Here are my new logs starting with combofix.
Thanks!
ComboFix 08-09-04.09 - Owner 2008-09-05 16:45:00.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1546 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\LocalService\Application Data\wsnpoem
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll
C:\Program Files\Dynamic Toolbar
C:\Program Files\Dynamic Toolbar\REALBAR\Cache\bubble.bmp
C:\Program Files\Dynamic Toolbar\REALBAR\Cache\bubble16.bmp
C:\Program Files\Dynamic Toolbar\REALBAR\Cache\celebs.bmp
C:\Program Files\Dynamic Toolbar\REALBAR\Cache\gotb.bmp
C:\Program Files\Dynamic Toolbar\REALBAR\Cache\highlight.bmp
C:\Program Files\Dynamic Toolbar\REALBAR\Cache\hotstuff.bmp
C:\Program Files\Dynamic Toolbar\REALBAR\Cache\hotstuffsm.bmp
C:\Program Files\Dynamic Toolbar\REALBAR\Cache\movies.bmp
C:\Program Files\Dynamic Toolbar\REALBAR\Cache\music.bmp
C:\Program Files\Dynamic Toolbar\REALBAR\Cache\news.bmp
C:\Program Files\Dynamic Toolbar\REALBAR\Cache\ngames.bmp
C:\Program Files\Dynamic Toolbar\REALBAR\Cache\radio.bmp
C:\Program Files\Dynamic Toolbar\REALBAR\Cache\REALBARTB0115.cfg
C:\Program Files\Dynamic Toolbar\REALBAR\Cache\rollingstone.bmp
C:\Program Files\Dynamic Toolbar\REALBAR\Cache\sports.bmp
C:\WINNT\system32\amr_cplo.exe
C:\WINNT\system32\AutoRun.inf
C:\WINNT\system32\config\systemprofile\Application Data\ShoppingReport
C:\WINNT\system32\config\systemprofile\Application Data\ShoppingReport\cs\Config.xml
C:\WINNT\system32\config\systemprofile\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\WINNT\system32\config\systemprofile\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\WINNT\system32\config\systemprofile\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\WINNT\system32\config\systemprofile\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\WINNT\system32\config\systemprofile\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\WINNT\system32\config\systemprofile\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\WINNT\system32\drivers\Qpn60.sys
C:\WINNT\system32\lphcn6lj0e1b9.exe
C:\WINNT\system32\wsnpoem
C:\WINNT\system32\wsnpoem\audio.dll
C:\WINNT\system32\wsnpoem\audio.dll.cla
C:\WINNT\system32\wsnpoem\video.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSDTCWEBCLIENT
-------\Legacy_NPF
-------\Legacy_QPN60
-------\Legacy_TCPSR
-------\Service_MSDTCWebClient
-------\Service_Qpn60
-------\Service_sysrest.sys
-------\Service_tcpsr
((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 )))))))))))))))))))))))))))))))
.
