Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

clickspring.net, xxx toolbar, slotch.com, etc. [RESOLVED]

Started by Lukey2000 , Apr 23 2008 11:29 AM

  • This topic is locked This topic is locked

#1
Lukey2000
Posted 23 April 2008 - 11:29 AM

Lukey2000

    Member

  • Member
  • PipPip
  • 16 posts
Superantispyware professional, Ad-aware 2008, and Spybot 1.5.2 (most current) all miss this crap. Is SpyEraser giving me false positives? Nothing seems to show up on the HijackThis 2.0.2 log, but I'm no expert, thus why I'm here. Here's the log. Could you please direct me to help if you can't via HijackThis analysis or your general repertoire?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:23 PM, on 4/23/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\The Cleaner Free\cleaner.exe
C:\Users\Luke\Downloads\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtu.edu/current/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE 7
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9046 bytes
  • 0

Advertisements

#2
Lusitano
Posted 28 April 2008 - 03:22 AM

Lusitano

    Trusted Helper

  • Malware Removal
  • 525 posts
Hi,

Download ComboFix from Here or Here to your Desktop.
Read first: "How to download and use ComboFix"
If you downloaded ComboFix previously, delete that version and download it again as the tool is frequently updated!
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
  • Be sure to re-enable your anti-virus and other security programs, after ComboFix finished.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Extra-Note: Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist. Please read Combofix's Disclaimer


Regards
  • 0

#3
Lukey2000
Posted 02 May 2008 - 11:03 PM

Lukey2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
COMBOFIX LOGFILE BELOW.





ComboFix 08-05-01.3 - Luke 2008-05-03 0:51:35.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1156 [GMT -4:00]
Running from: C:\Users\Luke\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-04-03 to 2008-05-03 )))))))))))))))))))))))))))))))
.

