Thread: [Resolved] Help Google Redirects
View Single Post
  #5 (permalink)  
Old 07-06-2009, 04:37 AM
dfistex dfistex is offline
Newbie
D-A-L Newbie
  
Join Date: Jun 2009
Posts: 7
dfistex Is a beginner here at D-A-L
re: [Resolved] Help Google Redirects
ComboFix 09-06-06.03 - Daniel Chang 06/06/2009 23:22.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1918.981 [GMT -4:00]
Running from: c:\users\Daniel Chang\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Helper
c:\windows\system32\drivers\kungsfnitpwhfr.sys
c:\windows\system32\kungsfhddsncyl.dll
c:\windows\system32\kungsfioxoxtyd.dll
c:\windows\system32\kungsfouqlynwi.dat
c:\windows\system32\kungsfqcxiohnh.dat
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kungsfbivlpqds


((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 )))))))))))))))))))))))))))))))
.

2009-06-07 03:30 . 2009-06-07 03:32 -------- d-----w- c:\users\Daniel Chang\AppData\Local\temp
2009-06-07 03:16 . 2009-06-07 03:32 -------- d-s---w- \ComboFix
2009-06-07 03:15 . 2009-06-07 03:27 -------- d---a-w- \Qoobox
2009-06-07 00:53 . 2009-06-07 00:53 -------- d-----w- c:\users\Daniel Chang\AppData\Roaming\Malwarebytes
2009-06-07 00:53 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-07 00:53 . 2009-06-07 00:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-07 00:53 . 2009-06-07 00:53 -------- d-----w- c:\programdata\Malwarebytes
2009-06-07 00:53 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-07 00:43 . 2009-06-07 03:21 2011750400 --sha-w- \hiberfil.sys
2009-06-06 21:24 . 2009-06-07 02:26 117760 ----a-w- c:\users\Daniel Chang\AppData\Roaming\SUPERAntiSpyware.com\SUPERAn tiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-06 21:24 . 2009-06-06 21:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-06-06 21:24 . 2009-06-06 21:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-06 21:24 . 2009-06-06 21:24 -------- d-----w- c:\users\Daniel Chang\AppData\Roaming\SUPERAntiSpyware.com
2009-06-06 21:01 . 2009-06-06 21:01 -------- d-----w- c:\programdata\NortonInstaller
2009-06-06 18:16 . 2009-06-06 18:16 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-07 03:21 . 2009-06-07 00:43 2011750400 --sha-w- \hiberfil.sys
2009-06-07 03:21 . 2007-04-24 17:54 2325676032 --sha-w- \pagefile.sys
2009-06-07 02:20 . 2008-05-19 02:54 -------- d-----w- c:\program files\Steam
2009-06-06 21:27 . 2008-06-09 10:47 1356 ----a-w- c:\users\Daniel Chang\AppData\Local\d3d9caps.dat
2009-06-06 21:23 . 2007-09-23 15:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-06 21:03 . 2007-04-24 18:49 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-06 18:12 . 2007-09-20 23:16 -------- d-----w- c:\program files\Viewpoint
2009-06-06 15:37 . 2008-01-11 22:44 -------- d-----w- c:\program files\Warcraft III
2009-06-05 01:01 . 2008-09-05 00:08 -------- d-----w- c:\program files\Ragnarok Frontier
2009-06-01 02:08 . 2007-12-05 00:08 5390 ----a-w- c:\users\Daniel Chang\AppData\Roaming\wklnhst.dat
2009-05-19 20:55 . 2008-05-19 02:54 -------- d-----w- c:\program files\Common Files\Steam
2009-04-26 19:50 . 2009-04-26 19:50 -------- d-----w- c:\program files\Apple Software Update
2009-04-15 18:52 . 2008-12-28 16:13 -------- d-----w- c:\users\Daniel Chang\AppData\Roaming\uTorrent
2009-03-20 00:21 . 2008-01-11 22:48 77595 ----a-w- c:\windows\War3Unin.dat
2009-03-16 02:16 . 2009-03-16 02:14 15919168 ----a-w- c:\users\Daniel Chang\AppData\Roaming\Adobe\Acrobat\6.0\Updater\Ac 60PrP1.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-06 50528]
"Steam"="c:\program files\steam\steam.exe" [2009-05-18 1217784]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2006-08-21 665600]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-02-06 3572984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"SnapfishMediaDetector"="c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe" [2007-03-02 1441792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-13 1732608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"Macro Manager"="c:\program files\GrassSoft\Mouse Recorder\MacroManager.exe" [2007-10-25 2146304]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2009-02-18 92704]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"PCDrProfiler"="c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe" [2007-02-08 73728]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-13 110592]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Snapfish Media Detector.lnk - c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe [2007-3-2 1441792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{87D83E83-D333-467D-AE35-885B5CD76B41}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D9C31F46-BC7B-4F42-9D29-EF20E3BD4921}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8E28FB53-0613-4605-A2A4-A8D921636135}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{CC72DC5A-C75C-49C7-A3E5-654B4AE2FFC5}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A0E68D27-0623-4BEA-B02A-3A45AFBA3B8E}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{994D992D-FC82-4B65-B300-AC250F8D453E}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D3153266-F3C2-423C-80DC-654067BE065C}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B397EA17-5F85-4598-B491-FF856B065299}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0F077CA6-C880-48A1-AE74-4FF041817D38}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{090FC032-D1F7-4B14-B68C-9484342D85CE}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C85AD8CD-3A41-45D0-A62A-CA73C10C0E94}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{686CAF86-480E-41D3-A3F9-0F8CB497FAAA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{D8FE9937-A55D-494E-9827-C4FB2CE44AF1}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{677E89B3-8E33-457F-A77C-DB274188744A}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{7415932E-5BCA-4683-AFC9-5AADFD0E4CE3}c:\\program files\\aim\\aim.exe"= UDP:c:\program files\aim\aim.exe:AOL Instant Messenger
