Webuser Forums: Starware Toolbar removal HELP!

Bricat, thanks for the reply. Here are the two logs. Thanks for the help.

ComboFix 08-04-14.2 - jcb7901 2008-04-15 1:36:29.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1339 [GMT -5:00]
Running from: C:\Users\jcb7901\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-13 12:02 . 2008-04-13 12:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-09 12:00 . 2008-02-14 18:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-09 12:00 . 2008-02-19 00:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-09 12:00 . 2008-02-29 01:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-09 12:00 . 2008-02-29 01:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 12:00 . 2008-02-29 01:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-03-31 14:44 . 2008-03-31 14:45 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-03-29 03:47 . 2008-03-29 03:52 <DIR> d-------- C:\Users\jcb7901\AppData\Roaming\IObit
2008-03-29 03:19 . 2008-03-29 03:19 <DIR> d-------- C:\Windows\System32\AppData
2008-03-29 03:19 . 2006-03-14 14:00 544,833 --a------ C:\Windows\System32\wbocx.ocx
2008-03-29 03:19 . 2004-12-07 10:11 258,352 --a------ C:\Windows\System32\unicows.dll
2008-03-29 03:19 . 2002-03-01 17:58 50,688 --a------ C:\Windows\System32\wbhelp2.dll
2008-03-29 03:19 . 2002-03-01 17:58 28,160 --a------ C:\Windows\System32\anim.dll
2008-03-29 03:19 . 1999-11-22 15:50 4,608 --a------ C:\Windows\System32\W95INF32.DLL
2008-03-29 03:19 . 1999-11-22 15:50 2,272 --a------ C:\Windows\System32\W95INF16.DLL
2008-03-29 03:19 . 1999-12-02 12:42 439 --a------ C:\Windows\System32\shfolder.inf
2008-03-29 02:59 . 2008-03-29 02:59 <DIR> d-------- C:\Program Files\CCleaner
2008-03-26 18:36 . 2008-03-26 18:36 <DIR> d-------- C:\Program Files\SopCast
2008-03-22 04:53 . 2003-07-24 12:10 94,208 --a------ C:\Windows\System32\DNIN50.dll
2008-03-22 02:23 . 2005-09-05 11:21 362,944 --a------ C:\Windows\System32\drivers\WG11TND5.sys
2008-03-22 02:23 . 2005-07-27 21:15 149,392 --a------ C:\Windows\System32\drivers\ar5523.bin
2008-03-22 02:23 . 2003-07-24 12:10 17,149 --a------ C:\Windows\System32\DNINDIS5.sys
2008-03-22 02:23 . 2005-09-05 11:39 14,467 --a------ C:\Windows\System32\drivers\netwg11t.inf
2008-03-22 02:23 . 2005-10-28 00:21 8,267 --a------ C:\Windows\System32\drivers\netwg11t.cat
2008-03-22 02:19 . 2008-03-22 20:53 <DIR> d-------- C:\Program Files\NETGEAR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 00:04 --------- d-----w C:\Users\jcb7901\AppData\Roaming\uTorrent
2008-04-15 00:00 --------- d-----w C:\ProgramData\SiteAdvisor
2008-04-14 23:42 --------- d-----w C:\Users\jcb7901\AppData\Roaming\AVG7
2008-04-13 17:05 --------- d-----w C:\ProgramData\Spyware Terminator
2008-04-13 17:04 --------- d-----w C:\Program Files\Spyware Terminator
2008-04-13 16:38 --------- d-----w C:\Users\jcb7901\AppData\Roaming\Spyware Terminator
2008-04-13 13:00 --------- d-----w C:\ProgramData\avg7
2008-04-10 07:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 17:36 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 17:35 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-05 06:11 --------- d-----w C:\ProgramData\CyberLink
2008-03-29 08:47 --------- d-----w C:\Program Files\IObit
2008-03-28 03:28 83,960 ----a-w C:\Windows\system32\drivers\cmdguard.sys
2008-03-26 23:31 --------- d-----w C:\Users\jcb7901\AppData\Roaming\SiteAdvisor
2008-03-25 00:52 --------- d-----w C:\Program Files\Java
2008-03-19 06:26 --------- d-----w C:\Program Files\CONEXANT
2008-03-14 16:59 25,080 ----a-w C:\Windows\system32\drivers\cmdhlp.sys
2008-03-14 16:59 139,008 ----a-w C:\Windows\System32\guard32.dll
2008-03-13 15:41 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-03-12 10:16 27,525 ----a-w C:\Users\jcb7901\AppData\Roaming\nvModes.dat
2008-03-08 12:01 --------- d-----w C:\ProgramData\NVIDIA
2008-03-08 11:30 --------- d-----w C:\Users\jcb7901\AppData\Roaming\SystemRequirementsLab
2008-03-08 06:57 138,752 ----a-w C:\Windows\system32\drivers\sp_rsdrv2.sys
2008-03-04 07:34 2,125,312 ----a-w C:\Windows\System32\CnxtAp32.dll
2008-03-04 07:32 188,416 ----a-w C:\Windows\system32\drivers\CHDRT32.sys
2008-03-04 06:46 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2008-03-01 01:39 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-03-01 01:38 --------- d-----w C:\Users\jcb7901\AppData\Roaming\Yahoo!
