Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect


  • Please log in to reply
10 replies to this topic

#1 host21

host21

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 10 January 2010 - 12:37 PM

Hello,

I am new tot his forum. I have downloaded a hijack this and obtained then saved a log file. I ve used several programs such as malware bytes, spyware doctor but seems when I do a google search it redirects me to an unknown site.

Here is the saved logfile from Hijackthis. Thank you for your assitance on this matter.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:18:32 PM, on 1/10/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Qlock\qlock.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;tests
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - Startup: qlock.lnk = C:\Program Files\Qlock\qlock.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1243546599515
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Cacheman Service (CachemanService) - Outertech - C:\Program Files\Cacheman\CachemanServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Unknown owner - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 9417 bytes


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:05 PM

Posted 10 January 2010 - 12:45 PM

Hello host21,



Let's see if it's this easy first :

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 host21

host21
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 13 January 2010 - 11:25 AM

Thank you. Sorry for the double post.

Heres the log from the gooredfix. Thanks for your assitance.



GooredFix by jpshortstuff (08.01.10.1)
Log created at 17:21 on 13/01/2010 (aby)
Firefox version 3.0.11 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
staff@hide-my-ip.com [20:08 08/09/2009]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:34 20/05/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [22:44 02/01/2010]

C:\Users\aby\Application Data\Mozilla\Firefox\Profiles\iog69zo0.default\extensions\
anycolor.pavlos256@gmail.com [22:44 11/12/2009]
base-outfit@outwit.com [08:53 31/12/2009]
FirefoxAddon@similarWeb.com [18:49 29/12/2009]
ilab@intuit [22:20 25/05/2009]
netvideohunter@netvideohunter.com [22:45 11/12/2009]
outwit-docs@outwit.com [08:53 31/12/2009]
youtube2mp3@mondayx.de [22:44 11/12/2009]
{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [22:45 11/12/2009]
{0545b830-f0aa-4d7e-8820-50a4629a56fe} [00:09 28/12/2009]
{1018e4d6-728f-4b20-ad56-37578a4de76b} [22:45 11/12/2009]
{20a82645-c095-46ed-80e3-08825760534b} [08:49 03/09/2009]
{241aae70-0022-11de-87af-0800200c9a66} [18:51 26/05/2009]
{249df6a2-e336-47d1-b6c3-ec711ad140ca} [22:45 11/12/2009]
{268ad77e-cff8-42d7-b479-da60a7b93305} [18:43 20/05/2009]
{398e77b8-2304-11dc-8314-0800200c9a66} [22:45 11/12/2009]
{5fb1186a-3398-4c47-b579-0f2eee222ad1} [08:53 31/12/2009]
{6614d11d-d21d-b211-ae23-815234e1ebb5} [22:44 11/12/2009]
{9AA46F4F-4DC7-4c06-97AF-5035170634FE} [22:44 11/12/2009]
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [08:53 31/12/2009]
{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [22:44 11/12/2009]
{c1dffba0-628e-11d9-9669-0800200c9a66} [22:42 11/12/2009]
{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [22:44 11/12/2009]
{f152489f-b189-4550-81fd-7d996d242be7} [22:44 11/12/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [20:43 21/05/2009]

-=E.O.F=-

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:05 PM

Posted 13 January 2010 - 01:17 PM

Hello,

Thanks for that. smile.gif

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 host21

host21
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 13 January 2010 - 04:48 PM

Thanks for helping me reolve this. After eradicating the virus. How can I keep from getting it?

Below are the combofix log and hijack this logs.




ComboFix 10-01-13.06 - aby 01/13/2010 21:44:55.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2086 [GMT 1:00]
Running from: c:\users\aby\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Symantec Endpoint Protection *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2813300613-3578789201-955965553-500
c:\recycler\S-1-5-21-5501201746-3603649437-972180492-7840
c:\users\aby\AppData\Roaming\.#
c:\users\aby\AppData\Roaming\inst.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\SNMPAPI.DLL

.
((((((((((((((((((((((((( Files Created from 2009-12-13 to 2010-01-13 )))))))))))))))))))))))))))))))
.