2008-09-05 11:19 . 2008-09-05 11:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-05 00:02 . 2008-09-05 09:08 3,230 --a------ C:\WINNT\system32\tmp.reg
2008-09-04 18:39 . 2008-09-04 18:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-04 18:22 . 2008-09-04 18:22 10,000 --a------ C:\WINNT\system32\kxnd73n3.dll
2008-08-28 23:04 . 2008-08-28 23:05 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\towers_pc
2008-08-28 22:50 . 2008-08-28 22:59 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Beanbag Studios
2008-08-28 21:15 . 2008-08-28 21:15 16,384 --ahs---- C:\WINNT\system32\3076p.dll
2008-08-27 16:54 . 2008-08-27 16:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-08-27 16:54 . 2008-08-27 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-26 11:21 . 2008-08-26 11:42 <DIR> d-------- C:\WINNT\system32\CatRoot_bak
2008-08-24 16:40 . 2008-09-05 16:31 <DIR> d-------- C:\WINNT\system32\config\systemprofile\Application Data\COMCASTTOOLBAR
2008-08-20 14:59 . 2008-08-22 16:34 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\gtk-2.0
2008-08-20 14:59 . 2008-08-20 14:59 <DIR> d-------- C:\Documents and Settings\Owner\.thumbnails
2008-08-20 14:57 . 2008-08-20 14:57 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-08-20 14:57 . 2008-08-22 16:35 <DIR> d-------- C:\Documents and Settings\Owner\.gimp-2.4
2008-08-20 14:25 . 2008-08-20 14:25 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-15 23:46 . 2008-08-18 11:29 <DIR> d-------- C:\Program Files\Jewel Quest 2
2008-08-15 23:40 . 2008-08-29 00:49 270 --a-s---- C:\WINNT\system32\1473409161.dat
2008-08-12 19:42 . 2008-05-01 10:30 331,776 --------- C:\WINNT\system32\dllcache\msadce.dll
2008-08-10 20:56 . 2008-08-10 20:56 <DIR> d--h----- C:\WINNT\PIF
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 01:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-04 22:26 --------- d-----w C:\Program Files\McAfee
2008-09-04 22:15 --------- d-----w C:\Program Files\PartyGaming.Net
2008-09-02 19:36 --------- d-----w C:\Program Files\Slots Plus Casino
2008-08-31 00:10 --------- d-----w C:\Program Files\Sun Palace Casino
2008-08-29 22:35 --------- d-----w C:\Program Files\InterCasino $$$
2008-08-29 04:07 --------- d-----w C:\Program Files\Best Buy Games
2008-08-29 04:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-24 18:05 18,198 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-08-22 17:39 238,288 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-08-20 18:46 --------- d-----w C:\Program Files\Lavasoft
2008-08-20 18:30 --------- d-----w C:\Program Files\Java
2008-08-20 18:14 --------- d-----w C:\Program Files\bdpw6
2008-08-20 18:11 --------- d-----w C:\Program Files\Google
2008-08-20 18:09 --------- d-----w C:\Program Files\Gateway
2008-08-20 18:08 --------- d-----w C:\Program Files\Dogs Playing Poker
2008-08-20 18:07 --------- d-----w C:\Program Files\Yahoo!
2008-08-20 17:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-16 03:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\iWin
2008-08-15 04:11 --------- d-----w C:\Program Files\Yahoo! Games
2008-07-08 16:46 --------- d-----w C:\Documents and Settings\Owner\Application Data\Arcsoft
2008-07-08 15:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\ComcastToolbar
2008-07-05 23:22 --------- d-----w C:\Program Files\ComcastToolbar
2008-07-05 19:04 --------- d-----w C:\Documents and Settings\Owner\Application Data\McAfee
2008-07-05 19:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-05 18:50 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-05 18:30 --------- d-----w C:\Program Files\McAfee.com
2008-07-05 18:30 --------- d-----w C:\Program Files\Common Files\McAfee
2008-07-05 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-05 17:58 --------- d-----w C:\Program Files\Common Files\Scanner
2006-10-20 03:24 880 ----a-w C:\Program Files\Shortcut_to_Window_Washer.lnk
2006-09-02 17:18 371,712 ----a-w C:\Program Files\SmartDownload.exe
2006-07-20 14:30 44,823 ----a-w C:\Program Files\cats sun bathing.jpg
2006-07-15 03:36 13,736,064 ----a-w C:\Program Files\GoogleEarthWin.exe
2005-05-26 19:35 1,422 ----a-w C:\Program Files\ReadMe.txt
2002-09-11 14:26 63,730 ----a-w C:\Program Files\viewsonicinstruct_xp.pdf
.