2008-04-30 19:30 . 2008-04-30 19:30 <DIR> d-------- C:\Users\Luke\AppData\Roaming\RTPlayer
2008-04-30 18:57 . 2008-04-30 18:57 <DIR> d-------- C:\Program Files\PixiePack Codec Pack
2008-04-30 18:56 . 2008-05-01 10:25 <DIR> d-------- C:\Users\Luke\AppData\Roaming\Tunebite
2008-04-30 18:56 . 2008-02-20 13:47 27,936 --a------ C:\Windows\System32\drivers\tbhsd.sys
2008-04-30 18:54 . 2008-04-30 18:58 <DIR> d-------- C:\Users\All Users\RapidSolution
2008-04-30 18:54 . 2008-04-30 18:58 <DIR> d-------- C:\ProgramData\RapidSolution
2008-04-30 18:54 . 2008-04-30 18:54 <DIR> d-------- C:\Program Files\RapidSolution
2008-04-30 18:52 . 2008-04-30 18:52 2,723,264 --a------ C:\Users\All Users\vcredist_x86.exe
2008-04-30 18:52 . 2008-04-30 18:52 2,723,264 --a------ C:\ProgramData\vcredist_x86.exe
2008-04-30 14:03 . 2008-04-30 14:04 <DIR> d-------- C:\Windows\System32\Adobe
2008-04-30 13:10 . 2008-04-30 14:50 <DIR> d-------- C:\Program Files\Ruckus Player
2008-04-30 02:55 . 2008-04-30 02:55 <DIR> d-------- C:\cf
2008-04-30 02:43 . 2008-05-01 09:45 <DIR> d-------- C:\Program Files\a-squared Free
2008-04-30 01:55 . 2008-04-30 01:55 <DIR> d-------- C:\Program Files\CCleaner
2008-04-30 00:58 . 2008-04-30 00:58 1,425,432 --a------ C:\SDFix.exe
2008-04-29 10:24 . 2008-04-29 10:24 <DIR> d-------- C:\Users\Luke\AppData\Roaming\Malwarebytes
2008-04-29 10:24 . 2008-04-29 10:24 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-04-29 10:24 . 2008-04-29 10:24 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-04-29 10:24 . 2008-04-29 10:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-27 12:25 . 2008-04-27 12:25 <DIR> d-------- C:\Users\Luke\AppData\Roaming\PC Tools
2008-04-27 12:25 . 2008-04-28 16:20 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-04-27 12:25 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-04-27 12:25 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-04-27 12:25 . 2008-02-01 12:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-04-27 12:25 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-04-27 12:24 . 2008-05-02 00:25 <DIR> d-------- C:\Users\All Users\Google Updater
2008-04-27 12:24 . 2008-05-02 00:25 <DIR> d-------- C:\ProgramData\Google Updater
2008-04-24 19:52 . 2008-05-02 16:47 <DIR> d-------- C:\Users\All Users\TrackMania
2008-04-24 19:52 . 2008-05-02 16:47 <DIR> d-------- C:\ProgramData\TrackMania
2008-04-24 19:27 . 2008-05-02 16:38 <DIR> d-------- C:\Program Files\Steam
2008-04-24 19:27 . 2008-04-28 00:07 <DIR> d-------- C:\Program Files\Common Files\Steam
2008-04-23 13:08 . 2008-04-30 14:35 <DIR> d-------- C:\Program Files\The Cleaner Free
2008-04-22 14:18 . 2008-04-22 14:18 157 --a------ C:\out.xml
2008-04-22 00:32 . 2008-04-22 00:32 <DIR> d-------- C:\Users\Luke\AppData\Roaming\WinPatrol
2008-04-22 00:32 . 2008-04-22 00:32 <DIR> d-------- C:\Program Files\BillP Studios
2008-04-21 18:44 . 2008-04-21 18:44 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-17 16:06 . 2008-04-17 16:06 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-04-17 16:06 . 2008-04-17 16:06 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-04-17 16:06 . 2008-04-17 16:06 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-04-17 16:06 . 2008-04-17 16:06 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-04-17 16:06 . 2008-04-17 16:06 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links
2008-04-17 16:06 . 2008-04-17 16:06 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-04-17 16:06 . 2008-04-17 16:06 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-04-17 15:56 . 2008-04-17 15:56 <DIR> d-------- C:\Users\Luke\AppData\Roaming\muvee Technologies
2008-04-17 13:12 . 2008-05-01 09:18 <DIR> d-------- C:\Program Files\Minefield
2008-04-16 12:17 . 2008-05-03 00:40 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-16 08:17 . 2008-04-16 08:17 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-16 07:51 . 2008-04-16 07:51 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-12 15:16 . 2008-04-19 16:39 691 --a------ C:\Users\Luke\AppData\Roaming\GetValue.vbs
2008-04-12 15:16 . 2008-04-19 16:39 35 --a------ C:\Users\Luke\AppData\Roaming\SetValue.bat
2008-04-10 11:19 . 2008-04-30 10:02 15,648 --a------ C:\Windows\System32\drivers\NSDriver.sys
2008-04-10 11:19 . 2008-04-30 10:02 15,648 --a------ C:\Windows\System32\drivers\AWRTRD.sys
2008-04-10 11:19 . 2008-04-30 10:02 12,960 --a------ C:\Windows\System32\drivers\AWRTPD.sys
2008-04-08 16:57 . 2008-02-29 03:11 988,216 --a------ C:\Windows\System32\winload.exe
2008-04-08 16:57 . 2008-02-29 03:11 927,288 --a------ C:\Windows\System32\winresume.exe
2008-04-08 16:57 . 2008-02-22 01:05 615,992 --a------ C:\Windows\System32\ci.dll
2008-04-08 16:57 . 2008-02-29 03:14 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-07 20:31 . 2008-04-08 13:59 <DIR> d-------- C:\Program Files\Project64 1.6
2008-04-07 20:08 . 2008-04-07 20:09 <DIR> d-------- C:\Users\Luke\AppData\Roaming\GetRightToGo
2008-04-03 19:03 . 2008-04-03 20:42 <DIR> d-------- C:\Program Files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 04:41 --------- d---a-w C:\ProgramData\TEMP
2008-05-01 13:23 --------- d-----w C:\Users\Luke\AppData\Roaming\Ruckus Network
2008-04-30 16:15 --------- d-----w C:\Users\Luke\AppData\Roaming\OpenOffice.org2
2008-04-30 06:48 --------- d-----w C:\Program Files\Uniblue
2008-04-30 06:33 --------- d-----w C:\Program Files\SpywareGuard
2008-04-27 16:24 --------- d-----w C:\Program Files\Google
2008-04-23 20:40 --------- d-----w C:\Program Files\DivX
2008-04-22 17:02 13,144 ----a-w C:\Windows\System32\lsdelete.exe
2008-04-21 22:44 --------- d-----w C:\ProgramData\Lavasoft
2008-04-21 22:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-21 22:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-19 20:39 3,072 ----a-w C:\Windows\System32\tmp.reg
2008-04-17 20:14 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-04-17 20:11 --------- d-----w C:\ProgramData\Roxio
2008-04-17 20:05 --------- d-----w C:\Users\Luke\AppData\Roaming\Roxio
2008-04-17 19:59 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-04-17 15:37 --------- d-----w C:\Program Files\Safari
2008-04-16 16:28 --------- d-----w C:\Program Files\Java
2008-04-08 21:49 --------- d-----w C:\Program Files\Windows Mail
2008-04-08 21:47 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-06 22:28 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-06 19:27 --------- d-----w C:\Program Files\Opera
2008-04-04 14:15 --------- d-----w C:\Program Files\IEPro
2008-04-03 23:03 --------- d-----w C:\Program Files\iPod
2008-04-03 23:02 --------- d-----w C:\Program Files\QuickTime
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-31 00:59 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-03-31 00:39 --------- d-----w C:\Program Files\Real
2008-03-31 00:29 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-03-31 00:27 --------- d-----w C:\Program Files\Microsoft Web Designer Tools
2008-03-31 00:25 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-03-31 00:24 --------- d-----w C:\Program Files\MSBuild
2008-03-30 23:44 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-30 23:34 --------- d-----w C:\Program Files\Microsoft Expression
