ComboFix 08-08-14.05 - user 2008-08-15 11:53:53.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1044 [GMT -4:00]
Running from: C:\Users\user\Downloads\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\user\AppData\Roaming\macromedia\Flash Player\#SharedObjects\9EWTN477\interclick.com
C:\Users\user\AppData\Roaming\macromedia\Flash Player\#SharedObjects\9EWTN477\interclick.com\ud.sol
C:\Users\user\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\user\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@ebay[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][2].txt
C:\Windows\system32\KBL.LOG
----- BITS: Possible infected sites -----
http://www.vongo.com.
((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 )))))))))))))))))))))))))))))))
.
2008-08-15 02:11 . 2008-07-15 21:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-14 23:43 . 2008-06-26 21:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-14 23:43 . 2008-06-27 00:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-14 23:43 . 2008-06-18 23:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-14 23:43 . 2008-04-18 01:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-14 23:41 . 2008-04-10 01:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-14 12:44 . 2008-08-14 12:48 <DIR> d-------- C:\Users\user\AppData\Roaming\uTorrent
2008-08-14 00:28 . 2008-08-14 00:28 <DIR> d-------- C:\Program Files\NetMeeting Resource Kit
2008-08-13 07:52 . 2008-08-13 07:52 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-12 22:43 . 2008-08-12 22:43 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-12 22:42 . 2008-08-12 22:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-11 21:27 . 2008-08-11 21:27 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-08-11 21:27 . 2008-08-11 21:29 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-08-10 17:41 . 2008-08-10 17:41 <DIR> d-------- C:\Users\user\AppData\Roaming\eBay
2008-08-09 15:03 . 2008-08-10 18:52 <DIR> d-------- C:\Users\All Users\Yahoo!
2008-08-09 15:03 . 2008-08-10 18:52 <DIR> d-------- C:\ProgramData\Yahoo!
2008-08-09 14:50 . 2008-08-09 14:52 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-09 14:49 . 2008-08-09 14:49 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-08-09 14:49 . 2008-08-09 14:49 <DIR> d-------- C:\ProgramData\WLInstaller
2008-08-07 23:51 . 2008-08-07 23:51 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-07 23:51 . 2008-07-19 10:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-08-04 18:32 . 2008-08-11 20:19 <DIR> d-------- C:\Users\All Users\WholeSecurity
2008-08-04 18:32 . 2008-08-11 20:19 <DIR> d-------- C:\ProgramData\WholeSecurity
2008-08-04 10:26 . 2008-08-12 23:56 <DIR> d-------- C:\Users\All Users\eBay
2008-08-04 10:26 . 2008-08-12 23:56 <DIR> d-------- C:\ProgramData\eBay
2008-08-04 10:25 . 2008-08-12 23:56 <DIR> d-------- C:\Program Files\eBay
2008-08-04 10:23 . 2008-08-04 10:23 <DIR> d-------- C:\Users\user\AppData\Roaming\InstallShield
2008-07-31 15:57 . 2008-07-31 15:57 <DIR> d-------- C:\Users\user\AppData\Roaming\SiteAdvisor
2008-07-31 15:20 . 2008-08-07 20:26 <DIR> d-------- C:\Program Files\WarRock
2008-07-31 14:36 . 2008-07-31 16:07 <DIR> d-------- C:\Users\user\.LocalCooling
2008-07-31 14:27 . 2008-07-31 14:27 <DIR> d-------- C:\Program Files\Uniblue
2008-07-30 22:07 . 2008-07-30 22:07 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-07-30 22:06 . 2008-07-30 22:58 <DIR> d-------- C:\Program Files\McAfee
2008-07-30 14:55 . 2008-07-30 14:55 1,044,480 -ra------ C:\Windows\System32\roboex32.dll
2008-07-30 14:55 . 2008-07-30 14:55 49,152 -ra------ C:\Windows\System32\inetwh32.dll
2008-07-30 13:07 . 2008-07-30 13:07 <DIR> d-------- C:\Users\All Users\RoboForm
2008-07-30 13:07 . 2008-07-30 13:07 <DIR> d-------- C:\ProgramData\RoboForm
