Tech Support Forum - View Single Post

Le18 · 08-14-2008, 03:49 PM

alright i ran the combofix again and it completed this time and here is what you asked for

ComboFix 08-08-13.05 - Master Le 2008-08-14 17:22:15.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1213 [GMT -4:00]
Running from: C:\Users\Master Le\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\screensavers.com
C:\Users\Master Le\AppData\Local\Microsoft\Windows\Temporary Internet Files\ijjistarter_verinfo.dat
C:\Users\Master Le\AppData\Roaming\macromedia\Flash Player\#SharedObjects\3XE75NAX\interclick.com
C:\Users\Master Le\AppData\Roaming\macromedia\Flash Player\#SharedObjects\3XE75NAX\interclick.com\ud.sol
C:\Users\Master Le\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\Master Le\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Users\Master Le\AppData\Roaming\Microsoft\Windows\Cookies.\master_le@adultadworld[1].txt
C:\Users\Master Le\AppData\Roaming\Microsoft\Windows\Cookies.\master_le@indextools[2].txt
C:\Users\Master Le\AppData\Roaming\Microsoft\Windows\Cookies.\master_le@myspace[1].txt
C:\Users\Master Le\AppData\Roaming\Microsoft\Windows\Cookies.\master_le@myyearbook[1].txt
C:\Users\Master Le\AppData\Roaming\Microsoft\Windows\Cookies.\master_le@realmedia[1].txt
C:\Users\Master Le\AppData\Roaming\Microsoft\Windows\Cookies.\master_le@spyware-removal-guide[2].txt
C:\Users\Master Le\AppData\Roaming\Microsoft\Windows\Cookies.\master_le@www.pandasecurity[2].txt
C:\Windows\Downloaded Program Files\setup.inf
C:\Windows\system32\winio.vxd

.
((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))
.

2008-08-14 11:04 . 2008-08-14 11:07 <DIR> d-------- C:\Users\All Users\SITEguard
2008-08-14 11:04 . 2008-08-14 11:07 <DIR> d-------- C:\ProgramData\SITEguard
2008-08-14 11:03 . 2008-08-14 11:10 <DIR> d-------- C:\Users\All Users\STOPzilla!
2008-08-14 11:03 . 2008-08-14 11:10 <DIR> d-------- C:\ProgramData\STOPzilla!
2008-08-14 11:03 . 2008-08-14 11:03 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-08-11 20:25 . 2008-08-11 20:26 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-08-11 19:37 . 2008-08-11 19:37 <DIR> d-------- C:\Program Files\QS
2008-08-11 19:21 . 2008-08-11 19:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-11 18:37 . 2008-08-11 18:37 1,152 --a------ C:\Windows\System32\windrv.sys
2008-08-11 18:25 . 2008-08-11 18:36 <DIR> d-------- C:\Users\Master Le\AppData\Roaming\Download Manager
2008-08-11 18:25 . 2005-09-23 07:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-08-07 04:37 . 2008-08-07 04:37 <DIR> d-------- C:\Program Files\Speed Gear
2008-08-07 04:37 . 2008-08-08 18:31 67 --a------ C:\Windows\SpeedGear.INI
2008-08-04 10:44 . 2008-08-11 12:52 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-08-02 19:46 . 2008-08-02 19:46 <DIR> d-------- C:\Program Files\Sierra Online
2008-08-02 07:53 . 2008-08-02 07:53 <DIR> d-------- C:\Program Files\OptiNet
2008-07-31 22:21 . 2008-07-31 22:21 <DIR> d-------- C:\Deckard
2008-07-31 07:48 . 2008-03-07 22:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-31 07:48 . 2008-03-08 00:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-07-31 07:46 . 2008-04-23 00:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-07-31 07:46 . 2008-04-23 00:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-07-31 07:46 . 2008-04-23 00:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-07-31 07:46 . 2008-04-23 00:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-07-31 00:32 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-07-31 00:31 . 2008-07-31 00:31 <DIR> d-------- C:\Program Files\Panda Security
2008-07-30 22:20 . 2008-07-30 22:20 <DIR> d-------- C:\ijji
2008-07-30 22:19 . 2008-07-30 23:32 <DIR> d--h----- C:\Users\Master Le\AppData\Roaming\ijjigame
2008-07-26 00:30 . 2008-07-26 00:30 <DIR> d-------- C:\Users\Master Le\temp
2008-07-18 21:13 . 2008-07-25 00:37 <DIR> d-------- C:\Users\All Users\Yahoo!