2008-03-30 14:25 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-30 14:25 --------- d-----w C:\Program Files\Common Files\Real
2008-03-22 03:48 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-03-22 03:47 --------- d-----w C:\Program Files\MSECache
2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-03-20 13:06 --------- d-----w C:\ProgramData\NVIDIA
2008-03-20 06:27 174 --sha-w C:\Program Files\desktop.ini
2008-03-20 06:16 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-20 06:16 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-20 06:16 --------- d-----w C:\Program Files\Windows Journal
2008-03-20 06:16 --------- d-----w C:\Program Files\Windows Defender
2008-03-20 06:16 --------- d-----w C:\Program Files\Windows Collaboration
2008-03-20 06:16 --------- d-----w C:\Program Files\Windows Calendar
2008-03-20 05:49 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-20 05:49 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-20 03:55 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-03-20 03:55 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-03-19 23:02 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-19 22:58 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-13 03:46 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-05 14:52 27,744 ----a-w C:\Users\Luke\AppData\Roaming\nvModes.dat
2008-03-01 06:31 680,960 ----a-w C:\Windows\is-ABLMC.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-02-04 23:04 47,104 ----a-w C:\Windows\System32\KMVIDC32.DLL
2007-11-13 18:55 104 ----a-w C:\Users\Luke\AppData\Roaming\wklnhst.dat
2007-11-22 16:32 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-22 16:32 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-22 16:32 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-12-14 21:29 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
2008-01-14 22:49 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008010720080114\index.dat
2008-01-21 07:57 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011420080121\index.dat
2008-01-21 08:31 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012120080122\index.dat
2008-01-22 14:37 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012220080123\index.dat
2008-01-24 01:40 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012320080124\index.dat
2008-01-25 15:52 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012520080126\index.dat
.
<pre>
----a-w		   325,204 2006-12-22 01:56:28  C:\SwSetup\SP34746\WCAMC\FW_210_Silence Install .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-03 19:51 1481968]
"SuperAdBlocker"="C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe" [2007-08-01 10:28 1564672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 23:38 1008184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 13:50 4390912 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 10:37 174872]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 21:11 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 14:38 159744]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 16:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 19:12 317128]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2008-01-24 20:50 111952]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 11:04 136512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-04-25 13:31 333120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 20:05:35 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [2006-11-07 13:58 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL 2007-08-01 10:28 176128 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C5262C04-670E-407D-A7E8-F81B5E3ABE94}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{63CDDBBA-EAEC-475F-BC35-608C7ED5E6CB}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{454464FF-A4B1-4479-A732-227306BAE003}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{99A41779-6DE4-4A4C-A5A6-7386CCF9C71E}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4C08C3D4-4C2A-47B9-A337-EB42F6123705}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{03896419-8B25-4710-9CEF-5234C43D08E6}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5C165A40-2C81-4544-8A77-01A9F766954D}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2F4B3E9A-3E1C-4B98-B3E7-E3FAEFE06AC8}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7DEB7D63-1C8A-464B-AF09-1D8E17350CEF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{44E2E822-F92E-484B-9CE3-B80BC04E2A75}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3C716799-0293-4364-8CD9-B7178104A74C}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9920260D-6C17-4D3A-A58B-E70FA9652E23}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{77AB1E86-7869-4EF1-8809-389D499B4D66}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{9CF15F32-89A6-491E-81C7-50EEA063CF8B}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{11467F96-B813-4C82-9EE3-5502B94F7419}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{E90E4E0D-97D8-45E8-91BD-7231A1F5D419}"= UDP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{2CC2F029-3E90-4C5A-8819-B888872F6268}"= TCP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"TCP Query User{1098FA47-2F24-4FF9-B9C1-02E5CD1B086D}C:\\program files\\ruckus player\\ruckus.exe"= UDP:C:\program files\ruckus player\ruckus.exe:Ruckus
"UDP Query User{7AE26D85-293C-45E8-9B89-EA54709718B7}C:\\program files\\ruckus player\\ruckus.exe"= TCP:C:\program files\ruckus player\ruckus.exe:Ruckus
"{F7E13307-2CA4-47B1-A041-A54803A1B871}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BF8934E5-9631-4C83-B8C0-86BC822F713E}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{A41E530A-C340-4586-BC10-6F609754E297}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{AF995E23-9305-4653-8762-624199AC6FB5}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{C88DF22D-15B0-441E-B2FC-DD109D96DE70}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{6371AAA4-9F48-4017-8F3B-835CCBA8C86C}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{CCCC8751-CA87-4D78-B94F-7AFDFDE7C241}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{0A65AA49-E46C-4929-84BA-1B90AE3F6511}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{0B395D8A-944B-4A3E-AECA-08A1E771C6BE}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"TCP Query