2008-07-30 13:06 . 2008-07-30 13:06 <DIR> d-------- C:\Program Files\Siber Systems
2008-07-30 12:49 . 2008-07-30 12:49 <DIR> d-------- C:\Program Files\uTorrent
2008-07-29 18:37 . 2008-07-29 18:37 <DIR> d-------- C:\Program Files\SureThing CD Labeler 5
2008-07-29 18:37 . 2008-07-29 18:37 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2008-07-29 18:37 . 2006-09-21 07:42 487,424 --a------ C:\Windows\System32\msvcp70.dll
2008-07-29 18:37 . 2006-09-21 07:42 344,064 --a------ C:\Windows\System32\msvcr70.dll
2008-07-26 00:46 . 2008-08-05 23:12 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-07-25 21:55 . 2008-07-25 21:57 <DIR> d-------- C:\Program Files\Picasa2
2008-07-24 19:48 . 2008-04-26 04:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-24 19:48 . 2008-04-26 04:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-07-24 19:48 . 2008-04-26 04:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-07-24 19:48 . 2008-04-11 23:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-07-24 19:48 . 2008-05-09 23:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll
2008-07-24 19:48 . 2008-04-04 21:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys
2008-07-24 19:48 . 2008-04-04 23:34 15,360 --a------ C:\Windows\System32\pacerprf.dll
2008-07-24 19:47 . 2008-06-25 21:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-24 19:47 . 2008-06-25 21:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-24 19:47 . 2008-06-25 23:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-24 19:45 . 2008-05-08 17:59 430,080 --a------ C:\Windows\System32\vbscript.dll
2008-07-24 19:45 . 2008-05-08 17:59 180,224 --a------ C:\Windows\System32\scrobj.dll
2008-07-24 19:45 . 2008-05-08 17:59 172,032 --a------ C:\Windows\System32\scrrun.dll
2008-07-24 19:45 . 2008-05-08 17:59 155,648 --a------ C:\Windows\System32\wscript.exe
2008-07-24 19:45 . 2008-05-08 17:58 135,168 --a------ C:\Windows\System32\wshom.ocx
2008-07-24 19:45 . 2008-05-08 17:58 135,168 --a------ C:\Windows\System32\cscript.exe
2008-07-24 19:45 . 2008-05-08 17:59 90,112 --a------ C:\Windows\System32\wshext.dll
2008-07-24 19:04 . 2008-07-24 19:08 196,608 --a------ C:\Windows\SPInstall.etl
2008-07-24 12:23 . 2006-11-02 06:23 <DIR> dr------- C:\Users\TEMP.ALARCON\Videos
2008-07-24 12:23 . 2006-11-02 06:23 <DIR> d-------- C:\Users\TEMP.ALARCON\Saved Games
2008-07-24 12:23 . 2006-11-02 06:23 <DIR> dr------- C:\Users\TEMP.ALARCON\Pictures
2008-07-24 12:23 . 2006-11-02 06:23 <DIR> dr------- C:\Users\TEMP.ALARCON\Music
2008-07-24 12:23 . 2006-11-02 06:23 <DIR> dr------- C:\Users\TEMP.ALARCON\Links
2008-07-24 12:23 . 2006-11-02 06:23 <DIR> dr------- C:\Users\TEMP.ALARCON\Downloads
2008-07-24 12:23 . 2008-07-24 12:23 <DIR> d-------- C:\Users\TEMP.ALARCON\Contacts
2008-07-24 12:23 . 2006-11-02 07:18 <DIR> d-------- C:\Users\TEMP.ALARCON\AppData
2008-07-24 12:23 . 2008-07-24 19:37 <DIR> d-------- C:\Users\TEMP.ALARCON
2008-07-24 11:48 . 2008-07-24 12:11 <DIR> d--h----- C:\Users\TEMP\AppData
2008-07-24 11:48 . 2008-07-24 12:11 <DIR> d-------- C:\Users\TEMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-15 15:48 --------- d-----w C:\Program Files\Yahoo!
2008-08-15 06:12 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-15 06:07 --------- d-----w C:\Program Files\Windows Mail
2008-08-15 04:47 --------- d-----w C:\ProgramData\Lx_cats
2008-08-13 04:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-13 00:18 --------- d-----w C:\Program Files\LimeWire
2008-08-12 03:48 27,240 ----a-w C:\Users\user\AppData\Roaming\nvModes.dat
2008-08-12 03:24 162,008 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-08-12 03:24 111,928 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-08-12 01:40 --------- d-----w C:\Users\user\AppData\Roaming\LimeWire
2008-08-10 22:52 --------- d-----w C:\Users\user\AppData\Roaming\Yahoo!