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-26 23:05 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-22 22:24 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-21 22:37 --------- d-----w C:\ProgramData\Comodo
2008-02-21 22:16 --------- d-----w C:\Users\jcb7901\AppData\Roaming\Comodo
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-16 17:52 --------- d-----w C:\Program Files\MARS
2008-02-13 14:45 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-13 09:09 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 09:04 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 09:04 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 09:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 09:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 09:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 09:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 09:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 09:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 09:03 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-13 09:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 09:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 09:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-09 10:20 691,545 ----a-w C:\Windows\unins000.exe
2008-02-08 12:13 699,312 ----a-w C:\Users\jcb7901\AppData\Roaming\MoveMediaPlayer_win_mozilla_07076007.exe
2008-01-25 07:55 229,376 ----a-w C:\Windows\System32\UCI32A27.dll
2007-11-26 05:34 174 --sha-w C:\Program Files\desktop.ini
2007-11-26 05:21 397,312 --sha-w C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16480_none_ef1b6bb652cf8744\WinMail.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-15_ 1.18.39.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-15 05:36:51 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-15 06:27:35 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-15 05:36:52 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-04-15 06:27:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-04-15 05:36:52 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-04-15 06:27:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-04-15 05:51:57 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-15 06:28:56 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-04-15 05:39:19 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-04-15 06:30:01 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-04-15 06:13:24 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-15 06:36:33 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-04-15 05:39:14 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-04-15 06:29:34 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-04-15 05:39:33 9,670 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3192052582-1136718680-667672122-1000_UserData.bin
+ 2008-04-15 06:30:18 9,686 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3192052582-1136718680-667672122-1000_UserData.bin
- 2008-04-15 05:39:33 63,116 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-15 06:30:18 63,202 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-15 05:39:32 48,688 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-15 06:30:16 48,862 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 10:09 579072]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [2008-03-14 11:58 1503488]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-08 01:57 2957824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-08 15:17 219136]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111T\wlan111t.exe [2008-03-22 04:53:01 884840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-12-08 15:17 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\Windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2008-03-08 01:57 2957824 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-08-04 04:57 1006264 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DDB79537-BE1B-49D8-9E35-865252F6818E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{62DAD364-9054-4450-8B64-1E97F59A49D1}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5BC58A37-88F1-48D7-8BE5-98236F326965}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{977244DC-0C6F-4602-9E5D-F53F4137696A}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{6B76B961-7BC3-47C4-B12A-42CF381A1E0A}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{05F6F3EF-B25C-4001-8372-FE26E6D1B328}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{097692B9-4521-4D1A-9F3E-8E0F924DCDB0}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F238082B-3978-480D-B122-CF2A1C1231A2}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C45F953C-C973-4D47-9B6F-8E3786D5C7A2}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{87A0D74F-F719-4D0B-9A9D-EDC91DA7E7E8}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{0A7BF647-28C1-40F7-A734-AA7A8036AF42}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{2241A8C6-D15F-4FCF-8AF3-2F007E0CAF66}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{CAE06B97-1D08-4771-9D5A-DAF84E7FB1D3}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{74D70A55-8078-4862-9C5E-D971B7C36842}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{BBE28129-FE48-498F-9F78-DF3815A4EEA7}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{C5CDABC3-5CD4-4083-AC53-9D21375997C5}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{71E391F3-BEDA-4530-A703-11C93CAEB786}"= Disabled:UDP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{9FD1C520-5D6F-4EAC-AECC-9189D4E4A094}"= Disabled:TCP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{84EE0482-0174-4ED5-A0ED-FC11AAC60549}"= Disabled:UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{DD8D9F94-31FE-4E09-8F18-EE2548A5B667}"= Disabled:TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"TCP