User{9D97ED0D-AE67-4694-BF8F-593477FB54C9}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{DB467A90-40D2-4968-B927-C045550CA18E}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{E2B3CD58-784F-40F4-BB8A-CC78422FA6AC}C:\\users\\luke\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\luke\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{C60E5680-6469-49FC-912B-A8C755F5A80E}C:\\users\\luke\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\luke\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"{B16DD045-00C7-4E7A-8E4E-E1B0F9DA23E3}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{6C69F9F9-5C5C-4385-8A27-95E32DBA2EEA}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{72A63F54-DA38-4C16-BFD5-B72DBDC28D30}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{AB8AE14D-7E1E-4DE0-9D26-FA44AFD635F1}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{2B44CA53-C456-4B98-BAC6-AA3B5E5A0430}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{6865D370-D1FA-4AA5-B572-B3907B6B4CC2}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{F2057C9A-853C-47B1-87C4-1B9F4B023F69}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{E9CBD3BC-4BA1-47EB-9CC8-4374E6196BBC}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{9D1C317B-A71F-4C59-9AC5-1884CAFFB5CE}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{2A274219-D044-4BF1-9753-9DA6E655A5F0}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"{ED21A9E8-6BAD-4F70-8182-B037B04EAE9D}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{6E2D45DF-32A9-4751-9B57-99D43BD8929B}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{B52AAA73-DECA-4678-8004-B0AF8029199E}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{5E6A33C6-90C0-45FE-B69A-2616E1CA789F}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{65CCB6C5-8A3B-472B-B4A7-ABF1DF6F61D5}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"{024B1988-1734-4801-B1F1-4C96F5A61888}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E2DCDEA6-5CD7-46FE-A8DB-25A994E9F0DF}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9E98FD2B-7C1F-4C2C-A9A4-2AD5195C0BA6}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5C665FFE-8ABB-46A2-8DC8-50B6F7E2060B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5AFC37CD-F467-4478-B39F-BB6FA772C378}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{DFC2EF3A-561E-4931-B974-56E61B9E8885}C:\\users\\luke\\documents\\downloads\\downloads\\worms 4 mayhem.exe"= UDP:C:\users\luke\documents\downloads\downloads\worms 4 mayhem.exe:worms 4 mayhem.exe
"UDP Query User{D5AAEAD2-D3F1-40D6-A297-30FD69B1550F}C:\\users\\luke\\documents\\downloads\\downloads\\worms 4 mayhem.exe"= TCP:C:\users\luke\documents\downloads\downloads\worms 4 mayhem.exe:worms 4 mayhem.exe
"TCP Query User{D42E34CD-7088-4B4C-A827-8AE03F2079C2}C:\\users\\luke\\appdata\\local\\temp\\rar$ex00.195\\worms 4 mayhem.exe"= UDP:C:\users\luke\appdata\local\temp\rar$ex00.195\worms 4 mayhem.exe:worms 4 mayhem.exe
"UDP Query User{9E294359-37E4-4369-9A4E-1BF8A0167081}C:\\users\\luke\\appdata\\local\\temp\\rar$ex00.195\\worms 4 mayhem.exe"= TCP:C:\users\luke\appdata\local\temp\rar$ex00.195\worms 4 mayhem.exe:worms 4 mayhem.exe
"TCP Query User{32FB0B8E-89F2-4CF5-9CAB-261AEF4FBE12}C:\\users\\luke\\appdata\\local\\temp\\rar$ex01.742\\worms 4 mayhem.exe"= UDP:C:\users\luke\appdata\local\temp\rar$ex01.742\worms 4 mayhem.exe:worms 4 mayhem.exe
"UDP Query User{D1D6205A-6308-4F46-99DE-9BDB0EA007C0}C:\\users\\luke\\appdata\\local\\temp\\rar$ex01.742\\worms 4 mayhem.exe"= TCP:C:\users\luke\appdata\local\temp\rar$ex01.742\worms 4 mayhem.exe:worms 4 mayhem.exe
"{24071401-2B69-4396-9841-324865855999}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DB695777-5ACB-464F-8979-DE01252D06D0}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{62166122-9ED2-4804-9C5C-57B3A8D5EF3E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9DFB7600-017D-4C7E-973F-45EF4F3D4B11}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{FA0E0C48-1735-408D-9344-F41491FCA155}C:\\team17\\worms2\\frontend.exe"= UDP:C:\team17\worms2\frontend.exe:Worms 2 Frontend
"UDP Query User{0B8889FC-66B0-47B7-A239-835C55F3E840}C:\\team17\\worms2\\frontend.exe"= TCP:C:\team17\worms2\frontend.exe:Worms 2 Frontend
"{94D7A1F0-B5FE-450F-A5A3-93158BD7972A}"= UDP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{62AA4180-3B71-4242-9D7D-660D2474B394}"= TCP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{E10AC196-0399-4893-AB26-33135CCCF8C2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BBF69BD2-1F79-4A2F-8696-8EF17609BA9A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CC7B59E3-A3B6-4284-88AD-78771195A9BC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{BE275ABC-8835-43E6-8375-7EFEA22A6062}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{E7FDC786-1B35-4BCB-B5B4-20EA2FC1B9F0}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{74EDB1DC-E552-49C8-A76B-F7B1BF26B4A4}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7EBF8BDE-2C67-4D72-812B-0F18F3C051F5}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{894D93F4-9102-4E6C-A31F-60F0B300A491}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{005D257E-1CE6-423B-A0D4-43594F3CD676}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{31A2AC4D-2954-466B-A308-CC59614FD265}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{44F09202-814D-4FE7-9062-8E4AEB907158}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"TCP Query User{678501D1-57B0-46F5-9CA9-D014830FEF9C}C:\\team17\\worms2 demo\\worms2.exe"= UDP:C:\team17\worms2 demo\worms2.exe:Worms 2 Frontend Demo
"UDP Query User{A1919551-E18E-4739-9FD6-BCAA69BC3977}C:\\team17\\worms2 demo\\worms2.exe"= TCP:C:\team17\worms2 demo\worms2.exe:Worms 2 Frontend Demo
"TCP Query User{DEFEEB4B-4892-4131-AC63-C5601851D123}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{3D083B7B-52AC-4D37-8CF1-9E480B159697}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"{444B7484-2606-4A02-9F06-E01D946AF32E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{F85C351A-8420-40C2-8132-9B5B43B8D78E}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{7F7C8932-FE2C-437C-8930-EE9E521E6A22}"= UDP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{678CD53A-5442-4183-B1E4-3C330690E975}"= TCP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"TCP Query User{3E934EBC-7DE6-4D16-A8DB-FD06BE8DB7C7}C:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"UDP Query User{CCECB094-D5EC-45C6-BCC9-2CD4C3CCBADC}C:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\\Program Files\\IEPro\\MiniDM.exe"= C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\Windows\system32\Drivers\SSFS0BB8.SYS [2007-07-19 23:42]
R1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [2007-02-20 17:02]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 18:50]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-04-12 04:50]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-04-12 04:50]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-04-12 04:53]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
S1 SABDIFSV;SABDIFSV;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [2005-09-21 12:17]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 03:30]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-24 19:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-22 03:45:38 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-22 01:15:44 C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-12-14 02:15:55 C:\Windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-01-29 14:29:53 C:\Windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-05-03 04:40:25 C:\Windows\Tasks\User_Feed_Synchronization-{9D8CDE7C-01E5-4293-9409-14C682154076}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-03 00:55:37
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-03 0:57:23
ComboFix-quarantined-files.txt 2008-05-03 04:56:59
ComboFix2.txt 2008-04-30 05:33:14

