0

ComboFix 09-02-14.01 - Rosedale 2009-02-15 15:15:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.2607 [GMT -5:00]
Running from: c:\documents and settings\Rosedale\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.

2009-02-14 16:11 . 2009-02-14 16:11 <DIR> d-------- c:\program files\Java
2009-02-14 16:11 . 2009-02-14 16:11 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-14 16:11 . 2009-02-14 16:11 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-14 12:53 . 2009-02-14 12:53 <DIR> d-------- c:\program files\Panda Security
2009-02-12 15:44 . 2009-02-12 15:44 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-12 15:44 . 2009-02-12 15:44 <DIR> d-------- c:\documents and settings\Rosedale\Application Data\SUPERAntiSpyware.com
2009-02-12 15:44 . 2009-02-12 15:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-12 15:43 . 2009-02-12 15:43 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-10 16:07 . 2009-02-11 16:28 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-02-10 15:50 . 2009-02-10 15:50 <DIR> d-------- c:\documents and settings\Rosedale\Application Data\Template
2009-02-10 15:50 . 2009-02-15 15:04 1,876 --a------ c:\documents and settings\Rosedale\Application Data\wklnhst.dat
2009-02-06 15:03 . 2009-02-13 15:10 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-06 15:03 . 2009-02-06 15:03 <DIR> d-------- c:\documents and settings\Rosedale\Application Data\Malwarebytes
2009-02-06 15:03 . 2009-02-06 15:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-06 15:03 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-06 15:03 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-05 16:28 . 2009-02-05 16:39 <DIR> d-------- c:\documents and settings\Rosedale\.housecall6.6
2009-02-05 16:27 . 2009-02-05 16:27 <DIR> d-------- c:\windows\Sun
2009-02-05 16:11 . 2009-02-05 16:11 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-05 15:56 . 2009-02-05 15:57 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-05 15:56 . 2009-02-05 16:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-01 08:42 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-01 08:42 . 2008-10-03 05:02 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll
2009-02-01 08:41 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-02-01 08:39 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2009-02-01 08:39 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2009-02-01 08:39 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2009-02-01 08:39 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-02-01 08:39 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2009-02-01 08:38 . 2009-02-01 08:38 <DIR> d---s---- c:\documents and settings\Rosedale\UserData
2009-02-01 08:29 . 2009-02-01 08:29 <DIR> d-------- c:\program files\InterLiesMath
2009-02-01 08:29 . 2009-02-01 08:29 <DIR> d-------- c:\documents and settings\Rosedale\Application Data\InterLiesMath
2009-02-01 08:29 . 2009-02-01 08:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Eq Anti Fork Live
2009-02-01 08:27 . 2009-02-15 13:16 <DIR> d-------- c:\program files\Hardwood Solitaire III
2009-01-31 15:58 . 2009-01-31 15:58 <DIR> d-------- c:\program files\Canon
2009-01-31 15:58 . 2009-01-31 15:58 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonBJ
2009-01-31 15:58 . 2005-05-07 00:00 140,288 --a------ c:\windows\system32\CNMLM7B.DLL
2009-01-31 15:58 . 2005-03-08 13:17 90,112 -ra------ c:\windows\system32\CNMCP7B.exe
2009-01-31 15:58 . 2005-05-07 00:00 8,704 --a------ c:\windows\system32\CNMVS7B.DLL
2009-01-31 15:54 . 2009-01-31 15:56 <DIR> d-------- c:\program files\Solitaire 1000
2009-01-31 15:53 . 2009-01-31 15:53 <DIR> d-------- c:\program files\Managed DirectX (0900)
2009-01-31 15:51 . 2009-01-31 15:51 <DIR> d-------- c:\program files\MumboJumbo
2009-01-31 15:51 . 2009-01-31 15:51 <DIR> d-------- c:\documents and settings\Rosedale\Application Data\Magic Match
2009-01-31 09:46 . 2008-04-14 00:15 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-01-31 09:46 . 2008-04-14 00:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-01-31 09:46 . 2008-04-14 00:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-01-31 09:43 . 2009-02-14 15:39 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-31 09:43 . 2009-01-31 09:43 <DIR> d-------- c:\program files\AVG
2009-01-31 09:43 . 2009-01-31 09:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-01-31 09:43 . 2009-01-31 09:43 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-31 09:43 . 2009-01-31 09:43 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-01-31 09:43 . 2009-01-31 09:43 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-31 09:36 . 2009-01-31 09:36 0 --a------ c:\windows\nsreg.dat
2009-01-31 09:16 . 2009-01-31 09:16 <DIR> d-------- c:\documents and settings\Rosedale\Application Data\CyberLink
2009-01-31 09:16 . 2008-04-14 07:00 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-31 09:15 . 2009-01-22 23:53 <DIR> d-------- c:\documents and settings\Rosedale\Application Data\InstallShield
2009-01-31 09:15 . 2009-02-14 15:37 <DIR> d-------- c:\documents and settings\Rosedale
2009-01-31 09:13 . 2009-01-31 09:13 8,192 --a------ c:\windows\REGLOCS.OLD
