1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

annoying pop up (unknown trojan) system error

Discussion in 'Malware and Virus Removal Archive' started by semoo201, 2008/02/12.

  1. 2008/02/12
    semoo201

    semoo201 Inactive Thread Starter

    Joined:
    2008/02/12
    Messages:
    7
    Likes Received:
    0
    hey, i have windows vista as my operating system .....i keep getting this annoying pop up error message everytime and its extremey annoying :eek:

    ( system error))

    your computer was infected by unknown trojan,its dangerous for your system (critical files coule be lost)!click ok to download the antispyware program to cleanyour system recomnded.


    i have like 4 or 5 anti syware and i scanned my computer over 5 tims but istill cant gt ride of this annoyin error idk wat to do now could you plsss help me out !!!

    i have downloaded mitfraude fix and scanned my computer and that is what i got in the report


    SmitFraudFix v2.287

    Scan done at 1:00:37.12, Wed 02/13/2008
    Run from C:\Windows\System32\SmitfraudFix
    OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\SpywareRemover\SpywareRemover.srv.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Users\Semoo\AppData\Local\rlmfbew.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\SMINST\CD Creator.exe
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Semoo


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Semoo\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Semoo\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs "=" "
    "LoadAppInit_DLLs "=dword:00000000


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Westell WireSpeed Dual Connect Modem
    DNS Server Search Order: 192.168.1.1
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{2CE970C0-03F7-4C10-913D-47FEFF9011FC}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{2CE970C0-03F7-4C10-913D-47FEFF9011FC}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{2CE970C0-03F7-4C10-913D-47FEFF9011FC}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

    thank you in advnce i could get this problem fixed :confused:
     
    semoo201,
    #1
  2. 2008/02/12
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi semoo201
    Welcome to Windowsbbs. :)

    Please download and install HijackThis and Run a scan then close HJT, then run Deckard's System Scanner and post the main.txt log here. Links and instructions here.

    Thanks
    Geri
     
    Geri,
    #2


  3. to hide this advert.

  4. 2008/02/12
    semoo201

    semoo201 Inactive Thread Starter

    Joined:
    2008/02/12
    Messages:
    7
    Likes Received:
    0
    HEY , THANX FOR YOUR REPLAY I BEEN ANXIOUSLY WAITING :rolleyes: OKAY NOW HERE IS WHAT I GOT



    Deckard's System Scanner v20071014.68
    Run by Semoo on 2008-02-14 00:42:20
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- Last 5 Restore Point(s) --
    6: 2008-02-13 08:41:43 UTC - RP97 - Configured EA Link
    5: 2008-02-13 05:41:01 UTC - RP95 - Installed SpywareRemover
    4: 2008-02-13 02:52:10 UTC - RP94 - Installed SUPERAntiSpyware Free Edition
    3: 2008-02-13 02:47:09 UTC - RP93 - Installed Sunbelt CounterSpy.
    2: 2008-02-12 10:30:15 UTC - RP92 - Installed Ad-Aware 2007


    -- First Restore Point --
    1: 2008-02-12 07:28:44 UTC - RP91 - Installed Adobe Reader 8.1.2


    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 959 MiB (1024 MiB recommended).


    -- HijackThis (run as Semoo.exe) -----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:47:43 ?, on 14/02/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16575)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\SpywareRemover\SpywareRemover.srv.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Windows\System32\spoolsv.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Users\Semoo\AppData\Local\rlmfbew.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
    c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    C:\Windows\system32\svchost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\Semoo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5DPL2H6\dss[1].exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\conime.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Semoo.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {5CF87193-FD1E-4400-863D-FD9AFC5F402F} - C:\Windows\AcroIEHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
    O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
    O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [rlmfbew] c:\users\semoo\appdata\local\rlmfbew.exe rlmfbew
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [SpywareRemover] C:\Program Files\SpywareRemover\SpywareRemover.exe -boot
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
    O4 - Global Startup: Vongo Tray.lnk = ?
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
    O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://www.cherrytreeinn.com:8080/kxhcm10.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
    O23 - Service: SpywareRemover Scanning Engine (SpywareRemoverSrv) - Unknown owner - C:\Program Files\SpywareRemover\SpywareRemover.srv.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 13250 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 SASDIFSV - \??\c:\program files\superantispyware\sasdifsv.sys
    R1 SASKUTIL - \??\c:\program files\superantispyware\saskutil.sys
    R3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>
    R2 SpyHunter3 Service - "c:\program files\enigma software group\spyhunter\shservice.exe" <Not Verified; Enigma Software Group, Inc.; SpyHunter3>

