Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extremely Infected With 180searchassistant, Seekmo, Zango, Etc


  • This topic is locked This topic is locked
11 replies to this topic

#1 kteis23

kteis23

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 18 March 2008 - 05:51 PM

I've seen this/these infections mentioned several times lately, but nothing I do makes it go away. This is my last-ditch effort before running a system restore (which probably would have taken less time). As you may have already heard from others with this virus, it disabled my task manager. It repeatedly gives me "security alert" windows in my taskbar telling me that my computer is working slow and I need to download spyware. Two different, intrusive pop-up windows (one blue border, one red border) cycle up about once a minute telling me to buy spyware. Who knows what else this bug will do.

OK, I've run AdAware 3 times, Spybot twice, McAfee virus scan twice, Housecall AntiVirus twice, and BitDefender. I know exactly where these bugs are -- C:\program files\180search assistant, et al. I know exactly where, in the registry, my task manager is disabled. I delete that entry. It comes right back. In my program files I have the following viral folders: 180search assistant, 180searchassistant, 180solutions, seekmo, stc, sysmnt and zango. I delete them. They immediately come back. Same for every spyware/anti-virus program I run. There is no point in re-running these programs. This stuff just comes right back.

Here is my HijackThis log. I appreciate, in advance, you guys helping me out with this!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:30 PM, on 3/18/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\mgmrwmrv.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kim\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32

\userinit.exe,C:\Windows\system32\mgmrwmrv.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F}

- C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}

- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -

c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-

CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736

\swg.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows

Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch

Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-

Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP

Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless

Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05

\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Program

Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32

\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32

\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32

\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch

Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft

Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe

/autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common

Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows

Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe

oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows

Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google

Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program

Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49}

- C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-

5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -

C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -

{85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) -

file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -

file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload)

- http://www.auctiva.com/hostedimages/active...oad/XUpload.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program

Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) -

Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner -

C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1

\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. -

C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program

Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. -

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel

32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service

(LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common

Files\LightScribe\LSSrvc.exe
O23 - Service: MaxBackServiceInt - Seagate - C:\Program Files\Maxtor\Maxtor

Backup\MaxBackServiceInt.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC

- C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program

Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. -

C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1

\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1

\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1

\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. -

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1

\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. -

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1

\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc.

- C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1

\McAfee\MPS\mps.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common

Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer

Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools -

C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools -

C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program

Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32

\DRIVERS\xaudio.exe

--
End of file - 13549 bytes

BC AdBot (Login to Remove)

 


#2 kteis23

kteis23
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 19 March 2008 - 10:03 PM

P.S. It's now gotten rid of my desktop background (replaced it with solid blue) and it won't let me put a picture back onto my desktop. I right-clicked several pictures and selected "set as desktop background" and nothing happened.

#3 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 07 April 2008 - 02:47 PM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
As you can probably see our HijackThis Team is incredibly busy at the moment, but I apologise for the delay you have experienced. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:
Preparation Guide For Use Before Posting A HijackThis Log
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#4 kteis23

kteis23
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 25 April 2008 - 05:40 PM

Hi Charles,

Now it looks like *I'm* the one taking forever to respond LOL!

McAfee, Spybot and Adware seem to have cleared up most of the major virus issues, but I still have a few buggy things lingering around (most notably, issues with changing my desktop background).

I've followed all the steps and here is my new log. Thanks so much.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:51 PM, on 4/25/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Users\Kim\Downloads\HiJackThis.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\program files\hewlett-packard\sdp\ceement\hpcee.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32

\userinit.exe,C:\Windows\system32\mgmrwmrv.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F}

- C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}

- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -

c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-

CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736

\swg.dll
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows

Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch

Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-

Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP

Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless

Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05

\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Program

Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32

\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32

\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32

\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch

Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft

Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe"

-atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe

/autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common

Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows

Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe

oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows

Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4

\program\quickstart.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google

Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program

Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49}

- C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-

5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -

C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -

{85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) -

file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -

file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload)

- http://www.auctiva.com/hostedimages/active...oad/XUpload.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program

Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) -

Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner -

C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1

\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. -

C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program

Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. -

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel

32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service

(LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common

Files\LightScribe\LSSrvc.exe
O23 - Service: MaxBackServiceInt - Seagate - C:\Program Files\Maxtor\Maxtor

Backup\MaxBackServiceInt.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC

- C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program

Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. -

C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1

\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1

\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1

\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. -

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1

\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. -

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1

\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc.

- C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1

\McAfee\MPS\mps.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common

Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer

Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools -

C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools -

C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program

Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32

\DRIVERS\xaudio.exe

--
End of file - 13054 bytes

#5 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 28 April 2008 - 03:24 AM

The current formatting of your log makes it difficult to read, so open up Notepad.
On top, click Format then uncheck "Word Wrap".
Please post me a new HijackThis log now this option has been turned off.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#6 kteis23

kteis23
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 28 April 2008 - 10:30 PM

Hi Rookie,

Sorry about that. I hope this is better. :thumbsup:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:51 PM, on 4/25/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Users\Kim\Downloads\HiJackThis.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\program files\hewlett-packard\sdp\ceement\hpcee.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\mgmrwmrv.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com/hostedimages/active...oad/XUpload.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MaxBackServiceInt - Seagate - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13054 bytes

#7 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 30 April 2008 - 11:49 AM

Hello again kteis23,
Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O13 - Gopher Prefix:


Then close all other windows - you should only see HijackThis on your Desktop - and click the Fix checked button.

Then download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.

Post that in your next reply with a fresh HijackThis log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#8 kteis23

kteis23
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 06 May 2008 - 10:58 PM

Hi Charles,

Thanks so much for your assistance. Here are my new logs. Please let me know what the next step is!