"UDP Query User{6F343533-3B33-473B-ADA0-79789A25A69B}c:\\program files\\aim\\aim.exe"= TCP:c:\program files\aim\aim.exe:AOL Instant Messenger
"TCP Query User{DB488231-262B-40E6-A7D5-26B1C0C70977}c:\\ijji\\english\\u_gbound.exe"= UDP:c:\ijji\english\u_gbound.exe:<ijji Downloader>
"UDP Query User{BA1A79A0-D89E-484A-81DE-536842F872E9}c:\\ijji\\english\\u_gbound.exe"= TCP:c:\ijji\english\u_gbound.exe:<ijji Downloader>
"TCP Query User{46DC4D2E-FAD4-4096-86E3-6735EFC86AB3}c:\\ijji\\english\\gunbound revolution\\gunbound.gme"= UDP:c:\ijji\english\gunbound revolution\gunbound.gme:GunBound
"UDP Query User{7588008C-A363-4283-B5EC-525A3D63BF18}c:\\ijji\\english\\gunbound revolution\\gunbound.gme"= TCP:c:\ijji\english\gunbound revolution\gunbound.gme:GunBound
"{4E6120B5-E4B8-4247-80B5-D92B7930359C}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{DFC459C3-834A-4C70-BA81-4836DAA5369E}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{A0B214B0-D110-4D79-80CC-B56E19AA63C6}c:\\nexon\\maplestory\\maplestory.exe "= UDP:c:\nexon\maplestory\maplestory.exe:MapleStory
"UDP Query User{9A2AD94F-079B-4632-9F65-8C862D6862C4}c:\\nexon\\maplestory\\maplestory.exe "= TCP:c:\nexon\maplestory\maplestory.exe:MapleStory
"{3A511060-49DC-4538-9C36-529A7F698422}"= UDP:c:\program files\FrostWire\FrostWire.exe:LimeWire
"{01129BAA-1BD1-4047-8F55-EC5CBB6E9135}"= TCP:c:\program files\FrostWire\FrostWire.exe:LimeWire
"TCP Query User{E5502957-7D4C-41AA-BFDF-415B40AF78A6}c:\\program files\\steam\\steamapps\\henrypwnzu\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\henrypwnzu\team fortress 2\hl2.exe:hl2
"UDP Query User{9A2BFBFF-B37A-4091-9418-0EA781ADD5C3}c:\\program files\\steam\\steamapps\\henrypwnzu\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\henrypwnzu\team fortress 2\hl2.exe:hl2
"{1EB3226B-FD6C-4DFA-A3A5-57EB823C2801}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{ACDB27A7-2050-493B-9F2D-9484BBCBC81F}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"TCP Query User{F69973A3-A287-4014-B866-809237A37832}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{F175501D-E789-41CD-BEEF-341D4A89DCBD}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{D8F1E650-E0A6-426B-A051-0D4BBA8C0071}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{9C25260A-E929-43AB-B2C4-3EF897F788C9}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{0DF5D957-6046-4222-99AB-ACC5232B77A4}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{6FDF2C16-F550-46A3-A227-B0DBC2162A3D}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{3D00EF56-4165-4E36-A150-F36980A502F7}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{D1B3CEF3-E972-4B60-9A0F-2F977961DD7D}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"{C81B11CF-4AF3-4C60-9F4E-5CAAED694B2B}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{533AECF5-7DFF-4757-A9C6-8FED8809998D}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{F926C246-F56B-4E14-BBEE-5A88CD2520D4}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{4142A354-F16F-4772-9DB9-DEDF69399FE4}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{C76FB5E5-5137-4E0D-B5DD-16F63DFA5A2E}"= UDP:c:\users\Daniel Chang\AppData\Local\Temp\7zSDF08.tmp\SymNRT.exe:No rton Removal Tool
"{524A2746-9CEE-4850-8EBC-2681A8CDDFBB}"= TCP:c:\users\Daniel Chang\AppData\Local\Temp\7zSDF08.tmp\SymNRT.exe:No rton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfw tdir.sys [12/21/2007 9:21 AM 33800]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 9:21 AM 468224]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/15/2008 11:17 AM 24652]
S2 Macro Expert;Macro Expert;c:\program files\GrassSoft\Mouse Recorder\MacroService.exe [9/24/2007 1:17 AM 155648]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [8/2/2005 5:10 PM 32512]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-07 c:\windows\Tasks\User_Feed_Synchronization-{15A7E520-0D67-4A68-8B92-9800A531B755}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
HKLM-Run-BVRPLiveUpdate - c:\program files\Avanquest update\Engine\Setup.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://isk118.com/partnerlogin.php
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Daniel Chang\AppData\Roaming\Mozilla\Firefox\Profiles\8dr z0xqd.dannyz0rs\
FF - prefs.js: browser.startup.homepage - hxxp://www.xenophase.net/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.d ll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-06-06 23:32
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-07 23:34
ComboFix-quarantined-files.txt 2009-06-07 03:34

Pre-Run: 226,459,725,824 bytes free
Post-Run: 232,664,072,192 bytes free

223 --- E O F --- 2008-12-25 05:33




Hijackthis-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:37 PM, on 6/6/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
c:\program files\grasssoft\mouse recorder\MacroServiceWnd.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\Explorer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = :: www.isk118.com ::
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Internet Explorer Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = Search Assistant
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Macro Manager] C:\Program Files\GrassSoft\Mouse Recorder\MacroManager.exe /q
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macro Expert - Grass Software - c:\program files\grasssoft\mouse recorder\MacroService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10229 bytes
Reply With Quote