2008-07-18 21:13 . 2008-07-25 00:37 <DIR> d-------- C:\ProgramData\Yahoo!
2008-07-16 00:50 . 2008-08-14 16:15 316,557,365 --a------ C:\Windows\MEMORY.DMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 21:27 348,428 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-08-14 21:27 25,892,640 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-08-14 20:16 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-08-14 20:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-11 23:03 --------- d---a-w C:\ProgramData\TEMP
2008-08-08 14:50 --------- d-----w C:\ProgramData\WildTangent
2008-08-07 17:20 --------- d-----w C:\Users\Master Le\AppData\Roaming\uTorrent
2008-08-06 17:21 96,976 ----a-w C:\Windows\system32\drivers\klin.dat
2008-08-02 23:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-31 18:20 --------- d-----w C:\ProgramData\each new axis love
2008-07-31 11:57 --------- d-----w C:\Program Files\Windows Mail
2008-07-30 22:19 --------- d-----w C:\Users\Master Le\AppData\Roaming\TeamViewer
2008-07-30 21:04 27,715 ----a-w C:\Users\Master Le\AppData\Roaming\nvModes.dat
2008-07-25 04:37 --------- d-----w C:\Users\Master Le\AppData\Roaming\Yahoo!
2008-07-24 09:55 87,855 ----a-w C:\Windows\system32\drivers\klick.dat
2008-07-24 05:28 --------- d-----w C:\Program Files\LimeWire
2008-07-20 10:52 --------- d-----w C:\Program Files\Rhapsody
2008-07-20 05:56 --------- d-----w C:\Program Files\Vongo
2008-07-19 01:12 --------- d-----w C:\Program Files\Yahoo!
2008-07-09 05:08 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-07-09 05:07 --------- d-----w C:\Program Files\DivX
2008-07-09 05:07 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-06-25 15:18 174 --sha-w C:\Program Files\desktop.ini
2008-06-25 15:01 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-25 15:01 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-25 15:01 --------- d-----w C:\Program Files\Windows Journal
2008-06-25 15:01 --------- d-----w C:\Program Files\Windows Defender
2008-06-25 15:01 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-25 15:01 --------- d-----w C:\Program Files\Windows Calendar
2008-06-22 11:52 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-06-19 05:38 --------- d-----w C:\Users\Master Le\AppData\Roaming\SUPERAntiSpyware.com
2008-06-19 05:38 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-19 05:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 03:44 --------- d-----w C:\Program Files\MSN Messenger
2008-06-15 03:37 --------- d-----w C:\ProgramData\WLInstaller
2008-01-07 01:35 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-07 01:35 32 ----a-w C:\ProgramData\ezsid.dat
2007-10-09 05:37 397,312 --sha-w C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16480_none_ef1b6bb652cf8744\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"32site"="C:\ProgramData\DUMBBOOKBOOK.hfued" [X]
"axis love poll lite"="C:\ProgramData\mapi heart ace.5svxqb" [X]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-19 16:28 171448]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-17 19:27 9117696]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 16:43 729088]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 02:05 1045800]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 10:37 174872]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 21:11 176128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 14:12 17920]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-15 00:38 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-15 00:38 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 13:50 4390912 C:\Windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-17 19:27 9117696]