2010-01-13 21:05 . 2010-01-13 21:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-13 21:05 . 2010-01-13 21:05 -------- d-----w- c:\users\aby\AppData\Local\temp
2010-01-13 20:34 . 2009-12-14 07:59 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100112.053\navex32a.dll
2010-01-13 20:34 . 2009-12-14 07:59 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100112.053\naveng.sys
2010-01-13 20:34 . 2009-12-14 07:59 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100112.053\eeCtrl.sys
2010-01-13 20:34 . 2009-12-14 07:59 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100112.053\cceraser.dll
2010-01-13 20:34 . 2009-12-14 07:59 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100112.053\ecmsvr32.dll
2010-01-13 20:34 . 2009-12-14 07:59 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100112.053\naveng32.dll
2010-01-13 20:34 . 2009-12-14 07:59 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100112.053\navex15.sys
2010-01-13 20:34 . 2009-12-14 07:59 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100112.053\ERASER.sys
2010-01-13 19:52 . 2010-01-13 19:52 -------- d-----w- c:\users\aby\AppData\Local\ESET
2010-01-13 07:28 . 2009-02-01 19:43 38056 ----a-w- c:\windows\system32\drivers\WGX.SYS
2010-01-13 05:55 . 2009-11-02 19:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 05:52 . 2009-09-22 01:01 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-01-13 05:52 . 2009-09-22 01:01 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-01-13 05:51 . 2009-09-22 01:01 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-01-13 05:50 . 2010-01-13 05:52 -------- d-----w- c:\windows\system32\ZoneLabs
2010-01-13 05:50 . 2009-09-22 01:02 443080 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2010-01-13 05:48 . 2010-01-13 05:48 -------- d-----w- c:\program files\Zone Labs
2010-01-13 05:48 . 2010-01-13 05:48 -------- d-----w- c:\programdata\CheckPoint
2010-01-13 05:48 . 2010-01-13 20:18 -------- d-----w- c:\windows\Internet Logs
2010-01-13 05:26 . 2009-12-14 07:59 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100112.025\naveng32.dll
2010-01-13 05:26 . 2009-12-14 07:59 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100112.025\navex32a.dll
2010-01-13 05:26 . 2009-12-14 07:59 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100112.025\navex15.sys
2010-01-13 05:26 . 2009-12-14 07:59 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100112.025\naveng.sys
2010-01-13 05:26 . 2009-12-14 07:59 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100112.025\eeCtrl.sys
2010-01-13 05:26 . 2009-12-14 07:59 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100112.025\cceraser.dll
2010-01-13 05:26 . 2009-12-14 07:59 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100112.025\ecmsvr32.dll
2010-01-13 05:26 . 2009-12-14 07:59 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100112.025\ERASER.sys
2010-01-12 20:19 . 2010-01-12 20:19 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2010-01-12 20:19 . 2010-01-12 20:19 368640 ----a-w- c:\windows\system32\ReWire.dll
2010-01-12 20:14 . 2010-01-12 20:14 -------- d-----w- c:\program files\Propellerhead
2010-01-10 21:57 . 2010-01-12 22:10 -------- d-----w- c:\program files\ESET
2010-01-10 20:29 . 2010-01-10 20:29 -------- d-sh--w- c:\windows\system32\%APPDATA%
2010-01-10 16:14 . 2010-01-10 16:14 -------- d-----w- c:\program files\Trend Micro
2010-01-09 23:02 . 2010-01-09 23:02 -------- d-----w- c:\program files\Corel
2010-01-09 22:32 . 2010-01-12 20:55 -------- d-----w- c:\programdata\avg9
2010-01-09 22:32 . 2010-01-09 22:32 -------- d-----w- c:\program files\AVG
2010-01-09 18:36 . 2010-01-09 18:40 -------- d-----w- c:\users\aby\AppData\Local\Bible Lesson Record Book
2010-01-09 08:04 . 2010-01-09 08:04 -------- d-----w- c:\programdata\ZapShares
2010-01-09 08:04 . 2010-01-09 08:04 -------- d-----w- c:\program files\ZapShares
2010-01-08 22:54 . 2010-01-08 22:54 -------- d-----w- c:\users\aby\AppData\Roaming\eLertGadget.4E424E86CF86EBE29924D0FD908DE0A0B24C8950.1
2010-01-08 22:53 . 2010-01-08 22:49 38784 ----a-w- c:\users\aby\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-08 22:53 . 2010-01-08 22:53 -------- d-----w- c:\program files\eLertGadget
2010-01-07 22:49 . 2010-01-09 21:26 52224 ----a-w- c:\users\aby\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-07 22:49 . 2010-01-09 21:26 117760 ----a-w- c:\users\aby\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-07 22:45 . 2010-01-07 22:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-07 22:45 . 2010-01-09 21:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-07 22:45 . 2010-01-07 22:45 -------- d-----w- c:\users\aby\AppData\Roaming\SUPERAntiSpyware.com