2008-08-06 03:11 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-08-05 21:28 --------- d-----w C:\ProgramData\WildTangent
2008-07-31 02:07 --------- d-----w C:\ProgramData\SiteAdvisor
2008-07-31 02:07 --------- d-----w C:\ProgramData\McAfee
2008-07-29 02:59 --------- d-----w C:\Program Files\DivX
2008-07-29 01:16 --------- d-----w C:\Program Files\SopCast
2008-07-26 21:15 --------- d-----w C:\Program Files\Java
2008-07-24 23:41 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-24 23:35 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-24 23:35 --------- d-----w C:\Program Files\Auslogics
2008-07-24 15:49 --------- d-----w C:\ProgramData\NVIDIA
2008-06-18 17:52 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-06-17 00:19 --------- d-----w C:\Users\user\AppData\Roaming\Auslogics
2008-06-16 00:41 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-15 03:16 --------- d-----w C:\ProgramData\Lavasoft
2008-06-14 20:50 174 --sha-w C:\Program Files\desktop.ini
2008-06-14 20:26 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-14 20:26 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-11 00:07 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-06-11 00:07 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-06-11 00:04 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-05-26 19:27 0 ----a-w C:\Users\user\AppData\Roaming\wklnhst.dat
2008-05-26 03:15 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-05-22 22:18 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-05-16 15:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2004-07-22 14:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
2004-07-20 02:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-07-20 02:53 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-07-09 18:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
2004-07-09 13:13 703,080 ----a-w C:\Program Files\BDA.cab
2004-07-09 13:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-07-09 08:08 472,576 ----a-w C:\Program Files\dxsetup.exe
2004-07-09 08:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
2004-07-09 07:03 62,976 ----a-w C:\Program Files\DSETUP.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 03:33 1233920]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 19:10 1783136]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-07-30 13:06 160592]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-29 21:14 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 04:29 102400]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-10-03 01:00 181544]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-06 17:46 202032]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 03:55 80896]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 11:47 480560]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 18:53 311296]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 19:31 1033512]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-28 04:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-28 04:06 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-28 04:06 81920]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2008-08-07 23:18 652528]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 10:38 78008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=C:\Windows\pss\Desktop Manager.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\Windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnamon]
--a------ 2007-12-17 05:55 16040 C:\Program Files\Lexmark 2600 Series\lxdnamon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnmon.exe]
--a------ 2007-12-17 05:55 660136 C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-29 21:14 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"C:\\Program Files\\Vongo\\VongoService.exe"= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AB196BDF-4D50-4B68-BD55-10E9173EF3AB}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CA6C467C-F80C-4393-A684-1A757088196E}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1AE562DA-7309-453A-9981-14754F331E8B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{215A0E8B-F3B1-4142-9EDC-67844C866781}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6DA52B40-B3EB-44DC-A7FD-F76685D124B8}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{FB8AC562-E60F-4011-B998-AC91AD9AB9A9}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BAF2F0A3-BD92-4F8F-BE0A-268C5AF5A2E8}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D012D9F6-2140-435A-84C2-5468FCAFA85A}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{CCB39148-7984-4B64-B9C3-C4136001128B}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3AB9E897-EFD5-46F8-A8FD-92524044A185}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4630CE96-7C84-4111-9852-86D38C21972F}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{32B895F3-50AF-4590-8DA7-1D3F82979E70}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{3280F9B4-4EC1-4E21-B583-6B3C84A2E844}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{8642DB5B-4D8E-4F78-BF1E-87A3262D3355}"= UDP:C:\Windows\System32\lxdncoms.exe:Lexmark Communications System