C:\Users\Master Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2339531438-166551111-2034887889-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FD8CC398-C3F7-41BE-98A5-C6A62BB10958}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{13C9E86B-54AE-4A87-A2EF-44ED2B50EF5F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{220513BC-B2BE-4FA0-BAC9-60F5F7F74726}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{5A90CF99-4F43-41A7-BD63-833D156B1E88}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{95383F02-9BF8-4FFB-9917-671A202B8E80}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{CD4068D7-B5D6-4E40-BF0F-A5E33A97304B}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{94F144FD-51FF-47FC-9888-47B9EB6EBB2C}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D4E92348-BAF7-45C0-8F15-C60F4331067A}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F03EBEA6-16B0-45AC-BFB6-B06BA544D646}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{463360B5-9168-4A8C-99C2-D408F72A831A}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E765488D-9ED2-41D0-B75C-BA2891DE6579}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{4F907416-8D18-410E-9B55-C0A761CBA4AA}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{A48032D2-C7CB-4971-8FD4-B665D0826CD9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D54103D6-00BB-4CB1-9D76-542D3097F653}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D7188C76-240E-4127-9F4C-86FADE94EE0A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{607FBC2A-5F96-4378-8E9A-A06B40C8FB1D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{07F9FE6E-A56E-4DA7-A876-5028FC74BE5C}"= Disabled:UDP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{FDEB3E67-ED1B-482E-912B-D80EA04ECD81}"= TCP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"TCP Query User{49993D46-3BC6-49FC-9ECC-D6E538198FE0}C:\\program files\\sierra online\\freestyle street basketball(tm)\\freestyle.exe"= UDP:C:\program files\sierra online\freestyle street basketball(tm)\freestyle.exe:FreeStyle
"UDP Query User{01695722-C416-4ECB-9264-36332CBE5639}C:\\program files\\sierra online\\freestyle street basketball(tm)\\freestyle.exe"= TCP:C:\program files\sierra online\freestyle street basketball(tm)\freestyle.exe:FreeStyle
"{9B11F0D0-468A-4CD6-8C25-E75F0A0FA1D4}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B1F8CE63-83C5-42AF-B61E-051E2645C681}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{B7050A20-75FB-49F4-8D33-04046AF9E12D}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{4BF9D4D5-F3CB-4ABE-B0FC-C022DA7F237D}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"{EF3646A8-5E7F-4F5C-AFA3-B0000D963096}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A9B4D74B-5EB3-4995-9299-5DC56DDD6EAF}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{9A501247-9799-458F-9348-E343B91ECDE2}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{991E3513-38C6-4885-84B1-D6211023E9AB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{66E14813-EF68-4119-9BF4-4858BC919C1F}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C056D20E-7FC0-4CAC-965A-4EE6AC5F9522}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{584F02FE-90B1-4CF3-8E1B-7F3D9243376F}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{9CBEBEE7-AFC2-45BF-83E1-96ADA0E3AA32}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{60557793-FA9C-49E1-A394-4C80AAD27E30}C:\\users\\master le\\documents\\my received files\\stubinstaller.exe"= UDP:C:\users\master le\documents\my received files\stubinstaller.exe:stubinstaller.exe
"UDP Query User{373CE528-38C7-444D-A76D-2EED85DCD9C2}C:\\users\\master le\\documents\\my received files\\stubinstaller.exe"= TCP:C:\users\master le\documents\my received files\stubinstaller.exe:stubinstaller.exe
"{436FA3FE-1F13-4A5F-AA49-2A7139AB40D4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24]
R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2008-01-19 03:33]
R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2008-01-19 03:33]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-03-28 19:04]
S3 hcw85bda;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2006-12-01 18:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Contents of the 'Scheduled Tasks' folder

2008-08-14 C:\Windows\Tasks\AdwareAlert Scheduled Scan.job
- C:\Program Files\AdwareAlert\AdwareAlert.exe []

