Thread: [Resolved] Help Google Redirects
View Single Post
  #3 (permalink)  
Old 07-06-2009, 03:32 AM
dfistex dfistex is offline
Newbie
D-A-L Newbie
  
Join Date: Jun 2009
Posts: 7
dfistex Is a beginner here at D-A-L
re: [Resolved] Help Google Redirects
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 06/06/2009 at 06:49 PM

Application Version : 4.26.1004

Core Rules Database Version : 3927
Trace Rules Database Version: 1854

Scan type : Complete Scan
Total Scan Time : 01:17:08

Memory items scanned : 307
Memory threats detected : 0
Registry items scanned : 7750
Registry threats detected : 16
File items scanned : 165120
File threats detected : 4

Trojan.Smitfraud Variant/IE Anti-Spyware
HKU\S-1-5-21-4207624741-2024399411-3622018283-1000\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{9034A523-D068-4BE8-A284-9DF278BE776E}
HKLM\Software\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E}

Unclassified.Unknown Origin
HKU\S-1-5-21-4207624741-2024399411-3622018283-1000\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{A3D76B96-30B9-4DCC-9B3D-D12E31280D29}

Trojan.Media-Codec
C:\Users\Daniel Chang\Favorites\Online Security Test.url

Trojan.DNSChanger-Codec
HKCR\CLSID\E404.e404mgr
HKCR\CLSID\E404.e404mgr#UserId

Adware.E404 Helper/Hij
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version

Trojan.Dropper/Gen-PHP
C:\USERS\DANIEL CHANG\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\O6O1XKJV\LOAD[1].PHP

Trojan.Dropper/Gen
C:\USERS\DANIEL CHANG\APPDATA\LOCAL\TEMP\VCK-V2.3.0\VISUALCUSTOMKICK.EXE
C:\USERS\DANIEL CHANG\APPDATA\LOCAL\TEMP\VCK-V2.4.2\VISUALCUSTOMKICK.EXE


Malwarebytes

Malwarebytes' Anti-Malware 1.37
Database version: 2239
Windows 6.0.6000

6/6/2009 9:40:06 PM
mbam-log-2009-06-06 (21-40-06).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 255914
Time elapsed: 45 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 13
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\System32\kungsfioxoxtyd. dll (Trojan.TDSS) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Delete on reboot.
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:



GMER 1.0.15.14972 - GMER - Rootkit Detector and Remover
Rootkit scan 2009-06-06 22:16:44
Windows 6.0.6000


---- System - GMER 1.0.15 ----

Code 86D80FD8 ZwEnumerateKey
Code 86D49D70 ZwFlushInstructionCache
Code 86D459BD IofCallDriver
Code 85FC4FA6 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 82027F37 5 Bytes JMP 86D459C2
.text ntkrnlpa.exe!IofCompleteRequest 82027FA4 5 Bytes JMP 85FC4FAB
PAGE ntkrnlpa.exe!ZwEnumerateKey 82137F06 5 Bytes JMP 86D80FDC
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 821E849F 5 Bytes JMP 86D49D74
? system32\drivers\uwgsn.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1460] kernel32.dll!SetUnhandledExceptionFilter 766DD187 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[3236] kernel32.dll!SetUnhandledExceptionFilter 766DD187 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73FCFD78] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e253 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73F9BBF1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e253 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73F8A31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e253 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73F8CBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e253 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73F88AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e253 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73F9D168] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e253 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73F87D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e253 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73F87CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e253 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73F86A54] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e253 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7401C1BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e253 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73FA80FE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e253 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73F890CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e253 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73F9223C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e253 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73F92267] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e253 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73F9771C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e253 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73F9753E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e253 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73FC8585] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e253 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[2172] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] [6A2BD6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[2172] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [6A2BD6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[2172] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [6A2BD6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetWindowLongA] [1002DEF0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [1002DE60] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AdjustWindowRect] [1002DED0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [1002DEF0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\WININET.dll [USER32.dll!SetWindowLongA] [1002DEF0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3204] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\tdx \Device\Tcp epfwtdir.sys