Pre-Run: 86,634,233,856 bytes free
Post-Run: 86,594,777,088 bytes free

347 --- E O F --- 2008-05-03 04:43:57









HIJACKTHIS LOGFILE BELOW...





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:04 AM, on 05/03/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Luke\Downloads\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtu.edu/current/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71147865-9F2B-4375-81FF-7040448863D3}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9979 bytes
  • 0

#4
Lusitano
Posted 03 May 2008 - 03:28 AM

Lusitano

    Trusted Helper

  • Malware Removal
  • 525 posts
Hello

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.


Now, close any open browsers.
  • Open notepad and copy/paste the text in the quotebox below into it:
RenV::
----a-w		   325,204 2006-12-22 01:56:28  C:\SwSetup\SP34746\WCAMC\FW_210_Silence Install .exe
IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!
  • Save this as CFScript.txt, in the same location as ComboFix.exe
    Posted Image
  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt". Post them along with a new HijackThis log.
Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall
  • 0

#5
Lukey2000
Posted 03 May 2008 - 12:56 PM

Lukey2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
ComboFix 08-05-01.3 - Luke 2008-05-03 14:39:27.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1202 [GMT -4:00]
Running from: C:\Users\Luke\Desktop\CF.exe
Command switches used :: C:\Users\Luke\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-04-03 to 2008-05-03 )))))))))))))))))))))))))))))))
.