2008-08-14 C:\Windows\Tasks\AdwareAlert Scheduled Scan.job
- C:\Program Files\AdwareAlert []
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKCU-Run-HPAdvisor - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
HKCU-Run-AdwareAlert - C:\Program Files\AdwareAlert\AdwareAlert.exe
HKCU-Run-Somefox - C:\Users\Master Le\AppData\Local\Temp\setup86.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-SNM - C:\Program Files\SpyNoMore\SNM.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Master Le\AppData\Roaming\Mozilla\Firefox\Profiles\ee7isejv.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 17:31:20
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\Users\Master Le\AppData\Roaming\Microsoft\Windows\Cookies\master_le@skype[2].txt 116 bytes
C:\Users\Master Le\AppData\Roaming\Microsoft\Windows\Cookies\master_le@deim.opt.fimserve[2].txt 332 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\PSIService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2008-08-14 17:44:28 - machine was rebooted [Master Le]
ComboFix-quarantined-files.txt 2008-08-14 21:44:03

and here is the new hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:44 PM, on 8/14/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [32site] "C:\ProgramData\DUMBBOOKBOOK.hfued"
O4 - HKCU\..\Run: [axis love poll lite] "C:\ProgramData\mapi heart ace.5svxqb"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O20 - AppInit_DLLs: APSHook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10494 bytes

08-14-2008, 03:49 PM	#5 (permalink)
Le18 Registered User Join Date: Jul 2008 Posts: 32 OS: windows vista	Re: annoying adware popup antispyware 2009 alright i ran the combofix again and it completed this time and here is what you asked for ComboFix 08-08-13.05 - Master Le 2008-08-14 17:22:15.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1213 [GMT -4:00] Running from: C:\Users\Master Le\Downloads\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\screensavers.com C:\Users\Master Le\AppData\Local\Microsoft\Windows\Temporary Internet Files\ijjistarter_verinfo.dat C:\Users\Master Le\AppData\Roaming\macromedia\Flash Player\#SharedObjects\3XE75NAX\interclick.com C:\Users\Master Le\AppData\Roaming\macromedia\Flash Player\#SharedObjects\3XE75NAX\interclick.com\ud.sol C:\Users\Master Le\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Users\Master Le\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Users\Master Le\AppData\Roaming\Microsoft\Windows\Cookies.\master_le@adultadworld[1].txt C:\Users\Master Le\AppData\Roaming\Microsoft\Windows\Cookies.\master_le@indextools[2].txt C:\Users\Master Le\AppData\Roaming\Microsoft\Windows\Cookies.\master_le@myspace[1].txt C:\Users\Master Le\AppData\Roaming\Microsoft\Windows\Cookies.\master_le@myyearbook[1].txt C:\Users\Master Le\AppData\Roaming\Microsoft\Windows\Cookies.\master_le@realmedia[1].txt C:\Users\Master Le\AppData\Roaming\Microsoft\Windows\Cookies.\master_le@spyware-removal-guide[2].txt C:\Users\Master Le\AppData\Roaming\Microsoft\Windows\Cookies.\master_le@www.pandasecurity[2].txt C:\Windows\Downloaded Program Files\setup.inf C:\Windows\system32\winio.vxd . ((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 ))))))))))))))))))))))))))))))) . 2008-08-14 11:04 . 2008-08-14 11:07 <DIR> d-------- C:\Users\All Users\SITEguard 2008-08-14 11:04 . 2008-08-14 11:07 <DIR> d-------- C:\ProgramData\SITEguard 2008-08-14 11:03 . 2008-08-14 11:10 <DIR> d-------- C:\Users\All Users\STOPzilla! 2008-08-14 11:03 . 2008-08-14 11:10 <DIR> d-------- C:\ProgramData\STOPzilla! 2008-08-14 11:03 . 2008-08-14 11:03 <DIR> d-------- C:\Program Files\Common Files\iS3 2008-08-11 20:25 . 2008-08-11 20:26 <DIR> d-------- C:\Program Files\Windows Live Safety Center 2008-08-11 19:37 . 2008-08-11 19:37 <DIR> d-------- C:\Program Files\QS 2008-08-11 19:21 . 2008-08-11 19:21 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-11 18:37 . 2008-08-11 18:37 1,152 --a------ C:\Windows\System32\windrv.sys 2008-08-11 18:25 . 2008-08-11 18:36 <DIR> d-------- C:\Users\Master Le\AppData\Roaming\Download Manager 2008-08-11 18:25 . 