------- Sigcheck -------
2005-05-25 15:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINNT\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 13:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINNT\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINNT\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINNT\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 06:44 360960 744e57c99232201ae98c49168b918f48 C:\WINNT\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 07:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINNT\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 07:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINNT\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2007-10-30 13:20 360064 90caff4b094573449a0872a0f919b178 C:\WINNT\$NtUninstallKB951748$\tcpip.sys
2004-08-04 01:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINNT\ServicePackFiles\i386\tcpip.sys
2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINNT\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
2008-06-20 06:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINNT\system32\dllcache\tcpip.sys
2008-06-20 06:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINNT\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5AF42A3-94F3-42BD-F434-3604812C897D}]
2008-09-04 18:22 10000 --a------ C:\WINNT\system32\kxnd73n3.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 15360]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 1871872]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINNT\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="C:\WINNT\system32\hkcmd.exe" [2005-04-05 77824]
"Gateway Ink Monitor"="C:\Program Files\Gateway Utilities\GWInkMonitor.exe" [2003-06-24 303180]
"Persistence"="C:\WINNT\system32\igfxpers.exe" [2005-04-05 114688]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"WrtMon.exe"="C:\WINNT\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"SNDO763"="C:\WINNT\vsndo763.exe" [2005-01-18 32768]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-05-15 3975848]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [2001-07-09 155648]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 C:\WINNT\LOGI_MWX.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 443968]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
TotalMedia Backup Monitor.lnk - C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2008-01-25 270336]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C5AF42A3-94F3-42BD-F434-3604812C897D}"= "C:\WINNT\system32\kxnd73n3.dll" [2008-09-04 10000]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=C:\WINNT\pss\AT&T Self Support Tool.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcNotifier
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
1 [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 22:34 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2003-06-07 07:32 50688 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-03-18 15:28 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 SocketLock;Raw Socket Lock Driver;C:\WINNT\system32\socketlock.sys [2005-02-16 3712]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINNT\system32\DRIVERS\AN983.sys [2004-08-03 36224]
S3 SNDO763;Dual Mode Camera (800A VGA);C:\WINNT\system32\DRIVERS\sndo763.sys [2005-01-21 220160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-lphcn6lj0e1b9 - C:\WINNT\system32\lphcn6lj0e1b9.exe
HKLM-RunServices-nsdcmd vid process - nsdcmdwin.exe
Notify-egsqelor - egsqelor.dll
MSConfigStartUp-First Principle Group - C:\Program Files\First Principle Group\fpg.exe
MSConfigStartUp-lphcn6lj0e1b9 - C:\WINNT\system32\lphcn6lj0e1b9.exe
MSConfigStartUp-mmtask - c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
MSConfigStartUp-MMTray - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
MSConfigStartUp-Simple Star PhotoShow Media Manager - C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
MSConfigStartUp-YBrowser - C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\z5pnvajb.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-09-05 16:52:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
C:\WINNT\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\WINNT\system32\imapi.exe
C:\WINNT\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-09-05 17:03:36 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-09-05 21:03:30
Pre-Run: 90,380,001,280 bytes free
Post-Run: 90,319,798,272 bytes free
266 --- E O F --- 2008-08-23 01:09:43
----------------------------------------------------------------------------------------------------------------------------
HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:10, on 9/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\WINNT\system32\igfxpers.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINNT\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINNT\vsndo763.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINNT\Logi_MwX.Exe
C:\WINNT\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\WINNT\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: C:\WINNT\system32\kxnd73n3.dll - {C5AF42A3-94F3-42BD-F434-3604812C897D} - C:\WINNT\system32\kxnd73n3.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINNT\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [SNDO763] C:\WINNT\vsndo763.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Owner\Desktop\InterCasino $$$.lnk (file missing)
O9 - Extra 'Tools' menuitem: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Owner\Desktop\InterCasino $$$.lnk (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Owner\Desktop\InterCasino $$$.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Owner\Desktop\InterCasino $$$.lnk (file missing) (HKCU)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.c.../cpcScanner.cabO16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) -
https://riverbelle.m...lay/FlashAX.cabO16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) -
http://update.hpphot.../HPSWUpdate.ocxO16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} -
http://www.trueswitc...eInstallSBC.exeO22 - SharedTaskScheduler: g980w3mefndsiza7srenjaebfhdsfd - {C5AF42A3-94F3-42BD-F434-3604812C897D} - C:\WINNT\system32\kxnd73n3.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
--
End of file - 8687 bytes