-----w C:\Program Files\iTunes
2008-01-06 18:04 --------- d-----w C:\Program Files\Windows Defender
2008-01-06 18:02 --------- d-----w C:\Program Files\QuickTime
2008-01-04 06:32 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-04 06:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-11 22:23 --------- d-----w C:\Program Files\MSN Encarta Plus
2007-12-11 20:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-11 16:45 --------- d-----w C:\Documents and Settings\shields 2\Application Data\OpenOffice.org2
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-04-12 17:06 0 ----a-w C:\Documents and Settings\shields 2\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"VoipCheapCom"="C:\Program Files\VoipCheapCom\VoipCheapCom.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [ ]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe" [ ]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 04:12 88209 C:\WINDOWS\AGRSMMSG.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2008-01-06 12:01 159744]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2008-01-06 12:01 132496]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwat cher.exe" [ ]
"pccguide.exe"="C:\Program Files\Trend Micro\Antivirus\pccguide.exe" [2008-01-06 12:01 950337]
"PCClient.exe"="C:\Program Files\Trend Micro\Antivirus\PCClient.exe" [ ]
"TM Outbreak Agent"="C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" [ ]
"\\gtw-xp\EPSON Stylus Photo RX600"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3 \E_S4I2M1.exe" [2008-01-06 12:01 99840]
"Auto EPSON Stylus Photo RX600 on gtw-xp"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_ S4I2M1.exe" [2008-01-06 12:01 99840]
"EPSON Stylus CX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_FATIACA.exe" [2008-01-06 12:01 98304]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2008-01-06 12:01 49152]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [ ]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [ ]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2008-01-06 12:01 217088]
"American Airlines DealFinder"="null" []
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [ ]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [ ]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [ ]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [ ]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.e xe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [ ]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\Motive SB.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2005-04-25 12:45 36040]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-04 00:32:26]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26]
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-12-18 22:19:17]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2 (0x2)
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2007-02-10 04:29]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 04:29]
S3 pxfhbus;PANTECH PC Card Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\pxfhbus.sys [2006-12-12 16:52]
S3 pxfhmdfl;PANTECH PC Card Filter;C:\WINDOWS\system32\DRIVERS\pxfhmdfl.sys [2006-12-12 16:52]
S3 pxfhmdm;PANTECH PC Card Drivers;C:\WINDOWS\system32\DRIVERS\pxfhmdm.sys [2006-12-12 16:52]
S3 pxfhserd;PANTECH PC Card Diagnostic Serial Port (WDM);C:\WINDOWS\system32\DRIVERS\pxfhserd.sys [2006-12-12 16:52]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{1a9397a0-5880-11db-b2ea-f62b0a914e57}]
\Shell\AutoRun\command - rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{52e82562-5882-11db-b2eb-0015003a068c}]
\Shell\AutoRun\command - rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6769ce17-d510-11da-b25e-0015003a068c}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6dea3b8c-75e2-11db-b321-0015003a068c}]
\Shell\AutoRun\command - rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{763f5324-f639-11da-b286-0015003a068c}]
\Shell\AutoRun\command - E:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e4cad606-b337-11dc-b503-0015003a068c}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL iexplore http://www.mgae.com/keylauncher/?code=3654332412722707
.
Contents of the 'Scheduled Tasks' folder
"2008-01-03 04:14:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-06 02:35:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2007-12-07 00:20:46 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
"2008-01-07 05:11:13 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-06 02:00:46 C:\WINDOWS\Tasks\wrSpySweeper_4AAA847C9CD54820819E 897E36B955BC.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe=/ScheduleSweep=wrSpySweeper_4AAA847C9CD54820819E897 E36B955BC
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- C:\
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 23:08:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\run]
"\\\\gtw-xp\\EPSON Stylus Photo RX600"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W 32X86\\3\\E_S4I2M1.EXE\" /P33 \"\\\\gtw-xp\\EPSON Stylus Photo RX600\" /O6 \"USB002\" /M \"Stylus Photo RX600\""
.
Completion time: 2008-01-06 23:13:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-07 05:13:11
.
2008-01-02 05:26:11 --- E O F ---

Hijack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:26 AM, on 1/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sprint\Pantech\Sprint PCS Connection Manager\PWIUtilityService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe" /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [\\gtw-xp\EPSON Stylus Photo RX600] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2 M1.EXE" /P3