Thanks,
Kim

*****************************************************************************************************************************

ComboFix 08-05-01.3 - Kim 2008-05-06 23:14:06.2 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.225 [GMT -4:00]
Running from: C:UsersKimDesktopSpyware appsComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:Windows123messenger.per
C:Windows180ax.exe
C:Windowsapphelp32.dll
C:Windowsasferror32.dll
C:Windowsasycfilt32.dll
C:Windowsathprxy32.dll
C:Windowsati2dvaa32.dll
C:Windowsati2dvag32.dll
C:Windowsaudiosrv32.dll
C:Windowsautodisc32.dll
C:Windowsavifile32.dll
C:Windowsavisynthex32.dll
C:Windowsaviwrap32.dll
C:Windowsbjam.dll
C:Windowsbokja.exe
C:Windowsbrowserad.dll
C:Windowscdsm32.dll
C:Windowschangeurl_30.dll
C:Windowslicencia.txt
C:Windowsmsa64chk.dll
C:Windowsmsapasrc.dll
C:Windowsmspphe.dll
C:Windowsmssvr.exe
C:Windowsntnut.exe
C:Windowssaiemod.dll
C:Windowssalm.exe
C:Windowsshdocpe.dll
C:Windowsshdocpl.dll
C:Windowsswin32.dll
C:Windowssystem32msixu.dll
C:Windowssystem32MSNSA32.dll
C:Windowssystem32ntnut32.exe
C:Windowssystem32shdocpe.dll
C:Windowssystem32SIPSPI32.dll
C:Windowssystem32wer8274.dll
C:Windowssystem32winfrun32.bin
C:Windowstelefonos.txt
C:WindowsTEMPsalm.exe
C:Windowstextos.txt
C:Windowsvoiceip.dll
C:Windowswinsb.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 )))))))))))))))))))))))))))))))
.

