Please find the logs. Please assist next course of action.
_______________________________________
_______________________________________
________
Hijackthis LogLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:16 AM, on 11/18/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\D-Link\D-Link USB VoIP Adapter\DLinkMonitor.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Gizmo Project\Gizmo.exe
C:\Windows\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Scour Toolbar - {A057A204-BACC-4D26-9A9E-3AF287E2699B} - C:\PROGRA~1\SCOURT~1\SCOURT~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Scour Toolbar - {A057A204-BACC-4D26-9A9E-3AF287E2699B} - C:\PROGRA~1\SCOURT~1\SCOURT~1.DLL
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\Windows\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] "c:\dell\E-Center\EULALauncher.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [snpstd] "C:\Windows\vsnpstd.exe"
O4 - HKLM\..\Run: [DLinkMonitor.exe] "C:\Program Files\D-Link\D-Link USB VoIP Adapter\DLinkMonitor.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Gizmo Project] "C:\Program Files\Gizmo Project\Gizmo.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\Windows\sttray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Windows\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [cdloader] "C:\Users\pedha\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\pedha\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickSet.lnk = ?
O4 - Global Startup: SJphone 1.65.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Pardon - {302172A1-A2B4-4402-B1D0-F5D54C3E83C6} - C:\Program Files\Pardon 3\Pardon.exe
O9 - Extra 'Tools' menuitem: Pardon - {302172A1-A2B4-4402-B1D0-F5D54C3E83C6} - C:\Program Files\Pardon 3\Pardon.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://photo.walgreens.com/WalgreensActivia.cabO16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) -
https://asia-ml04.asia.csc.com/dwa8W.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - (no file)
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VService - Unknown owner - C:\Program Files\D-Link\D-Link USB VoIP Adapter\VServ.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (
www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11064 bytes
_______________________________________
_______________________________________
________
Combox fixComboFix 09-11-18.06 - pedha 11/18/2009 9:20.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2038.1308 [GMT -5:00]
Running from: c:\users\pedha\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: Webroot Internet Security Essentials *disabled* {2DB6657C-B970-44d3-AB42-6325A913CCC2}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Webroot Spy Sweeper *disabled* (Updated) {68A41C74-A1E9-48F8-B2E5-D8232211AB6D}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\progra~1\Webroot\SPYSWE~1\Backup\ntSVc.ocx
c:\users\pedha\AppData\Local\sceyrk
c:\users\pedha\AppData\Local\sceyrk\jxhxsysguard.exe
.
((((((((((((((((((((((((( Files Created from 2009-10-18 to 2009-11-18 )))))))))))))))))))))))))))))))
.
2009-11-18 14:38 . 2009-11-18 14:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-18 14:38 . 2009-11-18 14:38 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-11-18 14:38 . 2009-11-18 14:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-17 14:11 . 2009-11-17 14:11 -------- d-----w- c:\program files\Trend Micro
2009-11-17 03:41 . 2009-11-17 03:41 117760 ----a-w- c:\users\pedha\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-17 03:40 . 2009-11-17 03:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-11-17 03:34 . 2009-11-17 03:34 4096 d-----w- c:\program files\SUPERAntiSpyware
2009-11-17 03:34 . 2009-11-17 03:34 -------- d-----w- c:\users\pedha\AppData\Roaming\SUPERAntiSpyware.com
2009-11-16 22:35 . 2009-11-16 23:29 8192 d-----w- c:\program files\a-squared Free
2009-11-16 16:09 . 2009-11-16 16:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-16 15:19 . 2009-11-16 15:40 -------- d-----w- c:\program files\CCleaner
2009-11-16 02:47 . 2009-11-18 14:39 8192 d-----w- c:\users\pedha\AppData\Local\temp
2009-11-13 21:44 . 2009-11-18 13:26 -------- d-----w- c:\users\pedha\Tracing
2009-11-13 21:40 . 2009-11-13 21:40 -------- d-----w- c:\program files\Microsoft
2009-11-13 21:40 . 2009-11-13 21:40 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-13 21:31 . 2009-11-13 21:31 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-10 20:21 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-10-27 14:06 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-27 14:06 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-27 14:06 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-27 14:06 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-27 14:05 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-27 14:05 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-27 14:05 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-27 14:05 . 2009-08-06 23:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-27 14:05 . 2009-08-06 22:44 33792 ----a-w- c:\windows\system32\wuapp.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-16 15:48 . 2007-08-20 13:41 5568 ----a-w- c:\users\pedha\AppData\Local\d3d9caps.dat
2009-11-16 03:30 . 2008-10-31 01:26 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-16 03:30 . 2009-01-26 15:51 4045527 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-13 21:42 . 2007-12-22 21:48 4096 d-----w- c:\program files\Windows Live
2009-11-11 23:56 . 2007-04-06 23:17 4096 d-----w- c:\users\pedha\AppData\Roaming\Corel
2009-11-03 01:42 . 2009-10-02 23:33 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 23:50 . 2007-04-06 23:57 14606 ----a-w- c:\users\pedha\AppData\Roaming\wklnhst.dat
2009-10-17 11:23 . 2007-05-10 23:14 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-17 11:16 . 2007-04-05 12:00 24576 d-----w- c:\program files\Microsoft Works
2009-10-12 02:43 . 2008-01-10 03:03 8192 d-----w- c:\users\pedha\AppData\Roaming\mjusbsp
2009-10-11 18:48 . 2009-10-11 18:48 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-09-26 17:35 . 2009-09-26 17:35 -------- d-----w- c:\users\pedha\AppData\Roaming\Ashampoo
2009-09-26 17:31 . 2009-09-26 17:31 -------- d-----w- c:\program files\Ashampoo
2009-09-25 02:15 . 2009-09-25 02:15 4096 dc-h--w- c:\programdata\{BEC4F512-CB5F-42E6-9ACF-FAEA2CF7A840}
2009-09-25 02:15 . 2009-09-25 02:15 -------- d-----w- c:\programdata\ExamForce
2009-09-23 23:12 . 2007-05-10 22:59 32768 d-----w- c:\programdata\Microsoft Help
2009-09-23 22:44 . 2009-09-16 22:14 4096 d-----w- c:\users\pedha\AppData\Roaming\HpUpdate
2009-09-21 19:15 . 2007-04-01 21:45 84584 ----a-w- c:\users\pedha\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-21 15:11 . 2009-09-21 15:11 -------- d-----w- c:\program files\MSDN
2009-09-21 14:48 . 2009-09-21 14:35 -------- d-----w- c:\program files\HTML Help Workshop
2009-09-21 14:47 . 2009-07-19 18:07 20480 d-----w- c:\program files\Common Files\Merge Modules
2009-09-21 14:46 . 2007-05-10 22:59 4096 d-----w- c:\program files\Microsoft Visual Studio 8
2009-09-14 09:44 . 2009-10-16 23:40 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 19:54 . 2008-10-31 01:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2008-10-31 01:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 17:30 . 2009-10-16 23:50 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 12:24 . 2009-10-16 23:40 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-08-27 13:32 . 2009-10-16 23:49 833024 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:29 . 2009-10-16 23:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 10:58 . 2009-10-16 23:49 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2007-04-05 19:25 . 2007-04-05 19:24 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9A9E-3AF287E2699B}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 4670704]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"cdloader"="c:\users\pedha\AppData\Roaming\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\users\pedha\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-12 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-11 2001648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-15 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-15 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-15 81920]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-12 29744]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-10-13 184320]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-12 339968]
"DLinkMonitor.exe"="c:\program files\D-Link\D-Link USB VoIP Adapter\DLinkMonitor.exe" [2007-01-03 651264]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-04-05 77824]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-08 98304]
"Gizmo Project"="c:\program files\Gizmo Project\Gizmo.exe" [2007-06-15 3850240]
"SigmatelSysTrayApp"="c:\windows\sttray.exe" [2007-02-08 303104]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-01-20 6278520]
c:\users\pedha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-3-14 385024]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-5 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
QuickSet.lnk - c:\windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-4-5 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R0 ssfs0bbc;ssfs0bbc;c:\windows\System32\drivers\ssfs0bbc.sys [12/7/2008 9:26 PM 29808]
R0 TLRecAgent;TLRecAgent;c:\windows\System32\drivers\TLRecAgent.sys [9/4/2007 7:15 PM 37208]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/11/2009 10:44 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/11/2009 10:44 AM 74480]
R2 Gizmo Plugin;Gizmo VoIP Service;c:\program files\GizmoPlugin\GizmoPlugin.exe [9/22/2007 8:48 PM 962048]
R2 VService;VService;c:\program files\D-Link\D-Link USB VoIP Adapter\VServ.exe [1/2/2007 12:07 PM 105208]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [1/26/2009 11:11 AM 1090936]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/11/2009 10:44 AM 7408]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/5/2007 6:59 AM 29744]
S3 PAC207;SoC PC-Camera;c:\windows\System32\drivers\PFC027.SYS [12/5/2006 10:34 AM 507136]
S3 slusbvip;SL3800 USB Driver;c:\windows\System32\drivers\slusbvip.sys [9/4/2007 7:15 PM 591832]
S3 SLVAD_simple;D-Link Virtual Audio Device;c:\windows\System32\drivers\slvad.sys [9/4/2007 7:16 PM 85656]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 6:01 AM 2799808]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4237141364-4078770496-3588282335-1000Core.job
- c:\users\pedha\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-12 02:39]
2009-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4237141364-4078770496-3588282335-1000UA.job
- c:\users\pedha\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-12 02:39]
2009-11-18 c:\windows\Tasks\User_Feed_Synchronization-{9D4F5082-4799-4D10-A007-3DE4F0A0FF55}.job
- c:\windows\system32\msfeedssync.exe [2008-09-16 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\users\pedha\AppData\Roaming\Mozilla\Firefox\Profiles\m329wuil.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Microsoft Silverlight\3.0.40818.0\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\pedha\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-18 09:39
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-11-18 09:45
ComboFix-quarantined-files.txt 2009-11-18 14:44
ComboFix2.txt 2009-11-16 02:47
ComboFix3.txt 2009-11-15 21:59
ComboFix4.txt 2009-10-11 14:21
ComboFix5.txt 2009-11-18 14:17
Pre-Run: 7,614,136,320 bytes free
Post-Run: 7,459,921,920 bytes free
- - End Of File - - 46B73A30C809E49E095E25C2F3E4519B
_______________________________________
_______________________________________
________