2008-05-03 00:49 . 2008-05-03 00:57 <DIR> d-------- C:\ComboFix
2008-04-30 19:30 . 2008-04-30 19:30 <DIR> d-------- C:\Users\Luke\AppData\Roaming\RTPlayer
2008-04-30 18:57 . 2008-04-30 18:57 <DIR> d-------- C:\Program Files\PixiePack Codec Pack
2008-04-30 18:56 . 2008-05-01 10:25 <DIR> d-------- C:\Users\Luke\AppData\Roaming\Tunebite
2008-04-30 18:56 . 2008-02-20 13:47 27,936 --a------ C:\Windows\System32\drivers\tbhsd.sys
2008-04-30 18:54 . 2008-04-30 18:58 <DIR> d-------- C:\Users\All Users\RapidSolution
2008-04-30 18:54 . 2008-04-30 18:58 <DIR> d-------- C:\ProgramData\RapidSolution
2008-04-30 18:54 . 2008-04-30 18:54 <DIR> d-------- C:\Program Files\RapidSolution
2008-04-30 18:52 . 2008-04-30 18:52 2,723,264 --a------ C:\Users\All Users\vcredist_x86.exe
2008-04-30 18:52 . 2008-04-30 18:52 2,723,264 --a------ C:\ProgramData\vcredist_x86.exe
2008-04-30 14:03 . 2008-04-30 14:04 <DIR> d-------- C:\Windows\System32\Adobe
2008-04-30 13:10 . 2008-04-30 14:50 <DIR> d-------- C:\Program Files\Ruckus Player
2008-04-30 02:43 . 2008-05-01 09:45 <DIR> d-------- C:\Program Files\a-squared Free
2008-04-30 01:55 . 2008-04-30 01:55 <DIR> d-------- C:\Program Files\CCleaner
2008-04-30 00:58 . 2008-04-30 00:58 1,425,432 --a------ C:\SDFix.exe
2008-04-29 10:24 . 2008-04-29 10:24 <DIR> d-------- C:\Users\Luke\AppData\Roaming\Malwarebytes
2008-04-29 10:24 . 2008-04-29 10:24 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-04-29 10:24 . 2008-04-29 10:24 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-04-29 10:24 . 2008-04-29 10:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-27 12:25 . 2008-04-27 12:25 <DIR> d-------- C:\Users\Luke\AppData\Roaming\PC Tools
2008-04-27 12:25 . 2008-04-28 16:20 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-04-27 12:25 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-04-27 12:25 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-04-27 12:25 . 2008-02-01 12:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-04-27 12:25 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-04-27 12:24 . 2008-05-03 01:25 <DIR> d-------- C:\Users\All Users\Google Updater
2008-04-27 12:24 . 2008-05-03 01:25 <DIR> d-------- C:\ProgramData\Google Updater
2008-04-24 19:52 . 2008-05-02 16:47 <DIR> d-------- C:\Users\All Users\TrackMania
2008-04-24 19:52 . 2008-05-02 16:47 <DIR> d-------- C:\ProgramData\TrackMania
2008-04-24 19:27 . 2008-05-02 16:38 <DIR> d-------- C:\Program Files\Steam
2008-04-24 19:27 . 2008-04-28 00:07 <DIR> d-------- C:\Program Files\Common Files\Steam
2008-04-23 13:08 . 2008-04-30 14:35 <DIR> d-------- C:\Program Files\The Cleaner Free
2008-04-22 14:18 . 2008-04-22 14:18 157 --a------ C:\out.xml
2008-04-22 00:32 . 2008-04-22 00:32 <DIR> d-------- C:\Users\Luke\AppData\Roaming\WinPatrol
2008-04-22 00:32 . 2008-04-22 00:32 <DIR> d-------- C:\Program Files\BillP Studios
2008-04-21 18:44 . 2008-04-21 18:44 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-17 16:06 . 2008-04-17 16:06 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-04-17 16:06 . 2008-04-17 16:06 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-04-17 16:06 . 2008-04-17 16:06 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-04-17 16:06 . 2008-04-17 16:06 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-04-17 16:06 . 2008-04-17 16:06 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links
2008-04-17 16:06 . 2008-04-17 16:06 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-04-17 16:06 . 2008-04-17 16:06 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-04-17 15:56 . 2008-04-17 15:56 <DIR> d-------- C:\Users\Luke\AppData\Roaming\muvee Technologies
2008-04-17 13:12 . 2008-05-03 14:34 <DIR> d-------- C:\Program Files\Minefield
2008-04-16 12:17 . 2008-05-03 00:40 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-16 08:17 . 2008-04-16 08:17 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-16 07:51 . 2008-04-16 07:51 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-12 15:16 . 2008-04-19 16:39 691 --a------ C:\Users\Luke\AppData\Roaming\GetValue.vbs
2008-04-12 15:16 . 2008-04-19 16:39 35 --a------ C:\Users\Luke\AppData\Roaming\SetValue.bat
2008-04-10 11:19 . 2008-04-30 10:02 15,648 --a------ C:\Windows\System32\drivers\NSDriver.sys
2008-04-10 11:19 . 2008-04-30 10:02 15,648 --a------ C:\Windows\System32\drivers\AWRTRD.sys
2008-04-10 11:19 . 2008-04-30 10:02 12,960 --a------ C:\Windows\System32\drivers\AWRTPD.sys
2008-04-08 16:57 . 2008-02-29 03:11 988,216 --a------ C:\Windows\System32\winload.exe
2008-04-08 16:57 . 2008-02-29 03:11 927,288 --a------ C:\Windows\System32\winresume.exe
2008-04-08 16:57 . 2008-02-22 01:05 615,992 --a------ C:\Windows\System32\ci.dll
2008-04-08 16:57 . 2008-02-29 03:14 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-07 20:31 . 2008-04-08 13:59 <DIR> d-------- C:\Program Files\Project64 1.6
2008-04-07 20:08 . 2008-04-07 20:09 <DIR> d-------- C:\Users\Luke\AppData\Roaming\GetRightToGo
2008-04-03 19:03 . 2008-04-03 20:42 <DIR> d-------- C:\Program Files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 18:35 --------- d-----w C:\Program Files\SpywareGuard
2008-05-03 04:41 --------- d---a-w C:\ProgramData\TEMP
2008-05-01 13:23 --------- d-----w C:\Users\Luke\AppData\Roaming\Ruckus Network
2008-04-30 16:15 --------- d-----w C:\Users\Luke\AppData\Roaming\OpenOffice.org2
2008-04-30 06:48 --------- d-----w C:\Program Files\Uniblue
2008-04-27 16:24 --------- d-----w C:\Program Files\Google
2008-04-23 20:40 --------- d-----w C:\Program Files\DivX
2008-04-22 17:02 13,144 ----a-w C:\Windows\System32\lsdelete.exe
2008-04-21 22:44 --------- d-----w C:\ProgramData\Lavasoft
2008-04-21 22:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-21 22:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-19 20:39 3,072 ----a-w C:\Windows\System32\tmp.reg
2008-04-17 20:14 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-04-17 20:11 --------- d-----w C:\ProgramData\Roxio
2008-04-17 20:05 --------- d-----w C:\Users\Luke\AppData\Roaming\Roxio
2008-04-17 19:59 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-04-17 15:37 --------- d-----w C:\Program Files\Safari
2008-04-16 16:28 --------- d-----w C:\Program Files\Java
2008-04-08 21:49 --------- d-----w C:\Program Files\Windows Mail
2008-04-08 21:47 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-06 22:28 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-06 19:27 --------- d-----w C:\Program Files\Opera
2008-04-04 14:15 --------- d-----w C:\Program Files\IEPro
2008-04-03 23:03 --------- d-----w C:\Program Files\iPod
2008-04-03 23:02 --------- d-----w C:\Program Files\QuickTime
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-31 00:59 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-03-31 00:39 --------- d-----w C:\Program Files\Real
2008-03-31 00:29 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-03-31 00:27 --------- d-----w C:\Program Files\Microsoft Web Designer Tools
2008-03-31 00:25 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-03-31 00:24 --------- d-----w C:\Program Files\MSBuild
2008-03-30 23:44 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-30 23:34 --------- d-----w C:\Program Files\Microsoft Expression
2008-03-30 14:25 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-30 14:25 --------- d-----w C:\Program Files\Common Files\Real
2008-03-22 03:48 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-03-22 03:47 --------- d-----w C:\Program Files\MSECache
2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-03-20 13:06 --------- d-----w C:\ProgramData\NVIDIA
2008-03-20 06:27 174 --sha-w C:\Program Files\desktop.ini
2008-03-20 06:16 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-20 06:16 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-20 06:16 --------- d-----w C:\Program Files\Windows Journal
2008-03-20 06:16 --------- d-----w C:\Program Files\Windows Defender
2008-03-20 06:16 --------- d-----w C:\Program Files\Windows Collaboration
2008-03-20 06:16 --------- d-----w C:\Program Files\Windows Calendar
2008-03-20 05:49 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-20 05:49 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-20 03:55 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-03-20 03:55 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-03-19 23:02 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-19 22:58 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-13 03:46 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-05 14:52 27,744 ----a-w C:\Users\Luke\AppData\Roaming\nvModes.dat
2008-03-01 06:31 680,960 ----a-w C:\Windows\is-ABLMC.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-02-04 23:04 47,104 ----a-w C:\Windows\System32\KMVIDC32.DLL
2007-11-13 18:55 104 ----a-w C:\Users\Luke\AppData\Roaming\wklnhst.dat
2007-11-22 16:32 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-22 16:32 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-22 16:32 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-12-14 21:29 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
2008-01-14 22:49 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008010720080114\index.dat
2008-01-21 07:57 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011420080121\index.dat
2008-01-21 08:31 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012120080122\index.dat
2008-01-22 14:37 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012220080123\index.dat
2008-01-24 01:40 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012320080124\index.dat
2008-01-25 15:52 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012520080126\index.dat
.
<pre>
----a-w		   325,204 2006-12-22 01:56:28  C:\SwSetup\SP34746\WCAMC\FW_210_Silence Install .exe
</pre>