2009-01-23 05:46 . 2009-01-23 05:46 <DIR> d-------- c:\windows\system32\Lang
2009-01-23 05:46 . 2009-01-23 05:46 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-01-23 05:46 . 2007-07-16 21:45 400,152 --a------ c:\windows\system32\igxpun.exe
2009-01-23 05:46 . 2007-07-16 21:45 319,456 --a------ c:\windows\system32\difxapi.dll
2009-01-23 05:46 . 2007-07-16 21:45 121,232 --a------ c:\windows\system32\IScrNBR.bmp
2009-01-23 05:46 . 2007-07-16 21:45 121,232 --a------ c:\windows\system32\IScrNB.bmp
2009-01-23 05:45 . 2009-01-23 05:45 <DIR> d-------- c:\program files\CONEXANT
2009-01-23 01:41 . 2009-01-23 01:41 5,244 -rah----- C:\dell.sdr
2009-01-23 01:39 . 2009-01-31 09:27 <DIR> d-------- C:\DELL
2009-01-23 01:39 . 2007-08-09 15:05 2,986,038 --a------ c:\windows\dell.bmp
2009-01-23 01:39 . 2004-05-27 11:23 787,356 --a------ c:\windows\system32\OEMBKGN1.BMP
2009-01-23 01:39 . 2004-05-27 11:23 96,310 --a------ c:\windows\system32\DELLWALL.BMP
2009-01-23 01:39 . 2009-01-23 01:39 5,244 --a------ c:\windows\system32\drivers\1028_Dell_INS_530.mrk
2009-01-23 01:39 . 2004-05-27 11:23 5,134 --a------ c:\windows\system32\OEMLOGO.BMP
2009-01-23 01:39 . 2009-01-23 01:39 1,154 --a------ c:\windows\system32\OEMINFO.INI
2009-01-22 23:58 . 2009-01-22 23:58 333 --a------ c:\windows\system32\$ncsp$.inf
2009-01-22 23:58 . 2009-01-22 23:58 61 --a------ c:\windows\smscfg.ini
2009-01-22 23:57 . 2009-01-22 23:57 <DIR> d-------- c:\program files\Dell Support Center
2009-01-22 23:57 . 2009-01-22 23:57 <DIR> d-------- c:\program files\Common Files\supportsoft
2009-01-22 23:57 . 2009-01-22 23:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\SupportSoft
2009-01-22 23:57 . 2009-01-22 23:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\PCDr
2009-01-22 23:57 . 2009-01-22 23:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC-Doctor
2009-01-22 23:56 . 2009-01-22 23:56 <DIR> d-------- c:\program files\CyberLink
2009-01-22 23:56 . 2009-01-22 23:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Dell
2009-01-22 23:56 . 2008-02-26 11:57 1,060,864 --a------ c:\windows\system32\MFC71.dll
2009-01-22 23:56 . 2008-02-26 11:57 1,047,552 --a------ c:\windows\system32\MFC71u.dll
2009-01-22 23:56 . 2008-02-26 11:57 499,712 --a------ c:\windows\system32\msvcp71.dll
2009-01-22 23:56 . 2008-02-26 11:57 348,160 --a------ c:\windows\system32\msvcr71.dll
2009-01-22 23:56 . 2008-02-26 11:57 89,088 --a------ c:\windows\system32\atl71.dll
2009-01-22 23:54 . 2009-01-22 23:54 <DIR> d-------- c:\program files\Roxio
2009-01-22 23:54 . 2009-01-22 23:54 <DIR> d-------- c:\program files\Microsoft Works
2009-01-22 23:54 . 2009-01-22 23:54 <DIR> d-------- c:\program files\Common Files\SureThing Shared
2009-01-22 23:54 . 2009-01-22 23:54 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2009-01-22 23:54 . 2009-01-22 23:54 <DIR> d-------- c:\program files\Common Files\Roxio Shared
2009-01-22 23:54 . 2009-01-22 23:56 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-01-22 23:54 . 2009-01-22 23:54 <DIR> d-------- c:\program files\Citrix
2009-01-22 23:54 . 2009-01-22 23:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Uninstall
2009-01-22 23:54 . 2009-01-22 23:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic
2009-01-22 23:54 . 2009-01-22 23:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2009-01-22 23:53 . 2009-01-22 23:53 <DIR> d-------- c:\program files\NetWaiting
2009-01-22 23:53 . 2009-01-22 23:53 <DIR> d-------- c:\program files\Modem Diagnostic Tool
2009-01-22 23:53 . 2009-01-22 23:53 <DIR> d-------- c:\program files\Intel
2009-01-22 23:53 . 2009-01-22 23:56 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-01-22 23:53 . 2009-01-22 23:53 <DIR> d-------- c:\program files\Digital Line Detect
2009-01-22 23:53 . 2009-01-22 23:53 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InstallShield
2009-01-22 23:50 . 2009-02-13 16:22 <DIR> d--h----- c:\windows\$hf_mig$
2009-01-22 23:48 . 2009-01-22 23:48 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2009-01-22 23:48 . 2009-01-22 23:48 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2009-01-22 23:47 . 2007-07-16 21:45 172,032 --a------ c:\windows\system32\igfxres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"download draw"="c:\docume~1\Rosedale\APPLIC~1\INTERL~1\Surftrust.exe" [2009-02-01 692224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-16 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-16 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-16 138008]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-31 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-14 148888]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-16 c:\windows\RTHDCPL.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-01-22 50688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-01-22 23:54 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-31 09:43 10520 c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-31 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-31 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-31 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-31 298264]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HTTPFILTER
.
Contents of the 'Scheduled Tasks' folder