2008-05-06 23:14 . 2008-05-06 23:14 6,736 --a------ C:WindowsSystem32driversPROCEXP90.SYS
2008-04-20 11:48 . 2008-04-20 11:48 <DIR> d-------- C:Program FilesApple Software Update
2008-04-12 18:10 . 2008-05-03 12:01 54,156 --ah----- C:WindowsQTFont.qfn
2008-04-12 18:10 . 2008-04-12 18:10 1,409 --a------ C:WindowsQTFont.for
2008-04-12 18:09 . 2008-04-12 18:10 <DIR> d-------- C:Program FilesiTunes
2008-04-12 18:09 . 2008-04-12 18:09 <DIR> d-------- C:Program FilesiPod
2008-04-12 18:06 . 2008-04-12 18:07 <DIR> d-------- C:Program FilesQuickTime
2008-04-08 18:28 . 2008-02-14 19:19 944,184 --a------ C:WindowsSystem32winload.exe
2008-04-08 18:28 . 2008-02-19 01:10 620,088 --a------ C:WindowsSystem32ci.dll
2008-04-08 18:28 . 2008-02-29 02:39 371,712 --a------ C:WindowsSystem32srcore.dll
2008-04-08 18:28 . 2008-02-29 02:38 313,856 --a------ C:WindowsSystem32rstrui.exe
2008-04-08 18:28 . 2008-02-29 02:39 40,960 --a------ C:WindowsSystem32srclient.dll
2008-04-08 18:28 . 2008-02-29 02:51 19,000 --a------ C:WindowsSystem32kd1394.dll
2008-04-08 18:28 . 2008-02-29 02:38 16,384 --a------ C:WindowsSystem32srdelayed.exe
2008-04-08 18:28 . 2008-02-29 02:34 7,168 --a------ C:WindowsSystem32f3ahvoas.dll
2008-04-08 18:28 . 2008-02-29 02:35 6,656 --a------ C:WindowsSystem32kbd106n.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 14:32 --------- d-----w C:Documents and SettingsReleaseEngineer.MACROVISIONApplication DataAzureus
2008-05-03 15:52 --------- d-----w C:Program FilesAIMTunes
2008-05-02 03:48 --------- d-----w C:Program FilesAzureus
2008-05-02 02:23 --------- d-----w C:Documents and SettingsReleaseEngineer.MACROVISIONApplication DataCanon
2008-04-23 03:21 --------- d-----w C:Program FilesMcAfee
2008-04-20 15:50 --------- d-----w C:Program FilesSafari
2008-04-16 18:25 29,952 ----a-w C:WindowsHelpOEMscriptsHPScript.exe
2008-04-09 07:07 --------- d-----w C:Program FilesWindows Mail
2008-04-05 19:46 --------- d-----w C:Program FilesOpenOffice.org 2.4
2008-04-05 19:45 --------- d-----w C:Program FilesOpenOffice.org 2.3
2008-04-05 19:39 --------- d-----w C:Program FilesJava
2008-04-01 01:39 --------- d-----w C:Program FilesSpiralFrog
2008-03-18 22:11 --------- d-----w C:Program FilesSygate
2008-03-16 22:51 --------- d-----w C:Program FilesBonjour
2008-03-16 14:30 --------- d-----w C:Program FilesNero
2008-03-16 02:43 --------- d-----w C:Program FilesInterMute
2008-03-15 21:38 --------- d-----w C:Program FilesNeroInstall.bak
2008-03-15 21:07 --------- d-----w C:Program FilesAhead
2008-03-15 21:06 --------- d-----w C:Program FilesCommon FilesAhead
2008-03-15 20:31 --------- d-----w C:Program FilesAC3Filter
2008-03-15 00:01 --------- d-----w C:Program FilesSpyware Doctor
2008-03-12 00:10 --------- d-----w C:Program FilesAIM6
2008-03-12 00:08 --------- d-----w C:Program FilesViewpoint
2008-03-12 00:07 --------- d-----w C:Program FilesCommon FilesAOL
2008-02-29 04:16 2,027,008 ----a-w C:WindowsSystem32win32k.sys
2008-02-28 17:26 1,414,440 ----a-w C:WindowsSystem32ShellManager310E2D762.dll
2008-02-22 21:05 691,545 ----a-w C:Windowsunins000.exe
2008-02-21 04:43 826,368 ----a-w C:WindowsSystem32wininet.dll
2008-02-21 04:43 56,320 ----a-w C:WindowsSystem32iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:WindowsAppPatchiebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:WindowsSystem32gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:WindowsSystem32ieUnatt.exe
2008-02-16 08:02 1,244,672 ----a-w C:WindowsSystem32mcmde.dll
2008-02-14 05:11 194,560 ----a-w C:WindowsSystem32WebClnt.dll
2008-02-14 05:09 905,400 ----a-w C:WindowsSystem32winresume.exe
2008-02-14 05:09 613,888 ----a-w C:WindowsSystem32wpd_ci.dll
2008-02-14 05:09 558,080 ----a-w C:WindowsSystem32oleaut32.dll
2008-02-14 05:09 35,328 ----a-w C:WindowsSystem32dispci.dll
2008-02-14 05:09 260,096 ----a-w C:WindowsSystem32dpx.dll
2008-02-14 05:09 224,824 ----a-w C:WindowsSystem32clfs.sys
2008-02-14 05:09 221,696 ----a-w C:WindowsSystem32umpnpmgr.dll
2008-02-14 05:09 19,456 ----a-w C:WindowsSystem32cfgmgr32.dll
2008-02-14 05:09 12,800 ----a-w C:WindowsSystem32batt.dll
2008-02-14 05:09 101,888 ----a-w C:WindowsSystem32drvinst.exe
2008-02-14 05:09 1,585,664 ----a-w C:WindowsSystem32setupapi.dll
2008-02-14 05:08 595,456 ----a-w C:WindowsSystem32schedsvc.dll
2008-02-14 05:08 39,424 ----a-w C:WindowsSystem32lodctr.exe
2008-02-14 05:08 32,256 ----a-w C:WindowsSystem32unlodctr.exe
2008-02-14 05:08 23,552 ----a-w C:WindowsSystem32nshhttp.dll
2008-02-14 05:08 17,408 ----a-w C:WindowsSystem32prflbmsg.dll
2008-02-14 05:08 115,200 ----a-w C:WindowsSystem32loadperf.dll
2008-02-14 05:05 3,504,696 ----a-w C:WindowsSystem32ntkrnlpa.exe
2008-02-14 05:05 3,470,392 ----a-w C:WindowsSystem32ntoskrnl.exe
2008-02-14 05:04 537,600 ----a-w C:WindowsAppPatchAcLayers.dll
2008-02-14 05:04 449,536 ----a-w C:WindowsAppPatchAcSpecfc.dll
2008-02-14 05:04 4,247,552 ----a-w C:WindowsSystem32GameUXLegacyGDFs.dll
2008-02-14 05:04 24,064 ----a-w C:WindowsSystem32netcfg.exe
2008-02-14 05:04 22,016 ----a-w C:WindowsSystem32netiougc.exe
2008-02-14 05:04 2,560 ----a-w C:WindowsAppPatchAcRes.dll
2008-02-14 05:04 2,144,256 ----a-w C:WindowsAppPatchAcGenral.dll
2008-02-14 05:04 173,056 ----a-w C:WindowsAppPatchAcXtrnal.dll
2008-02-14 05:04 167,424 ----a-w C:WindowsSystem32tcpipcfg.dll
2008-02-14 05:04 1,686,528 ----a-w C:WindowsSystem32gameux.dll
2008-02-08 19:41 61,480 ----a-w C:UsersKimGoToAssistDownloadHelper.exe
2007-10-17 04:31 174 --sha-w C:Program Filesdesktop.ini
2002-06-18 13:04 1,783 ----a-w C:Program FilesEnhancements_Import_1_0.dtd
2007-10-20 02:26 22 --sha-w C:WindowsSMINSTHPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Sidebar"="C:Program FilesWindows Sidebarsidebar.exe" [2008-01-09 12:02 1232896]
"ehTray.exe"="C:WindowsehomeehTray.exe" [2006-11-02 08:35 125440]
"SpybotSD TeaTimer"="C:Program FilesSpybot - Search & DestroyTeaTimer.exe" [2008-01-28 12:43 2097488]
"ISUSPM"="C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe" [2006-09-11 05:56 218032]
"swg"="C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2008-02-24 20:45 68856]
"Aim6"="C:Program FilesAIM6aim6.exe" [2008-03-06 16:50 50528]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"Windows Defender"="C:Program FilesWindows DefenderMSASCui.exe" [2007-08-04 05:57 1006264]
"SynTPEnh"="C:Program FilesSynapticsSynTPSynTPEnh.exe" [2007-09-15 03:50 1021224]
"QPService"="C:Program FilesHPQuickPlayQPService.exe" [2007-04-23 21:11 176128]
"QlbCtrl"="C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe" [2007-02-13 14:38 159744]
"HP Health Check Scheduler"="c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe" [2007-09-19 18:30 66816]
"hpWirelessAssistant"="C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe" [2007-03-01 16:18 472776]
"WAWifiMessage"="C:Program FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe" [2007-01-10 19:12 317128]
"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_05binjusched.exe" [2008-02-22 05:25 144784]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:WindowsKHALMNPR.Exe]
"SynTPStart"="C:Program FilesSynapticsSynTPSynTPStart.exe" [2007-09-15 03:29 102400]
"RegistryMechanic"="" []
"NvSvc"="C:Windowssystem32nvsvc.dll" [2007-11-07 09:05 86016]
"NvCplDaemon"="C:Windowssystem32NvCpl.dll" [2007-11-07 09:05 8534560]
"NvMediaCenter"="C:Windowssystem32NvMcTray.dll" [2007-11-07 09:05 81920]
"Adobe Reader Speed Launcher"="C:Program FilesAdobeReader 8.0ReaderReader_sl.exe" [2008-01-11 23:16 39792]
"mxomssmenu"="C:Program FilesMaxtorOneTouch Statusmaxmenumgr.exe" [2007-09-06 15:53 169264]
"GrooveMonitor"="C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe" [2007-08-24 08:00 33648]
"QuickTime Task"="C:Program FilesQuickTimeQTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:Program FilesiTunesiTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce]
"Launcher"="" []

C:UsersKimAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
OpenOffice.org 2.4.lnk - C:Program FilesOpenOffice.org 2.4programquickstart.exe [2008-01-21 15:41:28 393216]

C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
Google Updater.lnk - C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe [2008-02-24 20:45:44 125624]
Logitech SetPoint.lnk - C:Program FilesLogitechSetPointSetPoint.exe [2007-10-18 00:50:28 692224]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"EnableLUA"= 0 (0x0)
"DisableTaskMgr"= 0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
"AppInit_DLLs"=C:PROGRA~1GoogleGOOGLE~1GOEC62~1.DLL
"LoadAppInit_DLLs"=0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM~startupfolderC:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:WindowspssAdobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM~startupfolderC:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:WindowspssAdobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM~startupfolderC:^Users^Kim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=C:WindowspssOpenOffice.org 2.3.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAim6]
--a------ 2008-03-06 16:50 50528 C:Program FilesAIM6aim6.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreggoogletalk]
--a------ 2007-01-01 17:22 3739648 C:Program FilesGoogleGoogle Talkgoogletalk.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHP Software Update]
--a------ 2005-02-17 02:11 49152 C:Program FilesHpHP Software UpdateHPWuSchd2.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHPAdvisor]
--a------ 2007-03-20 18:23 1773568 C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregISTray]
--a------ 2008-02-01 12:55 1103240 C:Program FilesSpyware DoctorpctsTray.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
--a------ 2008-03-30 10:36 267048 C:Program FilesiTunesiTunesHelper.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLightScribe Control Panel]
--a------ 2007-04-19 16:26 484904 C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
--a------ 2008-03-28 23:37 413696 C:Program FilesQuickTimeQTTask.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype]
-ra------ 2007-12-12 15:27 21686568 C:Program FilesSkypePhoneSkype.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpiralFrog]
--a------ 2007-10-15 14:38 163128 C:Program FilesSpiralFrogSpiralfrog.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTunebite]
--a------ 2007-11-29 20:35 4924720 C:Program FilesRapidSolutionTunebiteTunebite.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicyDomainProfile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
"{DDB79537-BE1B-49D8-9E35-865252F6818E}"= UDP:C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
"{62DAD364-9054-4450-8B64-1E97F59A49D1}"= TCP:C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
"{5BC58A37-88F1-48D7-8BE5-98236F326965}"= C:Program FilesHPQuickPlayQP.exe:Quick Play
"{977244DC-0C6F-4602-9E5D-F53F4137696A}"= C:Program FilesHPQuickPlayQPService.exe:Quick Play Resident Program
"{6B76B961-7BC3-47C4-B12A-42CF381A1E0A}"= UDP:C:Program Filesearthlink totalaccessTaskPanl.exe:taskpanl
"{05F6F3EF-B25C-4001-8372-FE26E6D1B328}"= TCP:C:Program Filesearthlink totalaccessTaskPanl.exe:taskpanl
"{097692B9-4521-4D1A-9F3E-8E0F924DCDB0}"= UDP:C:Program Filesearthlink totalaccessTaskPanl.exe:taskpanl
"{F238082B-3978-480D-B122-CF2A1C1231A2}"= TCP:C:Program Filesearthlink totalaccessTaskPanl.exe:taskpanl
"{C45F953C-C973-4D47-9B6F-8E3786D5C7A2}"= UDP:C:Program Filesearthlink totalaccessTaskPanl.exe:taskpanl
"{87A0D74F-F719-4D0B-9A9D-EDC91DA7E7E8}"= TCP:C:Program Filesearthlink totalaccessTaskPanl.exe:taskpanl
"TCP Query User{C296A245-6B23-4D33-977F-B404BA8F94C6}C:program filesazureusazureus.exe"= UDP:C:program filesazureusazureus.exe:Azureus
"UDP Query User{930A2413-D30C-402D-98FC-EAFF2D9ED859}C:program filesazureusazureus.exe"= TCP:C:program filesazureusazureus.exe:Azureus
"TCP Query User{9D7C01CD-AEC8-426E-B63F-545C05A41BC7}C:program fileshp gameswheel of fortunewheel of fortune.exe"= UDP:C:program fileshp gameswheel of fortunewheel of fortune.exe:Wheel of Fortune
"UDP Query User{EC442969-5D24-4C45-8435-30125BB31C94}C:program fileshp gameswheel of fortunewheel of fortune.exe"= TCP:C:program fileshp gameswheel of fortunewheel of fortune.exe:Wheel of Fortune
"TCP Query User{68A7786E-A13B-4CBE-9857-0010E7B84B33}C:program filesinternet exploreriexplore.exe"= UDP:C:program filesinternet exploreriexplore.exe:Internet Explorer
"UDP Query User{B2A0C3E5-2BFB-449C-A220-AADF579D0D5B}C:program filesinternet exploreriexplore.exe"= TCP:C:program filesinternet exploreriexplore.exe:Internet Explorer
"TCP Query User{72300928-BF46-426A-8524-9998200287ED}C:program filessoulseekslsk.exe"= UDP:C:program filessoulseekslsk.exe:SoulSeek
"UDP Query User{F445EED6-3F31-44AF-8F33-0DE7075BC16A}C:program filessoulseekslsk.exe"= TCP:C:program filessoulseekslsk.exe:SoulSeek
"{46F36E97-C2E1-4B68-92E8-2454B7CF313E}"= UDP:C:Program FilesRapidSolutionTunebiteTunebiteHelper.exe:TunebiteHelper
"{A3A77AAF-544C-4A48-A5E8-822BD64248B8}"= TCP:C:Program FilesRapidSolutionTunebiteTunebiteHelper.exe:TunebiteHelper
"TCP Query User{150B7930-9484-4AEA-98AD-E23A04BB074B}C:windowssystem32dplaysvr.exe"= UDP:C:windowssystem32dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{0CB5600C-03AE-4EA4-A384-43D8BFFEE12F}C:windowssystem32dplaysvr.exe"= TCP:C:windowssystem32dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{C039B41F-2E4D-4746-878B-8488FE01CCEC}C:program filesinfogrames interactivescrabble 2scrabble v2.0.exe"= UDP:C:program filesinfogrames interactivescrabble 2scrabble v2.0.exe:Scrabble v2
"UDP Query User{E15E4188-888A-4F77-AD5B-0AA8AE9F8F43}C:program filesinfogrames interactivescrabble 2scrabble v2.0.exe"= TCP:C:program filesinfogrames interactivescrabble 2scrabble v2.0.exe:Scrabble v2
"{CC84FD59-6F57-4067-AC0A-0AFC33A783EC}"= Profile=Private|Profile=Public|C:Program FilesCommon FilesMcafeeMNAMcNaSvc.exe:McAfee Network Agent
"{E154679D-D3BC-43B8-B65E-BFF038C33917}"= UDP:C:Program FilesBonjourmDNSResponder.exe:Bonjour
"{2ABB8677-99E4-4B1F-8463-1011C0D42155}"= TCP:C:Program FilesBonjourmDNSResponder.exe:Bonjour
"{2CE1FBF3-3481-4DEA-855A-0DA85611B565}"= UDP:C:Program FilesGoogleGoogle Talkgoogletalk.exe:Google Talk
"{687E96B6-3F9D-40F3-9C64-0D4C5CEDC54F}"= TCP:C:Program FilesGoogleGoogle Talkgoogletalk.exe:Google Talk
"{29DE1D47-1894-45DE-A176-817144760A95}"= TCP:6004|C:Program FilesMicrosoft OfficeOffice12outlook.exe:Microsoft Office Outlook
"{8D943D3D-1887-474D-A462-F973D579B970}"= UDP:C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
"{601C44BF-E625-42CA-8159-33BECB04A36F}"= TCP:C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
"{35335244-446F-462A-AA88-23E291EFC2BA}"= UDP:C:Program FilesCommon FilesAOLLoaderaolload.exe:AOL Loader
"{869FC0C4-05CB-4A09-9D01-B3E1114DCB22}"= TCP:C:Program FilesCommon FilesAOLLoaderaolload.exe:AOL Loader
"{C05E039D-3977-4FE6-A14F-810EC815E5BB}"= UDP:C:Program FilesAIM6aim6.exe:AIM
"{C8969229-D09F-4C8C-9F9E-EE91475261C8}"= TCP:C:Program FilesAIM6aim6.exe:AIM
"{E2D550C5-21B2-4F72-BB31-D7BDE6B91E49}"= UDP:C:Program FilesiTunesiTunes.exe:iTunes
"{C8ABC9DB-4E40-468D-B009-FEB855CBDDA6}"= TCP:C:Program FilesiTunesiTunes.exe:iTunes