2010-01-07 22:06 . 2010-01-07 22:06 -------- d-----w- c:\users\aby\AppData\Roaming\PC Tools
2010-01-07 22:06 . 2010-01-07 22:06 -------- d-----w- c:\programdata\PC Tools
2010-01-07 22:05 . 2010-01-07 22:05 -------- d-----w- c:\program files\Spyware Doctor Setup
2010-01-07 20:38 . 2010-01-07 20:38 -------- d-----w- c:\program files\Cacheman
2010-01-07 17:02 . 2010-01-07 17:02 -------- d-----w- C:\FONTS
2010-01-07 14:08 . 2010-01-07 14:08 -------- d-----w- c:\users\aby\AppData\Local\IsolatedStorage
2010-01-07 14:08 . 2010-01-07 14:08 -------- d-----w- c:\program files\TurboTax
2010-01-07 10:26 . 2008-07-10 13:56 107864 ----a-w- c:\windows\system32\tsccvid.dll
2010-01-07 10:26 . 2010-01-07 15:26 -------- d-----w- c:\windows\system32\QuickTime
2010-01-07 10:00 . 2010-01-07 10:00 -------- d-----w- c:\program files\Visual CertExam Suite
2010-01-07 09:57 . 2010-01-07 09:58 -------- d-----w- c:\program files\Ontrack
2010-01-07 09:54 . 2010-01-07 09:54 -------- d-----w- c:\users\aby\AppData\Local\Cyberlink
2010-01-07 09:52 . 2010-01-07 09:52 -------- d-----w- c:\program files\Common Files\CyberLink
2010-01-07 09:46 . 2010-01-07 15:10 53319 ----a-w- c:\programdata\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2010-01-07 09:43 . 2010-01-12 20:20 -------- d-----w- c:\users\aby\AppData\Roaming\Propellerhead Software
2010-01-07 09:43 . 2010-01-12 20:16 -------- d-----w- c:\programdata\Propellerhead Software
2010-01-07 09:42 . 2010-01-12 04:19 -------- d-----w- c:\program files\Recycle
2010-01-07 09:42 . 2004-02-07 00:48 331263 ----a-w- c:\windows\LOOP.exe
2010-01-07 09:36 . 2010-01-07 10:55 -------- d-----w- c:\users\aby\AppData\Roaming\Nitro PDF
2010-01-07 09:33 . 2009-09-15 09:16 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-01-07 09:33 . 2009-09-15 09:15 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-01-07 09:33 . 2010-01-07 09:33 -------- d-----w- c:\programdata\Nitro PDF
2010-01-07 09:33 . 2010-01-07 09:33 -------- d-----w- c:\program files\Common Files\Nitro PDF
2010-01-07 09:33 . 2010-01-07 09:33 -------- d-----w- c:\program files\Nitro PDF
2010-01-07 09:31 . 2010-01-07 09:31 -------- d-----w- c:\users\aby\AppData\Roaming\Downloaded Installations
2010-01-07 09:24 . 2010-01-07 16:46 -------- d-----w- c:\programdata\TechSmith
2010-01-07 09:24 . 2010-01-07 16:47 -------- d-----w- c:\program files\TechSmith
2010-01-07 09:24 . 2010-01-07 09:24 -------- d-----w- c:\users\aby\AppData\Local\TechSmith
2010-01-07 08:39 . 2010-01-07 08:39 -------- d-----w- c:\program files\Common Files\Config
2010-01-07 08:38 . 2010-01-07 08:38 -------- d-----w- c:\program files\Common Files\Inet
2010-01-07 08:38 . 2010-01-07 08:38 7032320 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191222-191319.dll
2010-01-07 08:37 . 2010-01-07 08:37 6301696 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191127-191222.dll
2010-01-07 08:35 . 2010-01-07 08:35 241000 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2010-01-07 08:35 . 2010-01-07 08:35 223584 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll
2010-01-07 08:34 . 2010-01-07 08:34 956 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd
2010-01-07 08:33 . 2010-01-07 08:33 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2010-01-07 08:33 . 2009-09-08 11:42 4199784 ----a-w- c:\windows\system32\cdintf400.dll
2010-01-07 08:33 . 2009-09-08 18:40 26472 ----a-w- c:\programdata\Intuit\Quicken\Sku\RPM\Custom\billmind.exe
2010-01-07 08:33 . 2009-09-08 18:40 26472 ----a-w- c:\programdata\Intuit\Quicken\Sku\Premier\Custom\billmind.exe
2010-01-07 08:33 . 2009-09-08 18:40 26472 ----a-w- c:\programdata\Intuit\Quicken\Sku\Hab\Custom\billmind.exe
2010-01-07 08:33 . 2009-09-08 18:40 26472 ----a-w- c:\programdata\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe
2010-01-07 08:31 . 2010-01-07 14:08 -------- d-----w- c:\program files\Common Files\Intuit
2010-01-07 08:31 . 2010-01-07 08:39 -------- d-----w- c:\program files\Quicken
2010-01-07 07:46 . 2010-01-07 07:46 -------- d-----w- c:\program files\Photo Effects Studio
2010-01-07 06:48 . 2010-01-07 06:48 -------- d-----w- C:\tmpDownload
2010-01-07 06:48 . 2010-01-07 14:13 -------- d-----w- C:\YouTubeGet
2010-01-06 23:22 . 2010-01-06 23:22 -------- d-----w- c:\program files\Mini PDF To Word Converter
2010-01-05 16:02 . 2010-01-05 16:02 -------- d-----w- c:\users\aby\AppData\Local\LogiShrd
2010-01-05 16:02 . 2010-01-05 16:02 -------- d-----w- c:\program files\Logitech
2010-01-05 07:46 . 2010-01-05 07:46 -------- d-----w- C:\temp_dvd
2010-01-05 07:43 . 2010-01-05 07:46 -------- d-----w- c:\program files\Dvd-cloner