2009-02-15 c:\windows\Tasks\A650FF82919772DE.job
- c:\docume~1\rosedale\applic~1\interl~1\32 defy vga.exe [2009-02-01 08:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yaoo.com/
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
FF - ProfilePath - c:\documents and settings\Rosedale\Application Data\Mozilla\Firefox\Profiles\g3atcnie.default\
FF - prefs.js: browser.search.selectedEngine - FireSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 15:16:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-02-15 15:16:41
ComboFix-quarantined-files.txt 2009-02-15 20:16:39

Pre-Run: 488,539,226,112 bytes free
Post-Run: 488,558,804,992 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

209 --- E O F --- 2009-02-15 00:52:12

0

Go into the Scheduled Tasks folder and remove this entry:
c:\docume~1\rosedale\applic~1\interl~1\32 defy vga.exe

0

Go into the Scheduled Tasks folder and remove this entry:
c:\docume~1\rosedale\applic~1\interl~1\32 defy vga.exe

I found and removed the entry as directed..:)

0

I just noticed a CID help log within the add/remove programs in the control panel. There is no file size like most programs have along side it but it is there. the CID is the pop up that is coming up. Should I remove this???

0

Just some additional and updated information
Ran MBA-A...nothing found

new HJT log: as of 2/17/2008 4:30PM EST
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:31:04 PM, on 2/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Rosedale\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yaoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [download draw] C:\DOCUME~1\Rosedale\APPLIC~1\INTERL~1\Surftrust.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233495519359
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 5396 bytes

I found this in AVG scan details. Did not know it was there.

"C:\Documents and Settings\Rosedale\Local Settings\Temp\WinZix.zip";"Potentially harmful program Fake_AntiSpyware.AWN";"Moved to Virus Vault"
"C:\Documents and Settings\Rosedale\Local Settings\Temp\WinZix.zip:\winzix.exe";"Potentially harmful program Fake_AntiSpyware.AWN";"Moved to Virus Vault"
"C:\Documents and Settings\Rosedale\Local Settings\Temp\WinZix.zip:\WinZixManager.dll";"Adware Toolbar.Z";"Moved to Virus Vault"
"C:\Documents and Settings\Rosedale\Local Settings\Temporary Internet Files\Content.IE5\0JAXMH8Z\wz[1].zip";"Potentially harmful program Fake_AntiSpyware.AWN";"Moved to Virus Vault"
"C:\Documents and Settings\Rosedale\Local Settings\Temporary Internet Files\Content.IE5\0JAXMH8Z\wz[1].zip:\winzix.exe";"Potentially harmful program Fake_AntiSpyware.AWN";"Moved to Virus Vault"
"C:\Documents and Settings\Rosedale\Local Settings\Temporary Internet Files\Content.IE5\0JAXMH8Z\wz[1].zip:\WinZixManager.dll";"Adware Toolbar.Z";"Moved to Virus Vault"

I will do nothing else without proper direction.......:)

Thanks for your help,

JIM

0

I just noticed a CID help log within the add/remove programs in the control panel. There is no file size like most programs have along side it but it is there. the CID is the pop up that is coming up. Should I remove this???

Yes. Try that and see if it helps.

0

J,
removed CID helper from add/remove programs. Since this no other pop ups have happened. Hopefully, that is the end of it.

Thanks for your help...:)

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.