((((((((((((((((((((((((((((( snapshot@2008-05-03_ 0.56.37.27 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-03 04:35:30 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-03 18:26:56 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-03 04:35:31 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-03 18:26:57 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-03 04:35:31 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-03 18:26:57 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-03 04:51:24 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-03 18:42:29 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-03 04:38:34 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-03 18:30:02 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-03 18:30:02 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-03 04:50:33 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-03 18:38:48 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-03 04:38:29 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-03 18:29:24 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-03 18:29:24 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-02 21:24:03 1,540,096 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-03 05:25:35 1,540,096 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-02 21:24:03 917,504 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-03 05:25:35 917,504 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-02 21:24:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-03 05:25:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-03 04:39:14 17,302 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2956295170-3445649005-62483664-1000_UserData.bin
+ 2008-05-03 18:30:22 17,302 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2956295170-3445649005-62483664-1000_UserData.bin
- 2008-05-03 04:39:13 80,172 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-03 18:30:22 80,196 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-03 04:38:56 68,256 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-03 18:30:20 68,288 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-04-23 03:52:01 262,766 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-05-03 15:46:29 264,306 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-03 19:51 1481968]
"SuperAdBlocker"="C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe" [2007-08-01 10:28 1564672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 23:38 1008184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 13:50 4390912 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 10:37 174872]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 21:11 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 14:38 159744]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 16:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 19:12 317128]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2008-01-24 20:50 111952]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 11:04 136512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-04-25 13:31 333120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 20:05:35 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [2006-11-07 13:58 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL 2007-08-01 10:28 176128 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C5262C04-670E-407D-A7E8-F81B5E3ABE94}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{63CDDBBA-EAEC-475F-BC35-608C7ED5E6CB}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{454464FF-A4B1-4479-A732-227306BAE003}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{99A41779-6DE4-4A4C-A5A6-7386CCF9C71E}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4C08C3D4-4C2A-47B9-A337-EB42F6123705}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{03896419-8B25-4710-9CEF-5234C43D08E6}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5C165A40-2C81-4544-8A77-01A9F766954D}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2F4B3E9A-3E1C-4B98-B3E7-E3FAEFE06AC8}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7DEB7D63-1C8A-464B-AF09-1D8E17350CEF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{44E2E822-F92E-484B-9CE3-B80BC04E2A75}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3C716799-0293-4364-8CD9-B7178104A74C}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9920260D-6C17-4D3A-A58B-E70FA9652E23}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{77AB1E86-7869-4EF1-8809-389D499B4D66}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{9CF15F32-89A6-491E-81C7-50EEA063CF8B}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{11467F96-B813-4C82-9EE3-5502B94F7419}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{E90E4E0D-97D8-45E8-91BD-7231A1F5D419}"= UDP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{2CC2F029-3E90-4C5A-8819-B888872F6268}"= TCP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"TCP Query User{1098FA47-2F24-4FF9-B9C1-02E5CD1B086D}C:\\program files\\ruckus player\\ruckus.exe"= UDP:C:\program files\ruckus player\ruckus.exe:Ruckus
"UDP Query User{7AE26D85-293C-45E8-9B89-EA54709718B7}C:\\program files\\ruckus player\\ruckus.exe"= TCP:C:\program files\ruckus player\ruckus.exe:Ruckus
"{F7E13307-2CA4-47B1-A041-A54803A1B871}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BF8934E5-9631-4C83-B8C0-86BC822F713E}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{A41E530A-C340-4586-BC10-6F609754E297}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{AF995E23-9305-4653-8762-624199AC6FB5}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{C88DF22D-15B0-441E-B2FC-DD109D96DE70}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{6371AAA4-9F48-4017-8F3B-835CCBA8C86C}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{CCCC8751-CA87-4D78-B94F-7AFDFDE7C241}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{0A65AA49-E46C-4929-84BA-1B90AE3F6511}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{0B395D8A-944B-4A3E-AECA-08A1E771C6BE}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"TCP Query User{9D97ED0D-AE67-4694-BF8F-593477FB54C9}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{DB467A90-40D2-4968-B927-C045550CA18E}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{E2B3CD58-784F-40F4-BB8A-CC78422FA6AC}C:\\users\\luke\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\luke\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{C60E5680-6469-49FC-912B-A8C755F5A80E}C:\\users\\luke\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\luke\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"{B16DD045-00C7-4E7A-8E4E-E1B0F9DA23E3}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{6C69F9F9-5C5C-4385-8A27-95E32DBA2EEA}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{72A63F54-DA38-4C16-BFD5-B72DBDC28D30}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{AB8AE14D-7E1E-4DE0-9D26-FA44AFD635F1}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{2B44CA53-C456-4B98-BAC6-AA3B5E5A0430}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{6865D370-D1FA-4AA5-B572-B3907B6B4CC2}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{F2057C9A-853C-47B1-87C4-1B9F4B023F69}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{E9CBD3BC-4BA1-47EB-9CC8-4374E6196BBC}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{9D1C317B-A71F-4C59-9AC5-1884CAFFB5CE}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{2A274219-D044-4BF1-9753-9DA6E655A5F0}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"{ED21A9E8-6BAD-4F70-8182-B037B04EAE9D}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{6E2D45DF-32A9-4751-9B57-99D43BD8929B}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{B52AAA73-DECA-4678-8004-B0AF8029199E}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{5E6A33C6-90C0-45FE-B69A-2616E1CA789F}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{65CCB6C5-8A3B-472B-B4A7-ABF1DF6F61D5}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"{024B1988-1734-4801-B1F1-4C96F5A61888}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E2DCDEA6-5CD7-46FE-A8DB-25A994E9F0DF}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9E98FD2B-7C1F-4C2C-A9A4-2AD5195C0BA6}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5C665FFE-8ABB-46A2-8DC8-50B6F7E2060B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5AFC37CD-F467-4478-B39F-BB6FA772C378}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{DFC2EF3A-561E-4931-B974-56E61B9E8885}C:\\users\\luke\\documents\\downloads\\downloads\\worms 4 mayhem.exe"= UDP:C:\users\luke\documents\downloads\downloads\worms 4 mayhem.exe:worms 4 mayhem.exe
"UDP Query User{D5AAEAD2-D3F1-40D6-A297-30FD69B1550F}C:\\users\\luke\\documents\\downloads\\downloads\\worms 4 mayhem.exe"= TCP:C:\users\luke\documents\downloads\downloads\worms 4 mayhem.exe:worms 4 mayhem.exe
"TCP Query User{D42E34CD-7088-4B4C-A827-8AE03F2079C2}C:\\users\\luke\\appdata\\local\\temp\\rar$ex00.195\\worms 4 mayhem.exe"= UDP:C:\users\luke\appdata\local\temp\rar$ex00.195\worms 4 mayhem.exe:worms 4 mayhem.exe
"UDP Query User{9E294359-37E4-4369-9A4E-1BF8A0167081}C:\\users\\luke\\appdata\\local\\temp\\rar$ex00.195\\worms 4 mayhem.exe"= TCP:C:\users\luke\appdata\local\temp\rar$ex00.195\worms 4 mayhem.exe:worms 4 mayhem.exe
"TCP Query User{32FB0B8E-89F2-4CF5-9CAB-261AEF4FBE12}C:\\users\\luke\\appdata\\local\\temp\\rar$ex01.742\\worms 4 mayhem.exe"= UDP:C:\users\luke\appdata\local\temp\rar$ex01.742\worms 4 mayhem.exe:worms 4 mayhem.exe
"UDP Query User{D1D6205A-6308-4F46-99DE-9BDB0EA007C0}C:\\users\\luke\\appdata\\local\\temp\\rar$ex01.742\\worms 4 mayhem.exe"= TCP:C:\users\luke\appdata\local\temp\rar$ex01.742\worms 4 mayhem.exe:worms 4 mayhem.exe
"{24071401-2B69-4396-9841-324865855999}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DB695777-5ACB-464F-8979-DE01252D06D0}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{62166122-9ED2-4804-9C5C-57B3A8D5EF3E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9DFB7600-017D-4C7E-973F-45EF4F3D4B11}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{FA0E0C48-1735-408D-9344-F41491FCA155}C:\\team17\\worms2\\frontend.exe"= UDP:C:\team17\worms2\frontend.exe:Worms 2 Frontend
"UDP Query User{0B8889FC-66B0-47B7-A239-835C55F3E840}C:\\team17\\worms2\\frontend.exe"= TCP:C:\team17\worms2\frontend.exe:Worms 2 Frontend
"{94D7A1F0-B5FE-450F-A5A3-93158BD7972A}"= UDP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{62AA4180-3B71-4242-9D7D-660D2474B394}"= TCP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{E10AC196-0399-4893-AB26-33135CCCF8C2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BBF69BD2-1F79-4A2F-8696-8EF17609BA9A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CC7B59E3-A3B6-4284-88AD-78771195A9BC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{BE275ABC-8835-43E6-8375-7EFEA22A6062}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{E7FDC786-1B35-4BCB-B5B4-20EA2FC1B9F0}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{74EDB1DC-E552-49C8-A76B-F7B1BF26B4A4}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7EBF8BDE-2C67-4D72-812B-0F18F3C051F5}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{894D93F4-9102-4E6C-A31F-60F0B300A491}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{005D257E-1CE6-423B-A0D4-43594F3CD676}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{31A2AC4D-2954-466B-A308-CC59614FD265}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{44F09202-814D-4FE7-9062-8E4AEB907158}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"TCP Query User{678501D1-57B0-46F5-9CA9-D014830FEF9C}C:\\team17\\worms2 demo\\worms2.exe"= UDP:C:\team17\worms2 demo\worms2.exe:Worms 2 Frontend Demo
"UDP Query User{A1919551-E18E-4739-9FD6-BCAA69BC3977}C:\\team17\\worms2 demo\\worms2.exe"= TCP:C:\team17\worms2 demo\worms2.exe:Worms 2 Frontend Demo
"TCP Query User{DEFEEB4B-4892-4131-AC63-C5601851D123}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{3D083B7B-52AC-4D37-8CF1-9E480B159697}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"{444B7484-2606-4A02-9F06-E01D946AF32E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{F85C351A-8420-40C2-8132-9B5B43B8D78E}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{7F7C8932-FE2C-437C-8930-EE9E521E6A22}"= UDP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{678CD53A-5442-4183-B1E4-3C330690E975}"= TCP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"TCP Query User{3E934EBC-7DE6-4D16-A8DB-FD06BE8DB7C7}C:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"UDP Query User{CCECB094-D5EC-45C6-BCC9-2CD4C3CCBADC}C:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\\Program Files\\IEPro\\MiniDM.exe"= C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\Windows\system32\Drivers\SSFS0BB8.SYS [2007-07-19 23:42]
R1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [2007-02-20 17:02]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 18:50]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-04-12 04:50]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-04-12 04:50]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-04-12 04:53]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
S1 SABDIFSV;SABDIFSV;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [2005-09-21 12:17]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 03:30]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-24 19:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-22 03:45:38 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-22 01:15:44 C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-12-14 02:15:55 C:\Windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-01-29 14:29:53 C:\Windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-05-03 04:40:25 C:\Windows\Tasks\User_Feed_Synchronization-{9D8CDE7C-01E5-4293-9409-14C682154076}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-03 14:44:02
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-03 14:46:44
ComboFix-quarantined-files.txt 2008-05-03 18:46:36
ComboFix2.txt 2008-05-03 04:57:24
ComboFix3.txt 2008-04-30 05:33:14