"{C75B1D75-1D6F-4496-8D2D-B8B1058227BC}"= TCP:C:\Windows\System32\lxdncoms.exe:Lexmark Communications System
"{ED5896C7-257A-4DF4-BB10-4C6AE6026C18}"= UDP:C:\Program Files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{1D4B44CF-4E55-4E99-87DF-503FA41754F6}"= TCP:C:\Program Files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{346E9C22-961E-4DA3-9D9E-F3B37EB8CBF2}"= UDP:C:\Program Files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{6FBBE43A-56EA-4685-BB6F-723C7258C1F0}"= TCP:C:\Program Files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{42A98336-4BCB-472A-9604-C06D168580BE}"= UDP:C:\Program Files\Lexmark 2600 Series\lxdnmon.exe:Printer Device Monitor
"{571DC317-2018-4AE0-BE8C-5382C8D1EAC2}"= TCP:C:\Program Files\Lexmark 2600 Series\lxdnmon.exe:Printer Device Monitor
"{B05417B9-3329-4576-A10E-BAAF900661A9}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxdnpswx.exe:Printer Status Window Interface
"{B4463864-811F-45DD-8B0A-867CCD5EA688}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxdnpswx.exe:Printer Status Window Interface
"{2980A872-BB6E-4D33-AA12-CCCD965E702F}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxdntime.exe:Lexmark Connect Time Executable
"{F9F3B5DA-DB89-464B-9BCA-D508B50DF8B1}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxdntime.exe:Lexmark Connect Time Executable
"{343C6DCC-E55B-46B5-AC31-6F60D77FCBFF}"= UDP:C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe:
"{62AA5332-6B72-45E9-BC0F-CF0BE8B06DFC}"= TCP:C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe:
"TCP Query User{10B1F3B8-4F3A-46FE-81AB-298D398335C0}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{7A71D8CF-7EF0-4458-A634-422605E180AA}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{C393B1E7-2B6E-4110-A412-9D1A6FC9BC9C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{3DF8D661-7B57-422D-920B-9632CA24E2E8}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{7E2419E4-5F21-4C29-B756-C56C54988A81}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E423723B-AFE8-40DC-9294-91B37FA6EB20}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{16C73748-C18F-41D6-B67D-CB14FEE4FA72}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5834EF68-2808-4938-AA1D-165757873A70}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0CDAA28F-0F7B-42A4-BE5D-C931CAAB6E36}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2E68598C-05D9-44C7-B894-FFF18D315563}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{491AEF20-A6B7-4DC2-9BD3-E93C35AD2CCA}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4DD568F8-0E08-4D12-BF3C-66127A68B72F}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{FA152713-4D80-4647-AEE6-570A938844AE}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{8559260A-9C40-44B3-8C2B-F762F2A9E239}C:\\program files\\lexmark 2600 series\\lxdnmon.exe"= UDP:C:\program files\lexmark 2600 series\lxdnmon.exe:Printer Device Monitor
"UDP Query User{42405046-E7AD-4CA3-A355-F8667ACAB37A}C:\\program files\\lexmark 2600 series\\lxdnmon.exe"= TCP:C:\program files\lexmark 2600 series\lxdnmon.exe:Printer Device Monitor
"{7FDAEC23-D88C-4EE6-82C2-E1C33A53DCAA}"= UDP:C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe:UltiDev Cassini Web Server for ASP.NET 2.0
"{FD4970BF-4F0F-45E9-87F7-10965024D700}"= TCP:C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe:UltiDev Cassini Web Server for ASP.NET 2.0
"{F37E806A-CA99-4FD1-835E-0963330FF52A}"= UDP:49648:WebGuide
"{83312E49-88A7-4BA5-B963-2B530AB28151}"= UDP:49649:WebGuide
"{0A673658-FC2B-44E4-9F1C-B2CEFFE8ED30}"= UDP:C:\Alien Arena 2008\Galaxy.exe:Alien Arena 2008
"{6E9BBC69-2348-4C70-A183-24F8B99B3F6C}"= TCP:C:\Alien Arena 2008\Galaxy.exe:Alien Arena 2008
"{CCB1773C-32AD-4574-988B-BF4746F5B270}"= UDP:C:\Alien Arena 2008\crx.exe:Alien Arena Quickplay
"{325A0381-5810-473C-8701-19B956E1F6DA}"= TCP:C:\Alien Arena 2008\crx.exe:Alien Arena Quickplay
"{64548637-9D6D-4788-B9BD-1B93CE7026EF}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9CDDC33E-56E2-4624-88A3-D33EE2212D2B}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{33336951-670C-4943-9B83-E616EB553588}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{0EF22ED4-F5FF-4523-9CCF-F7C29E4EE784}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"{5305E6F9-74C1-435B-9F2E-8A78CE4F5DC1}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{B68B60A4-8CBC-441E-B6BC-B67E122B8869}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{15366C3D-6D06-4320-B5EB-A56E54D58C29}C:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"= UDP:C:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe:Printer Status Window Interface
"UDP Query User{7343B0CA-0A46-435B-885D-CBA7A6B3EDAC}C:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"= TCP:C:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe:Printer Status Window Interface
"TCP Query User{9A338B29-42AA-4543-BCAA-96155234DE45}C:\\program files\\mcafee\\mbk\\mcafeedatabackup.exe"= UDP:C:\program files\mcafee\mbk\mcafeedatabackup.exe:McAfee Data Backup
"UDP Query User{DBD544E8-2AE7-4766-9A3E-3698F638E70B}C:\\program files\\mcafee\\mbk\\mcafeedatabackup.exe"= TCP:C:\program files\mcafee\mbk\mcafeedatabackup.exe:McAfee Data Backup