[HKLM~servicessharedaccessparametersfirewallpolicyRestrictedServicesStaticSystem]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%system32svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM~servicessharedaccessparametersfirewallpolicyStandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicyStandardProfileAuthorizedApplicationsList]
"C:Program FilesEarthLink TotalAccessTaskPanl.exe"= C:Program FilesEarthLink TotalAccessTaskPanl.exe:*:Enabled:Earthlink

R2 Maxtor Sync Service;Maxtor Service;"C:Program FilesMaxtorSyncSyncServices.exe" [2007-09-28 13:24]
R2 XAudio;XAudio;C:Windowssystem32DRIVERSxaudio.sys [2007-07-10 07:27]
R3 nvsmu;nvsmu;C:Windowssystem32DRIVERSnvsmu.sys [2007-02-16 19:50]
R3 UsbFltr;WayTech USB Filter Driver1;C:Windowssystem32DriversUsbFltr.sys [2007-04-09 10:50]
S2 SBSDWSCService;SBSD Security Center Service;C:Program FilesSpybot - Search & DestroySDWinSec.exe [2008-01-28 12:43]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:Windowssystem32DRIVERSbcmwl6.sys [2007-10-13 00:50]

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:Program FilesCommon FilesLightScribeLSRunOnce.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{621FCD24-4498-4324-A81E-07D331376EDF}]
C:Program FilesPixiePack Codec PackInstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-05-03 16:00:30 C:WindowsTasksHPCeeScheduleForKim.job"
- C:program fileshewlett-packardsdpceementHPCEE.exe
"2008-02-09 02:59:45 C:WindowsTasksMcDefragTask.job"
- c:PROGRA~1mcafeemqcQcConsol.exe'
"2008-02-09 02:59:45 C:WindowsTasksMcQcTask.job"
- c:PROGRA~1mcafeemqcQcConsol.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 23:22:27
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


folder error: C:Documents and SettingsReleaseEngineer.MACROVISIONApplication Data

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-06 23:32:42
ComboFix-quarantined-files.txt 2008-05-07 03:32:33

Pre-Run: 35,496,595,456 bytes free
Post-Run: 35,634,319,360 bytes free

316 --- E O F --- 2008-05-06 23:05:19

*****************************************************************************************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:41 PM, on 5/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe
C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
C:Program FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe
C:Program FilesJavajre1.6.0_05binjusched.exe
C:Program FilesSynapticsSynTPSynTPStart.exe
C:Program FilesMaxtorOneTouch StatusMaxMenuMgr.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Windowsehomeehtray.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe
C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe
C:Program FilesLogitechSetPointSetPoint.exe
c:PROGRA~1mcafee.comagentmcagent.exe
C:Program FilesMcAfeeMPSmpsevh.exe
C:Windowsehomeehmsas.exe
C:Program FilesCommon FilesLogitechKhalSharedKHALMNPR.EXE
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesHewlett-PackardSharedHpqToaster.exe
C:Program FilesWindows Media Playerwmplayer.exe
C:Program FilesOpenOffice.org 2.4programsoffice.exe
C:Program FilesOpenOffice.org 2.4programsoffice.BIN
C:Windowssystem32notepad.exe
C:WindowsSystem32rundll32.exe
C:Windowsexplorer.exe
C:Windowssystem32SearchFilterHost.exe
C:UsersKimDownloadsHiJackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:PROGRA~1mcafeeVIRUSS~1scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.1.1119.1736swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [QPService] "C:Program FilesHPQuickPlayQPService.exe"
O4 - HKLM..Run: [QlbCtrl] %ProgramFiles%Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
O4 - HKLM..Run: [HP Health Check Scheduler] c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
O4 - HKLM..Run: [hpWirelessAssistant] %ProgramFiles%Hewlett-PackardHP Wireless AssistantHPWAMain.exe
O4 - HKLM..Run: [WAWifiMessage] %ProgramFiles%Hewlett-PackardHP Wireless AssistantWiFiMsg.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_05binjusched.exe"
O4 - HKLM..Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM..Run: [SynTPStart] C:Program FilesSynapticsSynTPSynTPStart.exe
O4 - HKLM..Run: [NvSvc] RUNDLL32.EXE C:Windowssystem32nvsvc.dll,nvsvcStart
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [mxomssmenu] "C:Program FilesMaxtorOneTouch Statusmaxmenumgr.exe"
O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [ISUSPM] "C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe" -scheduler
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [Aim6] "C:Program FilesAIM6aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.4.lnk = C:Program FilesOpenOffice.org 2.4programquickstart.exe
O4 - Global Startup: Google Updater.lnk = C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:Program FilesLogitechSetPointSetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:Windowsbdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:Windowsbdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com/hostedimages/active...oad/XUpload.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~1GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:Program FilesHPQuickPlayKernelTVCLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:Program FilesHPQuickPlayKernelTVCLSched.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:PROGRA~1COMMON~1McAfeeEmProxyemproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:Program FilesHewlett-PackardSharedhpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: MaxBackServiceInt - Seagate - C:Program FilesMaxtorMaxtor BackupMaxBackServiceInt.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:Program FilesMaxtorSyncSyncServices.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:PROGRA~1McAfeeMPSmps.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:Program FilesSpybot - Search & DestroySDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:Program FilesSpyware DoctorpctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:Program FilesSpyware DoctorpctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:Program FilesCommon FilesSureThing Sharedstllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:Windowssystem32DRIVERSxaudio.exe

--
End of file - 12323 bytes

#9 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 07 May 2008 - 04:42 PM

Can you attach the Combofix log to your post for me, please?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#10 kteis23

kteis23
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 07 May 2008 - 05:29 PM

Yes, it's in the above post, before the HiJack This log. But I'll go ahead and put it in here separately for you. :thumbsup:

But, since you said attach, I'll go ahead and attach it as well.

Thanks,
Kim

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ComboFix 08-05-01.3 - Kim 2008-05-06 23:14:06.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.225 [GMT -4:00]
Running from: C:\Users\Kim\Desktop\Spyware apps\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\123messenger.per
C:\Windows\180ax.exe
C:\Windows\apphelp32.dll
C:\Windows\asferror32.dll
C:\Windows\asycfilt32.dll
C:\Windows\athprxy32.dll
C:\Windows\ati2dvaa32.dll
C:\Windows\ati2dvag32.dll
C:\Windows\audiosrv32.dll
C:\Windows\autodisc32.dll
C:\Windows\avifile32.dll
C:\Windows\avisynthex32.dll
C:\Windows\aviwrap32.dll
C:\Windows\bjam.dll
C:\Windows\bokja.exe
C:\Windows\browserad.dll
C:\Windows\cdsm32.dll
C:\Windows\changeurl_30.dll
C:\Windows\licencia.txt
C:\Windows\msa64chk.dll
C:\Windows\msapasrc.dll
C:\Windows\mspphe.dll
C:\Windows\mssvr.exe
C:\Windows\ntnut.exe
C:\Windows\saiemod.dll
C:\Windows\salm.exe
C:\Windows\shdocpe.dll
C:\Windows\shdocpl.dll
C:\Windows\swin32.dll
C:\Windows\system32\msixu.dll
C:\Windows\system32\MSNSA32.dll
C:\Windows\system32\ntnut32.exe
C:\Windows\system32\shdocpe.dll
C:\Windows\system32\SIPSPI32.dll
C:\Windows\system32\wer8274.dll
C:\Windows\system32\winfrun32.bin
C:\Windows\telefonos.txt
C:\Windows\TEMP\salm.exe
C:\Windows\textos.txt
C:\Windows\voiceip.dll
C:\Windows\winsb.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 )))))))))))))))))))))))))))))))
.

2008-05-06 23:14 . 2008-05-06 23:14 6,736 --a------ C:\Windows\System32\drivers\PROCEXP90.SYS
2008-04-20 11:48 . 2008-04-20 11:48 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-12 18:10 . 2008-05-03 12:01 54,156 --ah----- C:\Windows\QTFont.qfn
2008-04-12 18:10 . 2008-04-12 18:10 1,409 --a------ C:\Windows\QTFont.for
2008-04-12 18:09 . 2008-04-12 18:10 <DIR> d-------- C:\Program Files\iTunes
2008-04-12 18:09 . 2008-04-12 18:09 <DIR> d-------- C:\Program Files\iPod
2008-04-12 18:06 . 2008-04-12 18:07 <DIR> d-------- C:\Program Files\QuickTime
2008-04-08 18:28 . 2008-02-14 19:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-08 18:28 . 2008-02-19 01:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-08 18:28 . 2008-02-29 02:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-08 18:28 . 2008-02-29 02:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-08 18:28 . 2008-02-29 02:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-08 18:28 . 2008-02-29 02:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-08 18:28 . 2008-02-29 02:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-08 18:28 . 2008-02-29 02:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-08 18:28 . 2008-02-29 02:35 6,656 --a------ C:\Windows\System32\kbd106n.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 14:32 --------- d-----w C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Azureus
2008-05-03 15:52 --------- d-----w C:\Program Files\AIMTunes
2008-05-02 03:48 --------- d-----w C:\Program Files\Azureus
2008-05-02 02:23 --------- d-----w C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Canon
2008-04-23 03:21 --------- d-----w C:\Program Files\McAfee
2008-04-20 15:50 --------- d-----w C:\Program Files\Safari
2008-04-16 18:25 29,952 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
2008-04-09 07:07 --------- d-----w C:\Program Files\Windows Mail
2008-04-05 19:46 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-04-05 19:45 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-04-05 19:39 --------- d-----w C:\Program Files\Java
2008-04-01 01:39 --------- d-----w C:\Program Files\SpiralFrog
2008-03-18 22:11 --------- d-----w C:\Program Files\Sygate
2008-03-16 22:51 --------- d-----w C:\Program Files\Bonjour
2008-03-16 14:30 --------- d-----w C:\Program Files\Nero
2008-03-16 02:43 --------- d-----w C:\Program Files\InterMute
2008-03-15 21:38 --------- d-----w C:\Program Files\NeroInstall.bak
2008-03-15 21:07 --------- d-----w C:\Program Files\Ahead
2008-03-15 21:06 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-15 20:31 --------- d-----w C:\Program Files\AC3Filter
2008-03-15 00:01 --------- d-----w C:\Program Files\Spyware Doctor
2008-03-12 00:10 --------- d-----w C:\Program Files\AIM6
2008-03-12 00:08 --------- d-----w C:\Program Files\Viewpoint
2008-03-12 00:07 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-28 17:26 1,414,440 ----a-w C:\Windows\System32\ShellManager310E2D762.dll
2008-02-22 21:05 691,545 ----a-w C:\Windows\unins000.exe
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-16 08:02 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-14 05:11 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 05:09 905,400 ----a-w C:\Windows\System32\winresume.exe
2008-02-14 05:09 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-02-14 05:09 558,080 ----a-w C:\Windows\System32\oleaut32.dll
2008-02-14 05:09 35,328 ----a-w C:\Windows\System32\dispci.dll
2008-02-14 05:09 260,096 ----a-w C:\Windows\System32\dpx.dll
2008-02-14 05:09 224,824 ----a-w C:\Windows\System32\clfs.sys
2008-02-14 05:09 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll
2008-02-14 05:09 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
2008-02-14 05:09 12,800 ----a-w C:\Windows\System32\batt.dll
2008-02-14 05:09 101,888 ----a-w C:\Windows\System32\drvinst.exe
2008-02-14 05:09 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-02-14 05:08 595,456 ----a-w C:\Windows\System32\schedsvc.dll
2008-02-14 05:08 39,424 ----a-w C:\Windows\System32\lodctr.exe
2008-02-14 05:08 32,256 ----a-w C:\Windows\System32\unlodctr.exe
2008-02-14 05:08 23,552 ----a-w C:\Windows\System32\nshhttp.dll
2008-02-14 05:08 17,408 ----a-w C:\Windows\System32\prflbmsg.dll
2008-02-14 05:08 115,200 ----a-w C:\Windows\System32\loadperf.dll
2008-02-14 05:05 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 05:05 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 05:04 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 05:04 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 05:04 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 05:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 05:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 05:04 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 05:04 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 05:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 05:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 05:04 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-08 19:41 61,480 ----a-w C:\Users\Kim\GoToAssistDownloadHelper.exe
2007-10-17 04:31 174 --sha-w C:\Program Files\desktop.ini
2002-06-18 13:04 1,783 ----a-w C:\Program Files\Enhancements_Import_1_0.dtd
2007-10-20 02:26 22 --sha-w C:\Windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 12:02 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 05:56 218032]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-24 20:45 68856]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-06 16:50 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-04 05:57 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 03:50 1021224]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 21:11 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 14:38 159744]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-09-19 18:30 66816]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 16:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 19:12 317128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
"RegistryMechanic"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 09:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 09:05 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 09:05 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 15:53 169264]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="" []

