Hi SD,
Thanks. Here is the log;
ComboFix 10-01-21.08 - Abc 01/22/2010 22:45:58.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1361 [GMT -5:00]
Running from: c:\users\Abc\Desktop\ComboFix.exe
Command switches used :: c:\users\Abc\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\temp\{4213ADD7-ABE3-4AE1-AB12-3102A09729C7}"
"c:\temp\{6849D4E4-78BF-4E9F-98AF-E9126F0190BA}"
"c:\temp\{7C7C93CA-3F2B-4004-B77A-15072EE1F841}"
"c:\temp\{B4670909-4FB9-407F-BE12-6AC53C71DF25}"
"c:\temp\{C7B22553-9619-40C3-9073-9251BD241830}"
"c:\temp\{F4A7B35F-3603-468D-B696-F77D3C42D24F}"
"c:\temp\7zSC763.tmp"
"c:\temp\mbr.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\temp\__SkypeDialog_Cache
c:\temp\{4213ADD7-ABE3-4AE1-AB12-3102A09729C7}
c:\temp\{6849D4E4-78BF-4E9F-98AF-E9126F0190BA}
c:\temp\{7C7C93CA-3F2B-4004-B77A-15072EE1F841}
c:\temp\{B4670909-4FB9-407F-BE12-6AC53C71DF25}
c:\temp\{C7B22553-9619-40C3-9073-9251BD241830}
c:\temp\{F4A7B35F-3603-468D-B696-F77D3C42D24F}
c:\temp\~DEST
c:\temp\hsperfdata_Abc
c:\temp\Low
c:\temp\Word8.0
c:\temp\WPDNSE
.
((((((((((((((((((((((((( Files Created from 2009-12-23 to 2010-01-23 )))))))))))))))))))))))))))))))
.
2010-01-23 04:01 . 2010-01-23 04:01 -------- d-----w- c:\temp\WPDNSE
2010-01-23 03:56 . 2010-01-23 03:56 -------- d-----w- c:\users\Xyz\AppData\Local\temp
2010-01-23 03:56 . 2010-01-23 03:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-23 03:56 . 2010-01-23 03:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-23 03:56 . 2010-01-23 03:56 -------- d-----w- c:\users\Abc\AppData\Local\temp
2010-01-23 03:41 . 2010-01-23 03:42 -------- d-----w- C:\32788R22FWJFW
2010-01-18 18:50 . 2010-01-18 18:50 -------- d-----w- c:\temp\7zSC763.tmp
2010-01-18 18:43 . 2010-01-18 18:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-18 18:42 . 2010-01-18 18:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-18 18:42 . 2010-01-18 18:42 -------- d-----w- c:\users\Abc\AppData\Roaming\SUPERAntiSpyware.com
2010-01-18 17:33 . 2010-01-18 17:33 -------- d-----w- c:\program files\Trend Micro
2010-01-18 16:46 . 2010-01-18 16:46 -------- d-----w- c:\program files\CCleaner
2010-01-18 05:30 . 2010-01-18 20:18 -------- d-----w- c:\users\Abc\AppData\Local\ykvesl
2010-01-18 02:05 . 2010-01-18 02:05 -------- d-----w- c:\temp\Adobe
2010-01-15 04:43 . 2010-01-15 04:44 -------- d-----w- c:\temp\AllServicesInfoFiles
2010-01-15 04:30 . 2010-01-15 04:30 -------- d-----w- c:\users\Abc\AppData\Roaming\Sony Corporation
2010-01-15 04:18 . 2010-01-15 04:18 -------- d-----w- c:\program files\Sony
2010-01-15 04:16 . 2010-01-15 04:16 -------- d-----w- c:\programdata\Sony Corporation
2010-01-13 14:30 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 14:30 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 03:56 . 2006-12-18 04:05 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-23 03:38 . 2009-03-14 21:31 -------- d-----w- c:\users\Abc\AppData\Roaming\EditPlus 3
2010-01-18 20:34 . 2009-07-11 13:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-18 17:23 . 2008-08-13 23:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-18 14:55 . 2007-06-04 23:09 5568 ----a-w- c:\users\Abc\AppData\Local\d3d9caps.dat
2010-01-15 04:29 . 2006-12-18 04:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-15 04:19 . 2008-10-23 22:45 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-01-14 16:12 . 2009-10-03 13:48 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-14 04:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-07 21:07 . 2009-07-11 13:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-07-11 13:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-22 03:26 . 2008-07-28 11:42 -------- d-----w- c:\users\Abc\AppData\Roaming\Image Zone Express
2009-11-09 13:22 . 2009-12-12 05:19 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-12 05:19 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 11:04 . 2009-12-12 05:19 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-29 09:41 . 2009-11-25 05:36 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 13:20 . 2009-12-09 20:10 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16 . 2009-12-09 20:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55 . 2009-12-09 20:10 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-12 00:50 . 2009-04-12 00:50 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\Abc\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-28 46704]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2006-12-18 77824]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-20 30192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
1-Click Answers.lnk - c:\program files\1-Click Answers\answers.exe [2009-3-18 806912]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-3-14 2756608]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-9-10 984352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3006168838-3830565526-230390905-1000Core.job
- c:\users\Abc\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04 01:36]
2010-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3006168838-3830565526-230390905-1000UA.job
- c:\users\Abc\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04 01:36]
2009-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]
2009-05-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]
2010-01-23 c:\windows\Tasks\User_Feed_Synchronization-{5E106CD2-F4D7-455D-AD14-67F094C60969}.job
- c:\windows\system32\msfeedssync.exe [2008-09-23 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Answers... - file://c:\program files\1-Click Answers\Html\atiemenu.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Linked&In Search
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} - hxxp://download1.answers.com/pub/AnswersSetup.cab
DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} - hxxps://www.member-data.com/rdc/EZTwainX.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(2124)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\HEWLET~1\Shared\HPQTOA~1.EXE
c:\windows\ehome\ehmsas.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\progra~1\1-CLIC~1\agtserv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-01-22 23:12:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-23 04:12
ComboFix2.txt 2010-01-21 01:31
ComboFix3.txt 2010-01-19 03:25
Pre-Run: 8,400,478,208 bytes free
Post-Run: 8,400,031,744 bytes free
- - End Of File - - 5B68C4A01E0905193521FAB61A998087