2005-09-23 07:29 626,688 --a------ C:\Windows\System32\msvcr80.dll 2008-08-07 04:37 . 2008-08-07 04:37 <DIR> d-------- C:\Program Files\Speed Gear 2008-08-07 04:37 . 2008-08-08 18:31 67 --a------ C:\Windows\SpeedGear.INI 2008-08-04 10:44 . 2008-08-11 12:52 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-08-02 19:46 . 2008-08-02 19:46 <DIR> d-------- C:\Program Files\Sierra Online 2008-08-02 07:53 . 2008-08-02 07:53 <DIR> d-------- C:\Program Files\OptiNet 2008-07-31 22:21 . 2008-07-31 22:21 <DIR> d-------- C:\Deckard 2008-07-31 07:48 . 2008-03-07 22:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-07-31 07:48 . 2008-03-08 00:21 1,695,744 --a------ C:\Windows\System32\gameux.dll 2008-07-31 07:46 . 2008-04-23 00:42 428,544 --a------ C:\Windows\System32\EncDec.dll 2008-07-31 07:46 . 2008-04-23 00:42 293,376 --a------ C:\Windows\System32\psisdecd.dll 2008-07-31 07:46 . 2008-04-23 00:41 218,624 --a------ C:\Windows\System32\psisrndr.ax 2008-07-31 07:46 . 2008-04-23 00:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax 2008-07-31 00:32 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys 2008-07-31 00:31 . 2008-07-31 00:31 <DIR> d-------- C:\Program Files\Panda Security 2008-07-30 22:20 . 2008-07-30 22:20 <DIR> d-------- C:\ijji 2008-07-30 22:19 . 2008-07-30 23:32 <DIR> d--h----- C:\Users\Master Le\AppData\Roaming\ijjigame 2008-07-26 00:30 . 2008-07-26 00:30 <DIR> d-------- C:\Users\Master Le\temp 2008-07-18 21:13 . 2008-07-25 00:37 <DIR> d-------- C:\Users\All Users\Yahoo! 2008-07-18 21:13 . 2008-07-25 00:37 <DIR> d-------- C:\ProgramData\Yahoo! 2008-07-16 00:50 . 2008-08-14 16:15 316,557,365 --a------ C:\Windows\MEMORY.DMP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-14 21:27 348,428 --sha-w C:\Windows\system32\drivers\fidbox.idx 2008-08-14 21:27 25,892,640 --sha-w C:\Windows\system32\drivers\fidbox.dat 2008-08-14 20:16 --------- d-----w C:\ProgramData\Kaspersky Lab 2008-08-14 20:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-08-11 23:03 --------- d---a-w C:\ProgramData\TEMP 2008-08-08 14:50 --------- d-----w C:\ProgramData\WildTangent 2008-08-07 17:20 --------- d-----w C:\Users\Master Le\AppData\Roaming\uTorrent 2008-08-06 17:21 96,976 ----a-w C:\Windows\system32\drivers\klin.dat 2008-08-02 23:46 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-31 18:20 --------- d-----w C:\ProgramData\each new axis love 2008-07-31 11:57 --------- d-----w C:\Program Files\Windows Mail 2008-07-30 22:19 --------- d-----w C:\Users\Master Le\AppData\Roaming\TeamViewer 2008-07-30 21:04 27,715 ----a-w C:\Users\Master Le\AppData\Roaming\nvModes.dat 2008-07-25 04:37 --------- d-----w C:\Users\Master Le\AppData\Roaming\Yahoo! 2008-07-24 09:55 87,855 ----a-w C:\Windows\system32\drivers\klick.dat 2008-07-24 05:28 --------- d-----w C:\Program Files\LimeWire 2008-07-20 10:52 --------- d-----w C:\Program Files\Rhapsody 2008-07-20 05:56 --------- d-----w C:\Program Files\Vongo 2008-07-19 01:12 --------- d-----w C:\Program Files\Yahoo! 2008-07-09 05:08 --------- d-----w C:\ProgramData\Yahoo! Companion 2008-07-09 05:07 --------- d-----w C:\Program Files\DivX 2008-07-09 05:07 --------- d-----w C:\Program Files\Common Files\PX Storage Engine 2008-06-25 15:18 174 --sha-w C:\Program Files\desktop.ini 2008-06-25 15:01 --------- d-----w C:\Program Files\Windows Sidebar 2008-06-25 15:01 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-06-25 15:01 --------- d-----w C:\Program Files\Windows Journal 2008-06-25 15:01 --------- d-----w C:\Program Files\Windows Defender 2008-06-25 15:01 --------- d-----w C:\Program Files\Windows Collaboration 2008-06-25 15:01 --------- d-----w C:\Program Files\Windows Calendar 2008-06-22 11:52 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-06-19 05:38 --------- d-----w C:\Users\Master Le\AppData\Roaming\SUPERAntiSpyware.com 2008-06-19 05:38 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-06-19 05:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-15 03:44 --------- d-----w C:\Program Files\MSN Messenger 2008-06-15 03:37 --------- d-----w C:\ProgramData\WLInstaller 2008-01-07 01:35 32 ----a-w C:\Users\All Users\ezsid.dat 2008-01-07 01:35 32 ----a-w C:\ProgramData\ezsid.dat 2007-10-09 05:37 397,312 --sha-w C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16480_none_ef1b6bb652cf8744\WinMail.