C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-24 20:45:44 125624]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-18 00:50:28 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableTaskMgr"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
"LoadAppInit_DLLs"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Kim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=C:\Windows\pss\OpenOffice.org 2.3.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-03-06 16:50 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 17:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 02:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
--a------ 2007-03-20 18:23 1773568 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-02-01 12:55 1103240 C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-04-19 16:26 484904 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-12-12 15:27 21686568 C:\Program Files\Skype\\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpiralFrog]
--a------ 2007-10-15 14:38 163128 C:\Program Files\SpiralFrog\Spiralfrog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tunebite]
--a------ 2007-11-29 20:35 4924720 C:\Program Files\RapidSolution\Tunebite\Tunebite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DDB79537-BE1B-49D8-9E35-865252F6818E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{62DAD364-9054-4450-8B64-1E97F59A49D1}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5BC58A37-88F1-48D7-8BE5-98236F326965}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{977244DC-0C6F-4602-9E5D-F53F4137696A}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{6B76B961-7BC3-47C4-B12A-42CF381A1E0A}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{05F6F3EF-B25C-4001-8372-FE26E6D1B328}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{097692B9-4521-4D1A-9F3E-8E0F924DCDB0}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F238082B-3978-480D-B122-CF2A1C1231A2}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C45F953C-C973-4D47-9B6F-8E3786D5C7A2}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{87A0D74F-F719-4D0B-9A9D-EDC91DA7E7E8}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{C296A245-6B23-4D33-977F-B404BA8F94C6}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{930A2413-D30C-402D-98FC-EAFF2D9ED859}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{9D7C01CD-AEC8-426E-B63F-545C05A41BC7}C:\\program files\\hp games\\wheel of fortune\\wheel of fortune.exe"= UDP:C:\program files\hp games\wheel of fortune\wheel of fortune.exe:Wheel of Fortune
"UDP Query User{EC442969-5D24-4C45-8435-30125BB31C94}C:\\program files\\hp games\\wheel of fortune\\wheel of fortune.exe"= TCP:C:\program files\hp games\wheel of fortune\wheel of fortune.exe:Wheel of Fortune
"TCP Query User{68A7786E-A13B-4CBE-9857-0010E7B84B33}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B2A0C3E5-2BFB-449C-A220-AADF579D0D5B}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{72300928-BF46-426A-8524-9998200287ED}C:\\program files\\soulseek\\slsk.exe"= UDP:C:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{F445EED6-3F31-44AF-8F33-0DE7075BC16A}C:\\program files\\soulseek\\slsk.exe"= TCP:C:\program files\soulseek\slsk.exe:SoulSeek
"{46F36E97-C2E1-4B68-92E8-2454B7CF313E}"= UDP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{A3A77AAF-544C-4A48-A5E8-822BD64248B8}"= TCP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"TCP Query User{150B7930-9484-4AEA-98AD-E23A04BB074B}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{0CB5600C-03AE-4EA4-A384-43D8BFFEE12F}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{C039B41F-2E4D-4746-878B-8488FE01CCEC}C:\\program files\\infogrames interactive\\scrabble 2\\scrabble v2.0.exe"= UDP:C:\program files\infogrames interactive\scrabble 2\scrabble v2.0.exe:Scrabble v2
"UDP Query User{E15E4188-888A-4F77-AD5B-0AA8AE9F8F43}C:\\program files\\infogrames interactive\\scrabble 2\\scrabble v2.0.exe"= TCP:C:\program files\infogrames interactive\scrabble 2\scrabble v2.0.exe:Scrabble v2
"{CC84FD59-6F57-4067-AC0A-0AFC33A783EC}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{E154679D-D3BC-43B8-B65E-BFF038C33917}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{2ABB8677-99E4-4B1F-8463-1011C0D42155}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{2CE1FBF3-3481-4DEA-855A-0DA85611B565}"= UDP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{687E96B6-3F9D-40F3-9C64-0D4C5CEDC54F}"= TCP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{29DE1D47-1894-45DE-A176-817144760A95}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{8D943D3D-1887-474D-A462-F973D579B970}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{601C44BF-E625-42CA-8159-33BECB04A36F}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{35335244-446F-462A-AA88-23E291EFC2BA}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{869FC0C4-05CB-4A09-9D01-B3E1114DCB22}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{C05E039D-3977-4FE6-A14F-810EC815E5BB}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{C8969229-D09F-4C8C-9F9E-EE91475261C8}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"{E2D550C5-21B2-4F72-BB31-D7BDE6B91E49}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C8ABC9DB-4E40-468D-B009-FEB855CBDDA6}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R2 Maxtor Sync Service;Maxtor Service;"C:\Program Files\Maxtor\Sync\SyncServices.exe" [2007-09-28 13:24]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 07:27]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 19:50]
R3 UsbFltr;WayTech USB Filter Driver1;C:\Windows\system32\Drivers\UsbFltr.sys [2007-04-09 10:50]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-13 00:50]

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-05-03 16:00:30 C:\Windows\Tasks\HPCeeScheduleForKim.job"
- C:\program files\hewlett-packard\sdp\ceement\HPCEE.exe
"2008-02-09 02:59:45 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-09 02:59:45 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 23:22:27
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


folder error: C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-06 23:32:42
ComboFix-quarantined-files.txt 2008-05-07 03:32:33

Pre-Run: 35,496,595,456 bytes free
Post-Run: 35,634,319,360 bytes free

316 --- E O F --- 2008-05-06 23:05:19

Attached Files



#11 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 08 May 2008 - 04:24 PM

Hi there,
The reason I asked you to attach the file was because when you posted the Combofix log before, all of the "\"s were missing.
Open Notepad - don't use any other text editor or the script will fail.
Copy and paste the text in the quote box below into the document:

File::
C:\Windows\System32\winload.exe
C:\Windows\System32\ci.dll
C:\Windows\System32\srcore.dll
C:\Windows\System32\rstrui.exe
C:\Windows\System32\srclient.dll
C:\Windows\System32\kd1394.dll
C:\Windows\System32\srdelayed.exe
C:\Windows\System32\f3ahvoas.dll
C:\Windows\System32\kbd106n.dll


Save this as txtfile CFScript .
Then drag the CFScript into ComboFix.exe as you see in the screenshot below:

Posted Image

This will start ComboFix again.
A new log will be created, which I would like to see in your reply (Don't worry about attaching it this time)
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#12 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 25 May 2008 - 03:27 PM

Due to lack of feedback, this topic is now closed.
If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread.
This applies only to the original topic starter. Everyone else please begin a New Topic.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users