2010-01-04 18:26 . 2010-01-04 18:26 -------- d-----w- c:\users\aby\AppData\Roaming\GlarySoft
2010-01-04 17:10 . 2010-01-04 17:25 -------- d-----w- c:\program files\Glary Utilities
2010-01-04 16:59 . 2010-01-04 17:00 -------- dc-h--w- c:\programdata\{E613C483-1C1B-4FA1-AC32-36D2C2691115}
2010-01-04 16:59 . 2008-04-03 15:23 2643979 -c--a-r- c:\programdata\{E613C483-1C1B-4FA1-AC32-36D2C2691115}\Setup.exe
2010-01-04 16:38 . 2010-01-04 16:38 -------- d--h--w- c:\programdata\{CCFD8800-9B3C-4D07-869D-EF80BF064DE1}
2010-01-04 16:38 . 2008-01-23 20:11 2451469 ----a-r- c:\programdata\{CCFD8800-9B3C-4D07-869D-EF80BF064DE1}\Setup.exe
2010-01-04 16:31 . 2010-01-04 16:31 -------- dc-h--w- c:\programdata\{69D8758C-536D-41E4-8AD5-477C0E634B3B}
2010-01-04 16:31 . 2008-11-06 17:30 2520163 -c--a-r- c:\programdata\{69D8758C-536D-41E4-8AD5-477C0E634B3B}\Setup.exe
2010-01-04 07:28 . 2010-01-09 21:55 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-04 07:25 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-04 07:25 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 07:25 . 2010-01-09 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-03 19:33 . 2010-01-03 19:33 -------- d-----w- c:\program files\WriteExpress
2010-01-03 15:38 . 2010-01-03 15:38 -------- d-----w- c:\users\aby\AppData\Roaming\iZotope
2010-01-03 15:38 . 2010-01-03 15:41 -------- d-----w- c:\program files\iZotope
2010-01-02 22:48 . 2010-01-02 22:49 -------- d-----w- c:\program files\QuickTime
2010-01-02 22:46 . 2010-01-02 22:46 -------- d-----w- c:\program files\Common Files\Apple
2010-01-02 22:40 . 2010-01-02 22:40 -------- d-----w- c:\users\aby\AppData\Roaming\Stardock
2010-01-02 22:39 . 2010-01-02 22:39 -------- d-----w- c:\users\aby\AppData\Local\PackageAware
2010-01-02 22:38 . 2010-01-02 22:38 -------- d-----w- c:\programdata\McAfee
2010-01-02 22:21 . 2010-01-02 22:21 -------- d-----w- c:\program files\Secunia
2010-01-02 18:41 . 2009-04-20 21:12 149768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\cndcipsdefs\20091230.002\WpsHelper.sys
2010-01-01 09:12 . 2010-01-01 09:12 -------- d-----w- c:\program files\PowerISO
2009-12-31 09:12 . 2009-12-31 09:12 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-12-31 08:53 . 2009-12-28 18:01 89600 ----a-w- c:\users\aby\AppData\Roaming\Mozilla\Firefox\Profiles\iog69zo0.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 20:23 . 2009-05-25 12:54 31681 ----a-w- c:\programdata\nvModes.dat
2010-01-13 20:21 . 2008-10-16 16:31 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-13 19:00 . 2010-01-13 19:08 1801728 ----a-w- c:\windows\Internet Logs\xDB891F.tmp
2010-01-13 19:00 . 2010-01-13 19:08 1468928 ----a-w- c:\windows\Internet Logs\xDB7E64.tmp
2010-01-13 07:33 . 2009-05-20 15:50 502224 ----a-w- c:\users\aby\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-13 05:52 . 2010-01-13 05:50 418012 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-01-10 21:51 . 2010-01-07 22:06 -------- d-----w- c:\program files\Spyware Doctor
2010-01-09 09:34 . 2009-09-26 21:23 -------- d-----w- c:\users\aby\AppData\Roaming\SharpReader
2010-01-08 22:53 . 2009-05-25 06:09 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-08 22:49 . 2009-11-26 14:37 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-07 22:24 . 2010-01-07 22:06 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-07 15:19 . 2008-10-16 17:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-07 15:17 . 2008-10-16 17:56 -------- d-----w- c:\program files\CyberLink
2010-01-07 15:17 . 2008-10-16 17:56 -------- d-----w- c:\programdata\CyberLink
2010-01-07 14:39 . 2009-05-30 05:54 -------- d-----w- c:\users\aby\AppData\Roaming\Intuit
2010-01-07 14:11 . 2009-05-30 05:53 -------- d-----w- c:\programdata\Intuit
2010-01-07 09:54 . 2009-05-20 19:32 -------- d-----w- c:\users\aby\AppData\Roaming\CyberLink
2010-01-07 06:51 . 2009-09-20 18:21 -------- d-----w- c:\program files\Wondershare
2010-01-07 06:49 . 2009-05-20 19:22 -------- d-----w- c:\program files\ResumeMaker
2010-01-05 07:34 . 2009-09-14 18:01 -------- d-----w- c:\program files\LG Software Innovations
2010-01-05 07:34 . 2009-05-20 19:35 -------- d-----w- c:\users\aby\AppData\Roaming\Vso
2010-01-05 07:34 . 2009-05-20 19:35 47360 ----a-w- c:\users\aby\AppData\Roaming\pcouffin.sys
2010-01-05 07:34 . 2009-05-20 19:35 47360 ----a-w- c:\users\aby\AppData\Roaming\pcouffin.sys
2010-01-04 16:59 . 2009-09-18 17:22 -------- d-----w- c:\program files\WORDsearch 8
2010-01-04 16:54 . 2009-06-12 11:26 -------- d-----w- c:\program files\Common Files\WORDsearch
2010-01-03 15:41 . 2009-05-20 18:29 -------- d-----w- c:\program files\VstPlugins
2010-01-02 22:48 . 2009-05-27 20:58 -------- d-----w- c:\programdata\Apple Computer
2010-01-02 22:43 . 2009-10-17 23:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-02 22:39 . 2009-05-20 18:53 -------- d-----w- c:\program files\Opera
2010-01-02 07:23 . 2009-05-25 13:33 -------- d-----w- c:\program files\Libronix DLS
2009-12-31 08:23 . 2009-07-03 19:06 -------- d-----w- c:\programdata\Avira
2009-12-30 10:38 . 2009-06-08 16:49 -------- d-----w- c:\program files\LESSONmaker 8
2009-12-28 22:00 . 2009-10-28 21:37 -------- d-----w- c:\program files\Graboid
2009-12-28 08:08 . 2008-10-16 17:22 -------- d-----w- c:\programdata\WildTangent
2009-12-28 08:08 . 2009-05-20 18:33 -------- d-----w- c:\program files\CCleaner
2009-12-27 22:39 . 2009-05-20 20:01 -------- d-----w- c:\programdata\TuneUp Software
2009-12-20 16:19 . 2008-10-16 17:55 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-19 18:02 . 2009-10-11 13:54 -------- d-----w- c:\program files\Nexus Radio
2009-12-14 07:59 . 2009-05-26 18:37 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ecmsvr32.dll
2009-12-14 07:59 . 2009-05-13 08:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng.sys
2009-12-14 07:59 . 2009-05-13 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\eeCtrl.sys
2009-12-14 07:59 . 2009-05-13 08:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\cceraser.dll
2009-12-14 07:59 . 2009-05-13 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng32.dll
2009-12-14 07:59 . 2009-05-13 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex32a.dll
2009-12-14 07:59 . 2009-05-13 08:00 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex15.sys
2009-12-14 07:59 . 2009-05-13 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.sys
2009-12-12 23:48 . 2009-05-21 21:20 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-12-12 00:45 . 2008-10-16 17:50 -------- d-----w- c:\programdata\Microsoft Help
2009-12-10 02:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-04 23:20 . 2009-09-10 19:15 -------- d-----w- c:\program files\Ashampoo
2009-12-04 22:53 . 2009-09-17 15:19 -------- d-----w- c:\users\aby\AppData\Roaming\Photo DVD Slideshow
2009-12-04 09:03 . 2009-12-04 09:03 251376 ----a-w- c:\users\aby\AppData\Roaming\Mozilla\Plugins\npgoogletalk.dll
2009-12-01 20:39 . 2009-10-28 23:54 -------- d-----w- c:\users\aby\AppData\Roaming\vlc
2009-11-26 14:37 . 2009-11-26 14:37 -------- d-----w- c:\users\aby\AppData\Roaming\com.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1
2009-11-26 14:37 . 2009-11-26 14:37 -------- d-----w- c:\program files\imeem Uploader
2009-11-22 07:56 . 2009-05-20 18:15 -------- d-----w- c:\users\aby\AppData\Roaming\IObit
2009-11-22 07:56 . 2009-05-20 18:15 -------- d-----w- c:\program files\IObit
2009-11-21 06:40 . 2009-12-09 04:37 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 04:37 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 04:37 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 04:37 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-19 02:20 . 2009-11-19 02:20 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-19 02:20 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-19 02:20 . 2009-11-19 02:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-19 02:20 . 2009-11-19 02:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-16 23:01 . 2008-10-16 18:10 -------- d-----w- c:\program files\SMINST
2009-11-16 23:01 . 2009-09-14 19:29 -------- d-----w- c:\program files\Green Label
2009-11-16 23:01 . 2009-06-23 20:10 -------- d-----w- c:\program files\MagicDisc
2009-11-13 21:14 . 2009-11-13 21:14 0 ----a-w- c:\windows\nsreg.dat
2009-11-09 12:31 . 2009-12-10 02:01 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-10 02:01 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-10 02:01 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-09 03:21 . 2009-11-09 03:21 59388 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-11-03 10:33 . 2009-11-03 10:33 6 ----a-w- c:\windows\Fonts\wfonts.key
2009-10-31 01:24 . 2009-10-26 12:51 368 ----a-w- c:\users\aby\udownload.dat
2009-10-29 09:17 . 2009-11-26 02:01 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-20 12:43 . 2009-10-20 12:43 101361768 ----a-w- c:\windows\system32\xa61311590.exe
2009-10-20 12:43 . 2009-10-20 12:43 101361768 ----a-w- c:\windows\system32\xa61308377.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2008-10-16 17:19 . 2008-10-16 17:10 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-09-22 1011080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\program files\Opera\program\plugins\NPSWF32_FlashUtil.exe" [2009-02-03 240544]

c:\users\aby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
qlock.lnk - c:\program files\Qlock\qlock.exe [2006-3-20 4070912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^aby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-02 04:00 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
2008-12-14 15:42 3960552 ----a-w- c:\program files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer for HP TouchSmart]
2008-09-26 01:42 189736 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GroupManager]
2009-02-13 02:28 32256 ----a-w- c:\program files\QuickTime Pro 7.60.92 Windows XPVista\groupmanager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 15:03 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-09-30 23:56 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-01-07 15:07 429392 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-21 20:27 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-08-01 23:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 00:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSMAgent]
2008-09-26 01:41 1152296 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-06-14 01:11 210216 ------w- c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-09-26 17:15 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"CachemanTray"=c:\program files\Cacheman\CachemanTray.exe
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" -bootmode
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"Window Washer"=c:\program files\Webroot\Washer\wwDisp.exe
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"Google Update"="c:\users\aby\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SmartMenu"=%ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
"IPPrivacy"=c:\program files\IP Privacy\IP Privacy.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:76,4f,c4,98,d1,5a,ca,01

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [1/7/2010 11:06 PM 207280]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [2/6/2009 2:23 PM 106208]
R1 mchInjDrv;madCodeHook DLL injection driver;c:\windows\System32\drivers\mchInjDrv.sys [7/3/2009 12:41 PM 2560]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\Hewlett-Packard\Media\DVD\000.fcl [9/26/2008 10:36 AM 59376]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [1/7/2010 11:24 PM 112592]
R2 CachemanService;Cacheman Service;c:\program files\Cacheman\CachemanServ.exe [5/16/2009 6:15 PM 210944]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 2:23 PM 727720]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [2/6/2009 2:24 PM 92800]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [3/19/2008 12:24 AM 19456]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/4/2010 8:25 AM 236368]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [9/15/2009 10:20 AM 188736]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [10/16/2008 7:10 PM 365904]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [12/18/2009 12:12 AM 1044808]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [12/20/2009 10:22 AM 598856]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [4/29/2008 2:54 AM 54784]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/7/2010 3:26 PM 102448]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [1/4/2010 8:25 AM 19160]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [5/20/2009 4:21 PM 3664384]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [5/24/2009 11:53 PM 51232]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\System32\drivers\TotRec7.sys [10/27/2008 9:51 PM 127496]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10/14/2009 7:24 AM 10064]
R3 VAD_DEV;Virtual Audio Service;c:\windows\System32\drivers\vad.sys [9/23/2009 6:33 PM 16384]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\System32\regedt32.exe [11/2/2006 9:32 AM 9216]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [11/18/2008 5:17 PM 23888]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/21/2008 3:23 AM 21504]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [7/21/2008 11:53 AM 100184]
S3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [6/17/2009 1:20 PM 12648]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/7/2010 11:06 PM 358600]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [5/20/2009 7:19 PM 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-13 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-01-04 11:09]

2010-01-04 c:\windows\Tasks\GlaryUpdate.job
- c:\program files\Glary Utilities\webupdate.exe [2010-01-04 11:09]

2010-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2813300613-3578789201-955965553-1000Core.job
- c:\users\aby\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-30 17:41]

2010-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2813300613-3578789201-955965553-1000UA.job
- c:\users\aby\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-30 17:41]

2010-01-02 c:\windows\Tasks\HPCeeScheduleForaby.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-16 18:34]

2010-01-04 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-11-22 08:22]

2010-01-13 c:\windows\Tasks\User_Feed_Synchronization-{9CAD88E7-10E9-49C1-B0BE-8082911BB976}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.refdesk.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local;tests
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
Trusted Zone: af.mil\aiportal.acc
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\users\aby\AppData\Roaming\Mozilla\Firefox\Profiles\iog69zo0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.REFDESK.COM
FF - component: c:\users\aby\AppData\Roaming\Mozilla\Firefox\Profiles\iog69zo0.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit.3.1.dll
FF - component: c:\users\aby\AppData\Roaming\Mozilla\Firefox\Profiles\iog69zo0.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\users\aby\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\users\aby\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\aby\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{1984DD45-52CF-49cd-AB77-18F378FEA264} - c:\program files\Stardock\Fences\FencesMenu.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-13 22:05
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll PCTCore.sys >>UNKNOWN [0x865C7841]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x83ba9d24
\Driver\ACPI -> acpi.sys @ 0x806d2d68
\Driver\atapi -> ataport.SYS @ 0x807d9a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK
copy of MBR has been found in sector 5 !

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2813300613-3578789201-955965553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bmp"

[HKEY_USERS\S-1-5-21-2813300613-3578789201-955965553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dib"

[HKEY_USERS\S-1-5-21-2813300613-3578789201-955965553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.emf"

[HKEY_USERS\S-1-5-21-2813300613-3578789201-955965553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"

[HKEY_USERS\S-1-5-21-2813300613-3578789201-955965553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-2813300613-3578789201-955965553-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.gif"

[HKEY_USERS\S-1-5-21-2813300613-3578789201-955965553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"

[HKEY_USERS\S-1-5-21-2813300613-3578789201-955965553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpe"

[HKEY_USERS\S-1-5-21-2813300613-3578789201-955965553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpeg"

[HKEY_USERS\S-1-5-21-2813300613-3578789201-955965553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpg"

[HKEY_USERS\S-1-5-21-2813300613-3578789201-955965553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.png"

[HKEY_USERS\S-1-5-21-2813300613-3578789201-955965553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rle"

[HKEY_USERS\S-1-5-21-2813300613-3578789201-955965553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tif"

[HKEY_USERS\S-1-5-21-2813300613-3578789201-955965553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tiff"

[HKEY_USERS\S-1-5-21-2813300613-3578789201-955965553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"

[HKEY_USERS\S-1-5-21-2813300613-3578789201-955965553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"

[HKEY_USERS\S-1-5-21-2813300613-3578789201-955965553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wmf"
.
Completion time: 2010-01-13 22:11:45
ComboFix-quarantined-files.txt 2010-01-13 21:11

Pre-Run: 138,597,277,696 bytes free
Post-Run: 138,582,614,016 bytes free

Current=4 Default=4 Failed=1 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - 515807316F379AFADF9A9992A778DA67



------------------------------------------------------------------------------------------------------------------------------------------------------------





copy of HIJACK THIS............


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:00 PM, on 1/13/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;tests
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Opera\program\plugins\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Opera\program\plugins\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - Startup: qlock.lnk = C:\Program Files\Qlock\qlock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1243546599515
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Cacheman Service (CachemanService) - Outertech - C:\Program Files\Cacheman\CachemanServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 8678 bytes


#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:05 PM

Posted 14 January 2010 - 03:53 PM

Hello,

You're welcome. smile.gif

From what I see in your logs, to better protect your computer you'd have to cut out at least half of what you're doing. You have too many AntiViruses installed also, and none of them will do any good when you purposely let the bad stuff onto your computer. Also having that many will cause problems....they fight each other for resources and cannot concentrate on protecting your computer.....does that make sense? It looks to me like you use Symantec actively, but I also see Eset and Avira, as well as traces of AVG. You do a lot of downloading from various places, and looks like uploading too, ie, YouTube, Imeem, etc. I'm sure it's all innocent and aboveboard, but the bad guys don't care.....they'll infect anything if it will make them money or satisfy their power trips. dry.gif

If this is the case with the AntiViruses, please do the following, and if not, please leave it and get back to me so I can make the proper adjustments:

Uninstall Avira, AVG, and Eset, reboot, then :

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Opera\program\plugins\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Opera\program\plugins\NPSWF32_FlashUtil.exe -p (User 'Default user')
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Navigate to and delete the following folder(s) (if they exist):

C:\Program Files\ESET
C:\Program Files\Avira
c:\programdata\McAfee
c:\programdata\avg9
c:\program files\AVG

Reboot your computer.

Can you please navigate to the following folder and tell what is inside? c:\programdata\{69D8758C-536D-41E4-8AD5-477C0E634B3B}

I see you have MBAM....please be sure it's updated and have a scan with it. Post the report in your reply, if there is anything to post.

How is it running now?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 host21

host21
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 15 January 2010 - 11:49 AM

Thanks Teacup61,

Unfortunately, I am still getting the redirect. As far as c:\programdata\{69D8758C-536D-41E4-8AD5-477C0E634B3B} . Whats inside is wordsearch software I believe.

Thanks again for your assistance.

---------------------------------

Heres the latest Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:09 PM, on 1/15/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\ASTSRV.EXE
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Cacheman\CachemanServ.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\System32\TUProgSt.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Qlock\qlock.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Windows\system32\ZoneLabs\vsmon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;tests
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - Startup: qlock.lnk = C:\Program Files\Qlock\qlock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1243546599515
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Cacheman Service (CachemanService) - Outertech - C:\Program Files\Cacheman\CachemanServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 9953 bytes


#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:05 PM

Posted 15 January 2010 - 03:21 PM

Hello,

Couple of things then....I haven't seen the usual evidence, but do you use a router? If so, then reset it....put a password on it if you haven't already.

Let's check for rootkits:

Download GMER's application from here:
http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 host21

host21
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 16 January 2010 - 04:23 AM

oh It works now. Didnt need to download the GMER.

Thanks alot for you kinded help! Thanks for taking your fee time helping me. Have a great day!

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:05 PM

Posted 16 January 2010 - 04:25 AM

Hello,

You're welcome. smile.gif

You mean resetting the router worked?

Please delete ComboFix and it's help folder C:/Qoobox

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 host21

host21
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 17 January 2010 - 02:25 PM

ok thanks Ive deleted the combo fix. I think combo fix and hijackthis plus malware bytes eliminated it all too.

Thanks for you help




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users