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\kungsfnitpwhfr.sys (*** hidden *** ) [SYSTEM] kungsfbivlpqds <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbivlp qds
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbivlp qds@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbivlp qds@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbivlp qds@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbivlp qds@imagepath \systemroot\system32\drivers\kungsfnitpwhfr.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbivlp qds\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbivlp qds\main@aid 10096
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbivlp qds\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbivlp qds\main@cmddelay 7200
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbivlp qds\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbivlp qds\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbivlp qds\main\injector@* kungsfwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbivlp qds\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbivlp qds\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbivlp qds\modules@kungsfrk.sys \systemroot\system32\drivers\kungsfnitpwhfr.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbivlp qds\modules@kungsfcmd.dll \systemroot\system32\kungsfhddsncyl.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbivlp qds\modules@kungsflog.dat \systemroot\system32\kungsfqcxiohnh.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbivlp qds\modules@kungsfwsp.dll \systemroot\system32\kungsfioxoxtyd.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbivlp qds\modules@kungsf.dat \systemroot\system32\kungsfouqlynwi.dat
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfbivlpqds
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfbivlpqds@ start 1
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfbivlpqds@ type 1
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfbivlpqds@ group file system
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfbivlpqds@ imagepath \systemroot\system32\drivers\kungsfnitpwhfr.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfbivlpqds\ main
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfbivlpqds\ main@aid 10096
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfbivlpqds\ main@sid 0
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfbivlpqds\ main@cmddelay 7200
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfbivlpqds\ main\delete
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfbivlpqds\ main\injector
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfbivlpqds\ main\injector@* kungsfwsp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfbivlpqds\ main\tasks
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfbivlpqds\ modules
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfbivlpqds\ modules@kungsfrk.sys \systemroot\system32\drivers\kungsfnitpwhfr.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfbivlpqds\ modules@kungsfcmd.dll \systemroot\system32\kungsfhddsncyl.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfbivlpqds\ modules@kungsflog.dat \systemroot\system32\kungsfqcxiohnh.dat
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfbivlpqds\ modules@kungsfwsp.dll \systemroot\system32\kungsfioxoxtyd.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfbivlpqds\ modules@kungsf.dat \systemroot\system32\kungsfouqlynwi.dat
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbivlpqds
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbivlpqds@ start 1
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbivlpqds@ type 1
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbivlpqds@ group file system
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbivlpqds@ imagepath \systemroot\system32\drivers\kungsfnitpwhfr.sys
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbivlpqds\ main
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbivlpqds\ main@aid 10096
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbivlpqds\ main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbivlpqds\ main@cmddelay 7200
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbivlpqds\ main\delete
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbivlpqds\ main\injector
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbivlpqds\ main\injector@* kungsfwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbivlpqds\ main\tasks
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbivlpqds\ modules
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbivlpqds\ modules@kungsfrk.sys \systemroot\system32\drivers\kungsfnitpwhfr.sys
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbivlpqds\ modules@kungsfcmd.dll \systemroot\system32\kungsfhddsncyl.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbivlpqds\ modules@kungsflog.dat \systemroot\system32\kungsfqcxiohnh.dat
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbivlpqds\ modules@kungsfwsp.dll \systemroot\system32\kungsfioxoxtyd.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbivlpqds\ modules@kungsf.dat \systemroot\system32\kungsfouqlynwi.dat

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\drivers\kungsfnitpwhfr.sys 67584 bytes executable <-- ROOTKIT !!!
File C:\Windows\System32\kungsfhddsncyl.dll 22016 bytes executable
File C:\Windows\System32\kungsfqcxiohnh.dat 309510 bytes

---- EOF - GMER 1.0.15 ----




Hijackthis-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:17 PM, on 6/6/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\program files\grasssoft\mouse recorder\MacroServiceWnd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = %s - Crawler.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = :: www.isk118.com ::
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Internet Explorer Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = Search Assistant
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Internet Explorer Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = Search Assistant
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Macro Manager] C:\Program Files\GrassSoft\Mouse Recorder\MacroManager.exe /q
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\PROGRA~2\SONYER~1\SONYER~1\LIVEUP~1\LI STOF~1.DAT
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macro Expert - Grass Software - c:\program files\grasssoft\mouse recorder\MacroService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12454 bytes
Reply With Quote