Query User{9985E346-F263-45E2-A9AC-8E596A9374CB}C:\\program files\\hp\\hp software update\\hpwucli.exe"= UDP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"UDP Query User{70BAD344-2E07-42A4-B7C0-3473842FD72E}C:\\program files\\hp\\hp software update\\hpwucli.exe"= TCP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"TCP Query User{4ECDE898-BE82-4562-BBD5-1D3BE3E73A0E}C:\\users\\jcb7901\\desktop\\utorrent-1.8-alpha-7676.upx.exe"= UDP:C:\users\jcb7901\desktop\utorrent-1.8-alpha-7676.upx.exe:utorrent-1.8-alpha-7676.upx.exe
"UDP Query User{72591546-B8A3-4EC2-BF6A-E6944C38BD96}C:\\users\\jcb7901\\desktop\\utorrent-1.8-alpha-7676.upx.exe"= TCP:C:\users\jcb7901\desktop\utorrent-1.8-alpha-7676.upx.exe:utorrent-1.8-alpha-7676.upx.exe
"TCP Query User{9EC37DC1-C042-4318-8083-52EE58F014A3}C:\\users\\jcb7901\\desktop\\utorrent.exe"= UDP:C:\users\jcb7901\desktop\utorrent.exe:utorrent.exe
"UDP Query User{D97F92BF-0EC0-4824-B547-96FE32415808}C:\\users\\jcb7901\\desktop\\utorrent.exe"= TCP:C:\users\jcb7901\desktop\utorrent.exe:utorrent.exe
"TCP Query User{8BF878E6-3A32-4FB9-B32C-A635C0B53FF9}C:\\users\\jcb7901\\desktop\\utorrent.exe"= UDP:C:\users\jcb7901\desktop\utorrent.exe:utorrent.exe
"UDP Query User{64EF93CA-8B06-4039-8ED6-9331BB52828B}C:\\users\\jcb7901\\desktop\\utorrent.exe"= TCP:C:\users\jcb7901\desktop\utorrent.exe:utorrent.exe
"TCP Query User{AE00B09C-AAB2-473B-B3D3-9434C4486014}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{BE89FB14-730E-41E4-A104-9428D6E76D72}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{315E47E0-5E37-4B07-A9D7-BC1890E9A45B}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{872D5F49-0214-42B4-AF58-271668ED8034}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{A0F12861-6159-4B54-9C32-D9F2727BC9A6}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{2E1BA956-8C48-4EBF-9DC5-EB835AE1A894}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{3FCBFB83-31B6-4A8C-AE80-01DCB3F7782B}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{6C3ECFE1-2067-4505-A914-4FD4ACCE3F85}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{D6D0D0C1-B9CC-4630-8ACD-A3B40ADBF840}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{E776F083-A1C7-410B-A29F-1EF694774761}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{467FB73E-F31F-4669-977F-A358F6CF3DD7}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{EC6BE9C9-3268-465E-B9CA-C783EA647310}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-03-27 22:28]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-03-14 11:59]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-03-08 01:57]
R2 AwcService;Advanced WindowsCare Boost Service;C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe [2008-02-18 21:01]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 07:27]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-13 10:41]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 02:32]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 18:50]
S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\Windows\system32\DRIVERS\WG11TND5.sys [2005-09-05 11:21]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-13 00:50]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;C:\Windows\system32\DRIVERS\mr97310v.sys [2006-03-07 18:43]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-04-15 06:35:00 C:\Windows\Tasks\AWC AutoSweep.job"
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AutoSweep.exe
"2008-04-15 01:07:30 C:\Windows\Tasks\AWC Update.job"
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\IObitUpdate.ex
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\
"2008-04-15 06:40:00 C:\Windows\Tasks\User_Feed_Synchronization-{7A2E0656-BAA0-4DC9-B3C9-CA0403D84055}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 01:38:54
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-15 1:40:07
ComboFix-quarantined-files.txt 2008-04-15 06:40:03
ComboFix2.txt 2008-04-15 06:19:11

Pre-Run: 124,283,572,224 bytes free
Post-Run: 124,258,254,848 bytes free
.
2008-04-12 06:05:26 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:57 AM, on 4/15/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T\wlan111t.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Advanced WindowsCare Boost Service (AwcService) - IObit - C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6975 bytes

Post Extras