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "32site"="C:\ProgramData\DUMBBOOKBOOK.hfued" [X] "axis love poll lite"="C:\ProgramData\mapi heart ace.5svxqb" [X] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-19 16:28 171448] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-17 19:27 9117696] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 16:43 729088] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 02:05 1045800] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 10:37 174872] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 21:11 176128] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 14:12 17920] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-15 00:38 8429568] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-15 00:38 81920] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 13:50 4390912 C:\Windows\RtHDVCpl.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-17 19:27 9117696] C:\Users\Master Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=APSHook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2339531438-166551111-2034887889-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{FD8CC398-C3F7-41BE-98A5-C6A62BB10958}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{13C9E86B-54AE-4A87-A2EF-44ED2B50EF5F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{220513BC-B2BE-4FA0-BAC9-60F5F7F74726}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play "{5A90CF99-4F43-41A7-BD63-833D156B1E88}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{95383F02-9BF8-4FFB-9917-671A202B8E80}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{CD4068D7-B5D6-4E40-BF0F-A5E33A97304B}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{94F144FD-51FF-47FC-9888-47B9EB6EBB2C}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{D4E92348-BAF7-45C0-8F15-C60F4331067A}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{F03EBEA6-16B0-45AC-BFB6-B06BA544D646}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{463360B5-9168-4A8C-99C2-D408F72A831A}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{E765488D-9ED2-41D0-B75C-BA2891DE6579}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{4F907416-8D18-410E-9B55-C0A761CBA4AA}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{A48032D2-C7CB-4971-8FD4-B665D0826CD9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{D54103D6-00BB-4CB1-9D76-542D3097F653}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{D7188C76-240E-4127-9F4C-86FADE94EE0A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{607FBC2A-5F96-4378-8E9A-A06B40C8FB1D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{07F9FE6E-A56E-4DA7-A876-5028FC74BE5C}"= Disabled:UDP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM "{FDEB3E67-ED1B-482E-912B-D80EA04ECD81}"= TCP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM "TCP Query User{49993D46-3BC6-49FC-9ECC-D6E538198FE0}C:\\program files\\sierra online\\freestyle street basketball(tm)\\freestyle.exe"= UDP:C:\program files\sierra online\freestyle street basketball(tm)\freestyle.exe:FreeStyle "UDP Query User{01695722-C416-4ECB-9264-36332CBE5639}C:\\program files\\sierra online\\freestyle street basketball(tm)\\freestyle.exe"= TCP:C:\program files\sierra online\freestyle street basketball(tm)\freestyle.exe:FreeStyle "{9B11F0D0-468A-4CD6-8C25-E75F0A0FA1D4}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{B1F8CE63-83C5-42AF-B61E-051E2645C681}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "TCP Query User{B7050A20-75FB-49F4-8D33-04046AF9E12D}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes "UDP Query User{4BF9D4D5-F3CB-4ABE-B0FC-C022DA7F237D}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes "{EF3646A8-5E7F-4F5C-AFA3-B0000D963096}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{A9B4D74B-5EB3-4995-9299-5DC56DDD6EAF}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{9A501247-9799-458F-9348-E343B91ECDE2}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{991E3513-38C6-4885-84B1-D6211023E9AB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{66E14813-EF68-4119-9BF4-4858BC919C1F}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{C056D20E-7FC0-4CAC-965A-4EE6AC5F9522}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{584F02FE-90B1-4CF3-8E1B-7F3D9243376F}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{9CBEBEE7-AFC2-45BF-83E1-96ADA0E3AA32}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "TCP Query User{60557793-FA9C-49E1-A394-4C80AAD27E30}C:\\users\\master le\\documents\\my received files\\stubinstaller.exe"= UDP:C:\users\master le\documents\my received files\stubinstaller.exe:stubinstaller.exe "UDP Query User{373CE528-38C7-444D-A76D-2EED85DCD9C2}C:\\users\\master le\\documents\\my received files\\stubinstaller.exe"= TCP:C:\users\master le\documents\my received files\stubinstaller.exe:stubinstaller.exe "{436FA3FE-1F13-4A5F-AA49-2A7139AB40D4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "DoNotAllowExceptions"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe::Enabled:Earthlink R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24] R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2008-01-19 03:33] R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2008-01-19 03:33] S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-03-28 19:04] S3 hcw85bda;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2006-12-01 18:41] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel . Contents of the 'Scheduled Tasks' folder 2008-08-14 C:\Windows\Tasks\AdwareAlert Scheduled Scan.job - C:\Program Files\AdwareAlert\AdwareAlert.exe [] 2008-08-14 C:\Windows\Tasks\AdwareAlert Scheduled Scan.job - C:\Program Files\AdwareAlert [] . - - - - ORPHANS REMOVED - - - - Toolbar-SITEguard - (no file) WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file) HKCU-Run-HPAdvisor - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe HKCU-Run-AdwareAlert - C:\Program Files\AdwareAlert\AdwareAlert.exe HKCU-Run-Somefox - C:\Users\Master Le\AppData\Local\Temp\setup86.exe HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe HKLM-Run-SNM - C:\Program Files\SpyNoMore\SNM.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Users\Master Le\AppData\Roaming\Mozilla\Firefox\Profiles\ee7isejv.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= *********************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-14 17:31:20 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\Users\Master Le\AppData\Roaming\Microsoft\Windows\Cookies\master_le@skype[2].txt 116 bytes C:\Users\Master Le\AppData\Roaming\Microsoft\Windows\Cookies\master_le@deim.opt.fimserve[2].txt 332 bytes scan completed successfully hidden files: 2 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\System32\PSIService.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Windows\System32\rundll32.exe C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\servicing\TrustedInstaller.exe . ************************************************************************ . Completion time: 2008-08-14 17:44:28 - machine was rebooted [Master Le] ComboFix-quarantined-files.txt 2008-08-14 21:44:03 and here is the new hijackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:48:44 PM, on 8/14/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\rundll32.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Windows\Explorer.exe C:\Windows\system32\notepad.exe C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [32site] "C:\ProgramData\DUMBBOOKBOOK.hfued" O4 - HKCU\..\Run: [axis love poll lite] "C:\ProgramData\mapi heart ace.5svxqb" O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O20 - AppInit_DLLs: APSHook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 10494 bytes