Pre-Run: 85,681,876,992 bytes free
Post-Run: 85,643,079,680 bytes free

384 --- E O F --- 2008-05-03 04:43:57






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:55:34 PM, on 05/03/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Minefield\firefox.exe
C:\Program Files\Safari\Safari.exe
C:\Users\Luke\Downloads\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtu.edu/current/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71147865-9F2B-4375-81FF-7040448863D3}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9977 bytes
  • 0

#6
Lusitano
Posted 05 May 2008 - 03:39 AM

Lusitano

    Trusted Helper

  • Malware Removal
  • 525 posts
Hello,

1. Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


2. Please do an online scan with Kaspersky WebScanner

Click on Posted Image

You will be prompted to install an ActiveX component from Kaspersky, Click Posted Image
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on Posted Image
  • Now click on Posted Image
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click Posted Image
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post, along whit a new HijackThis log. Also let me know how i your computer its running.

  • 0

#7
Lukey2000
Posted 05 May 2008 - 08:09 AM

Lukey2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I've come across a problem. I accepted the scanner's (kaspersky) Active X controls, and I tried to run the scan. It updated the definitions to today's latest ones. In the scanner's window, it then just read "ready." There doesn't appear to be a way to scan or do anything after the update. ??????
  • 0

#8
Lusitano
Posted 05 May 2008 - 09:02 AM

Lusitano

    Trusted Helper

  • Malware Removal
  • 525 posts
Please try on this:

Please go here to run an online scannner from ESET:
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic, along with a new HijackThis log and a description of any remaining problems

  • 0

#9
Lukey2000
Posted 06 May 2008 - 01:13 PM

Lukey2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3079 (20080506)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=ef7c8c201944a341a5167604d5c6aa97
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-05-06 07:07:26
# local_time=2008-05-06 03:07:26 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.0.6001 NT Service Pack 1
# scanned=598720
# found=0
# scan_time=7414




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:12:14 PM, on 05/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\SpywareGuard\sgbhp.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Luke\Downloads\HiJackThis\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msu.edu/current
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71147865-9F2B-4375-81FF-7040448863D3}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 12312 bytes


EVERYTHING SEEMS (AT LEAST TO ME) TO BE WORKING FINE. THANK YOU.
  • 0

#10
Lusitano
Posted 07 May 2008 - 03:39 AM

Lusitano

    Trusted Helper

  • Malware Removal
  • 525 posts
Good job, yours logs are clean :)

Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Posted Image


Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
  • Follow the instructions here for Windows Vista to disable and then reenable system restore in order to clear old restore points:
    http://www.pchell.co...emrestore.shtml
    Note: only do this once, and not on a regular basis
  • Download and install an antivirus program, and make sure that you keep it updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software
    Two good antivirus programs free for non-commercial home use are Avast! and Antivir
    Two good paid for antivirus programs are NOD32 and Bitdefender
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications
    Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
  • Make Internet Explorer more secure
    Click Start > Run
    Type Inetcpl.cpl & click OK
    Click on the Security tab
    Click Reset all zones to default level
    Make sure the Internet Zone is selected & Click Custom level
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster from here
  • Install and use Spybot Search & Destroy
    Instructions are located here
    Make sure you update, reimmunize & scan regularly
  • Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy
    • Run Spybot Search & Destroy
    • Click on Mode, and then place a tick next to Advanced mode
    • Click Yes
    • In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File
    • Click on Add Spybot-S&D hosts list
    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start > Run
    • Type services.msc & click OK
    • In the list, find the service called DNS Client & double click on it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK & then close the Services window
    For a more detailed explanation of the HOSTS file, click here
  • Install a-squared Free & update and scan with it regularly
    a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
    Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
  • Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date
Glad i was able to help and please let me know if you still need assistence.Posted Image
  • 0

#11
Lusitano
Posted 14 May 2008 - 11:56 AM

Lusitano

    Trusted Helper

  • Malware Removal
  • 525 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP