This is from Feb 17th, I ran this and combo-fix. I remember these two programs from back in October. Combofix seemed to have removed the problem, only temporarily. It keeps on coming back. Thanks for your help.
Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2008-02-17 11:12:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 3 Restore Point(s) --
3: 2008-02-17 19:12:08 UTC - RP126 - Deckard's System Scanner Restore Point
2: 2008-02-17 03:56:19 UTC - RP125 - ComboFix created restore point
1: 2008-02-17 03:55:51 UTC - RP124 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as HP_Administrator.exe) ------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:17 AM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\internet explorer\iexplore.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\HP_Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://softwarerefer...=...6Ojg5&lid=2O1 - Hosts: 200.124.131.116 casinocontroller.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: SXG Advisor - {D79A1DFF-DF93-4AE0-851C-A1F8CA9C78F5} - C:\WINDOWS\dmdvpnkgn.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://appldnld.appl...ex/qtplugin.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1192315881546O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) -
http://www.superadbl...ivex/sabspx.cabO16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) -
https://signin3.valu...018/flashax.cabO16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) -
https://bigdollar.mi...ar/FlashAX2.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: admgcx - {CAB4EEF7-F864-4F5C-B5F3-C31BF6E8C2D2} - C:\WINDOWS\admgcx.dll
O21 - SSODL: bdmanager - {2AE71E61-8633-4B2A-9E4D-D9102B4750E1} - C:\WINDOWS\bdmanager.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 9602 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20071104-195717-528 O1 - Hosts: 200.124.131.116 casinocontroller.com
backup-20071104-195717-756 O17 - HKLM\System\CS1\Services\Tcpip\..\{0FA26B57-28B8-40F8-8ECF-41EB2951CF44}: NameServer = 85.255.113.108 85.255.112.197
backup-20071104-195717-976 O17 - HKLM\System\CCS\Services\Tcpip\..\{0FA26B57-28B8-40F8-8ECF-41EB2951CF44}: NameServer = 85.255.113.108 85.255.112.197
backup-20071104-225527-152 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20071104-225636-128 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ie.redirect.h...a...&pf=desktopbackup-20071104-225636-523 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://ie.redirect.h...a...&pf=desktopbackup-20071104-225636-691 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://ie.redirect.h...a...&pf=desktopbackup-20071104-225636-817 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...a...&pf=desktopbackup-20071104-225636-868 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.h...a...&pf=desktopbackup-20071105-033049-132 O17 - HKLM\System\CS1\Services\Tcpip\..\{0FA26B57-28B8-40F8-8ECF-41EB2951CF44}: NameServer = 208.67.220.220,208.67.222.222
backup-20071105-033049-540 O17 - HKLM\System\CCS\Services\Tcpip\..\{0FA26B57-28B8-40F8-8ECF-41EB2951CF44}: NameServer = 208.67.220.220,208.67.222.222
backup-20071105-033239-290 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...a...&pf=desktopbackup-20071105-033239-437 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://ie.redirect.h...a...&pf=desktopbackup-20071105-033239-499 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...a...&pf=desktopbackup-20071105-033239-555 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://ie.redirect.h...a...&pf=desktopbackup-20071105-033239-685 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ie.redirect.h...a...&pf=desktopbackup-20071105-033239-690 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.h...a...&pf=desktopbackup-20071105-033239-822 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://ie.redirect.h...a...&pf=desktopbackup-20071107-232455-256 O17 - HKLM\System\CS1\Services\Tcpip\..\{0FA26B57-28B8-40F8-8ECF-41EB2951CF44}: NameServer = 85.255.113.108 85.255.112.197
backup-20071107-232455-932 O17 - HKLM\System\CCS\Services\Tcpip\..\{0FA26B57-28B8-40F8-8ECF-41EB2951CF44}: NameServer = 85.255.113.108 85.255.112.197
backup-20071108-024233-405 O17 - HKLM\System\CS1\Services\Tcpip\..\{0FA26B57-28B8-40F8-8ECF-41EB2951CF44}: NameServer = 85.255.113.108 85.255.112.197
backup-20071108-024233-723 O17 - HKLM\System\CCS\Services\Tcpip\..\{0FA26B57-28B8-40F8-8ECF-41EB2951CF44}: NameServer = 85.255.113.108 85.255.112.197
backup-20071108-041551-602 O17 - HKLM\System\CS1\Services\Tcpip\..\{0FA26B57-28B8-40F8-8ECF-41EB2951CF44}: NameServer = 85.255.113.108 85.255.112.197
backup-20071108-041551-934 O17 - HKLM\System\CCS\Services\Tcpip\..\{0FA26B57-28B8-40F8-8ECF-41EB2951CF44}: NameServer = 85.255.113.108 85.255.112.197
backup-20071119-161227-352 O15 - Trusted Zone:
http://*.trymedia.com (HKLM)
backup-20071127-204430-781 O1 - Hosts: 200.124.131.116 casinocontroller.com
backup-20080216-185031-146 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157backup-20080216-185031-242 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896backup-20080216-185031-316 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157backup-20080216-185031-414 O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
backup-20080216-185031-420 O17 - HKLM\System\CS1\Services\Tcpip\..\{0FA26B57-28B8-40F8-8ECF-41EB2951CF44}: NameServer = 68.94.156.1 68.94.157.1
backup-20080216-185031-494 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.com/0SEENUS/SAOS10backup-20080216-185031-536 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://softwarerefer...=...6Ojg5&lid=2backup-20080216-185031-751 O17 - HKLM\System\CCS\Services\Tcpip\..\{0FA26B57-28B8-40F8-8ECF-41EB2951CF44}: NameServer = 68.94.156.1 68.94.157.1
backup-20080216-185031-879 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 CDRPDACC (Arrowkey Device Access) - c:\program files\321studios\shared\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
S3 SABProcEnum - c:\program files\internet explorer\sabprocenum.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S0 Pml Driver HPZ12 - \systemroot\c:\windows\system32\hpzipm12.exe (file missing)
S4 0237021198009577mcinstcleanup (McAfee Application Installer Cleanup (0237021198009577)) - c:\windows\temp\023702~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)
S4 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-01-17 and 2008-02-17 -----------------------------
2008-02-17 11:02:22 0 dr-hs---- C:\cmdcons
2008-02-17 11:02:11 0 d-------- C:\WINDOWS\setupupd
2008-02-16 19:55:34 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-16 19:55:34 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-16 19:55:34 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-16 19:55:34 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-16 17:01:20 0 dr-h----- C:\Documents and Settings\HP_Administrator\Recent
2008-02-16 11:45:56 90112 --a------ C:\WINDOWS\fsxloqf.exe
2008-02-16 11:45:56 204800 --a------ C:\WINDOWS\emotigt.dll <Not Verified; ; emotigt Module>
2008-02-16 11:45:56 262144 --a------ C:\WINDOWS\bdmanager.dll
2008-02-16 11:45:56 266240 --a------ C:\WINDOWS\admgcx.dll <Not Verified; ; admgcx>
2008-02-15 11:24:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-02-15 11:13:59 0 d-------- C:\WINDOWS\system32\appmgmt
2008-02-01 21:09:22 1340 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2008-01-18 22:43:50 0 d-------- C:\Program Files\Cool Cat Casino
2008-01-18 22:26:15 0 d-------- C:\Program Files\DaVincisGold
2008-01-18 22:15:34 0 d-------- C:\Program Files\SimonSays
-- Find3M Report ---------------------------------------------------------------
2008-02-16 21:48:17 1924 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-16 17:15:21 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-16 17:07:06 0 d-------- C:\Program Files\ewido anti-spyware 4.0
2008-02-15 08:20:53 0 d-------- C:\Program Files\Virtual Casino
2008-02-06 12:27:25 255 --a------ C:\Documents and Settings\HP_Administrator\Application Data\WPMail-MAPI-0.1.log.txt
2008-01-26 17:24:57 0 d-------- C:\Program Files\America Online 9.0
2008-01-18 03:31:59 0 d-------- C:\Program Files\eMule
2008-01-17 16:47:43 0 d-------- C:\Program Files\UsUsden200F
2008-01-13 11:32:14 2516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-13 11:32:12 88 -r-hs---- C:\WINDOWS\system32\D6E420E416.sys
2008-01-13 11:31:21 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Corel
2008-01-07 22:57:37 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\GetRightToGo
2008-01-05 23:33:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-05 23:32:25 0 d-------- C:\Program Files\Veoh Networks
2008-01-02 19:55:21 0 d-------- C:\Program Files\WordPerfect Mail
2008-01-02 19:54:26 0 d-------- C:\Program Files\WordPerfect Office X3
2008-01-02 19:53:52 0 d-------- C:\Program Files\Common Files
2008-01-02 19:53:52 0 d-------- C:\Program Files\Common Files\Corel
2008-01-02 19:53:52 0 d-------- C:\Program Files\Common Files\Borland Shared
2008-01-02 19:15:30 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\InstallShield
2007-12-31 07:40:26 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Identities
2007-12-30 11:05:54 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Netscape
2007-12-30 04:13:32 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2007-12-29 23:54:36 0 d-------- C:\Program Files\Gold VIP Club Casino
2007-12-21 17:54:24 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2007-12-20 22:10:59 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Roxio
2007-12-20 19:48:37 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\ieSpell
2007-12-18 12:26:05 0 d-------- C:\Program Files\McAfee
2007-11-25 01:50:41 160569 --a------ C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D79A1DFF-DF93-4AE0-851C-A1F8CA9C78F5}]
C:\WINDOWS\dmdvpnkgn.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [02/13/2006 08:05 PM]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [05/01/2003 05:44 PM]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [10/26/2007 08:06 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/28/2007 12:50 AM]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [01/02/2007 11:21 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/09/2004 08:00 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 03:24 PM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [01/30/2008 01:11 PM]
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 6:16:50 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"admgcx"= {CAB4EEF7-F864-4F5C-B5F3-C31BF6E8C2D2} - C:\WINDOWS\admgcx.dll [02/15/2008 08:23 PM 266240]
"bdmanager"= {2AE71E61-8633-4B2A-9E4D-D9102B4750E1} - C:\WINDOWS\bdmanager.dll [02/15/2008 08:23 PM 262144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
ARPWRMSG.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\Program Files\America Online 9.0\AOL.EXE" -b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
C:\Program Files\DISC\DISCover.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
C:\Program Files\DISC\DiscUpdMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
"c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /run
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IcoSet]
c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe /c
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
"C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\regcmdcons]
c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
"C:\Windows\Creator\Remind_XP.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
-- Hosts -----------------------------------------------------------------------
200.124.131.116 casinocontroller.com
-- End of Deckard's System Scanner: finished at 2008-02-17 11:13:43 ------------