"TCP Query User{EA573FF6-0144-4BC0-8491-1057573C98F3}C:\\program files\\mcafee\\mbk\\mcafeedatabackup.exe"= UDP:C:\program files\mcafee\mbk\mcafeedatabackup.exe:McAfee Data Backup
"UDP Query User{1ADCF3C3-0EDF-4384-A801-702AC7C484AF}C:\\program files\\mcafee\\mbk\\mcafeedatabackup.exe"= TCP:C:\program files\mcafee\mbk\mcafeedatabackup.exe:McAfee Data Backup
"TCP Query User{64253944-59AB-403B-B087-7FA5A6DA81C1}C:\\program files\\vongo\\vongotray.exe"= UDP:C:\program files\vongo\vongotray.exe:StarzTray
"UDP Query User{ABFC5BFA-9109-4D3F-AD10-C160353E4A76}C:\\program files\\vongo\\vongotray.exe"= TCP:C:\program files\vongo\vongotray.exe:StarzTray
"TCP Query User{6AE1B595-9143-41E4-A85E-0994B82946A5}C:\\program files\\vongo\\vongo.exe"= UDP:C:\program files\vongo\vongo.exe:Vongo
"UDP Query User{C8EB0636-C59F-4091-800A-B21EF3ABCBF5}C:\\program files\\vongo\\vongo.exe"= TCP:C:\program files\vongo\vongo.exe:Vongo
"TCP Query User{FADBA046-B3DA-4D0D-9CA9-8D46281468AB}C:\\program files\\vongo\\vongotray.exe"= UDP:C:\program files\vongo\vongotray.exe:StarzTray
"UDP Query User{28FB2DFA-98B3-4448-8845-8A5FE6622C74}C:\\program files\\vongo\\vongotray.exe"= TCP:C:\program files\vongo\vongotray.exe:StarzTray
"TCP Query User{C9577971-EAF9-43FB-90D1-B3FC29FC15FE}C:\\kav\\kav7\\setup.exe"= UDP:C:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{F5E6ADCF-6EEC-43B7-B29E-A9BB7745300B}C:\\kav\\kav7\\setup.exe"= TCP:C:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"TCP Query User{4560A32C-239D-40E7-93E9-870EF739E34E}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{B38263EA-83ED-4C52-B197-C9AB94EDAC1E}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{11A46A51-76A2-4884-9BEE-B00C568E9C11}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{F08C7277-5A72-4245-909D-AB01F454C349}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{E5F68EBE-57C3-4D6A-8E48-F11F74E09165}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{ECA670AC-0965-4957-BBBF-B888725EDA35}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"{71033E9D-41BD-47D0-B2CD-D46FA307D8DE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FCF97139-9846-4A40-94FD-665C3289D0B6}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{D0FF302B-63D0-4826-AED8-CB2A4A4F5277}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{27AF97A9-04A3-457E-ADC6-D18787A06742}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{A1C560F4-FC4A-49D9-9A91-061A7A192DAA}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 10:35]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 10:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 10:36]
R2 lxdn_device;lxdn_device;C:\Windows\system32\lxdncoms.exe [2007-12-05 05:18]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe [2007-12-05 05:18]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-07-23 18:52]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2007-02-08 00:06]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
R2 WebGuideTranscode;WebGuideTranscode;C:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe [2007-08-08 19:28]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 02:32]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-05 18:25]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-19 01:53]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2008-08-15 C:\Windows\Tasks\LocalCooling 2.job
- C:\Program Files\Uniblue\LocalCooling\localcooling2.exe [2008-02-29 04:35]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-Aim6 - C:\Program Files\AIM6\aim6.exe
MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-MsnMsgr - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
MSConfigStartUp-PWRISOVM - C:\Program Files\PowerISO\PWRISOVM.EXE
MSConfigStartUp-TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f5gakdem.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-15 11:58:32
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-15 12:00:13
ComboFix-quarantined-files.txt 2008-08-15 16:00:09
Pre-Run: 93,406,556,160 bytes free
Post-Run: 93,461,897,216 bytes free
370 --- E O F --- 2008-08-15 06:13:15
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:30 PM, on 8/15/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\LocalCooling\localcooling2.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://download.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.h...a...o&pf=laptopR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] "C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
O4 - HKCU\..\Run: [HPAdvisor] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) -
http://picasaweb.goo...3/uploader2.cabO16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -
http://ipgweb.cce.hp...ads/sysinfo.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) -
http://3dlifeplayer....l/installer.exeO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: UltiDev Cassini Web Server for ASP.NET 2.0 - UltiDev LLC - C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WebGuideTranscode - WebGuide LLC - C:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 13725 bytes
This topic is locked
I need someones help ill post my HiJackthis 
Sign In
Create Account