    S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
    S3 Com4Qlb - "c:\program files\hewlett-packard\hp quick launch buttons\com4qlb.exe" <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>
    S3 Vongo Service - "c:\program files\vongo\vongoservice.exe" <Not Verified; Starz Entertainment Group LLC; Vongo>


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2008-02-13 19:35:08 520 --a------ C:\Windows\Tasks\SpywareRemover Scheduled Scan.job
    2008-02-13 18:36:38 418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{E4C43625-9AC9-4017-84D2-7F1C69C17AFC}.job
    2008-02-11 23:04:51 546 --a------ C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Semoo.job


    -- Files created between 2008-01-14 and 2008-02-14 -----------------------------

    2008-02-14 00:19:33 0 d-------- C:\Program Files\Trend Micro
    2008-02-13 19:08:19 0 d-------- C:\VundoFix Backups
    2008-02-13 00:59:30 0 d-------- C:\Windows\system32\SmitfraudFix <SMITFR~1>
    2008-02-12 23:11:00 5910 --a------ C:\Windows\system32\tmp.reg
    2008-02-12 23:09:22 0 d-------- C:\Users\Semoo\SmitfraudFix <SMITFR~1>
    2008-02-12 23:02:27 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-02-12 22:15:33 0 d-------- C:\Program Files\Enigma Software Group
    2008-02-12 21:42:27 0 d-------- C:\Program Files\SpywareRemover
    2008-02-12 19:22:34 0 --a------ C:\Windows\system32\SBRC.dat
    2008-02-12 19:22:34 0 --a------ C:\Windows\system32\SBFC.dat
    2008-02-12 18:53:51 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
    2008-02-12 18:53:21 0 d-------- C:\Program Files\SUPERAntiSpyware
    2008-02-12 18:50:48 0 d-------- C:\Users\All Users\Sunbelt Software
    2008-02-12 18:49:05 0 d-------- C:\Program Files\Sunbelt Software
    2008-02-12 15:56:01 0 d-------- C:\Program Files\Spyware Doctor
    2008-02-12 02:31:21 0 d-------- C:\Program Files\Lavasoft
    2008-02-12 02:31:19 0 d-------- C:\Users\All Users\Lavasoft
    2008-02-12 02:29:48 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-12 02:11:04 228352 --a------ C:\Windows\AcroIEHelper.dll <Not Verified; Adobe; >
    2008-02-12 02:10:53 51 --a------ C:\tmp.bat
    2008-02-11 23:26:19 0 d-------- C:\Users\All Users\Google
    2008-02-11 23:26:05 0 d-------- C:\Program Files\Google
    2008-02-10 02:53:05 0 d-------- C:\Program Files\KONAMI
    2008-02-05 03:14:00 0 d-------- C:\Users\All Users\Double Trump
    2008-02-05 03:13:32 0 d-------- C:\Program Files\PlayOn
    2008-02-04 21:49:57 0 d-------- C:\Program Files\DkZ Studio
    2008-01-31 22:44:15 0 d-------- C:\Users\All Users\GoBit Games
    2008-01-31 22:43:53 0 d-a------ C:\Users\All Users\TEMP
    2008-01-31 18:55:09 0 d-------- C:\Program Files\QuickTime
    2008-01-31 18:55:08 0 d-------- C:\Users\All Users\Apple Computer
    2008-01-31 18:50:58 0 d-------- C:\Program Files\Internet Download Manager
    2008-01-31 18:21:53 0 d-------- C:\Program Files\inKline Global
    2008-01-31 17:59:06 0 d-------- C:\Program Files\DSL Speed
    2008-01-31 12:59:22 737280 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
    2008-01-30 23:21:38 0 d-------- C:\Program Files\DAEMON Tools
    2008-01-30 23:16:32 682232 --a------ C:\Windows\system32\drivers\sptd.sys
    2008-01-29 12:43:26 0 d-------- C:\Program Files\SopCast
    2008-01-28 02:44:19 0 d-------- C:\Users\All Users\TVU networks
    2008-01-27 01:57:37 0 d-------- C:\Program Files\WebMediaPlayer
    2008-01-23 17:13:52 0 d-------- C:\Program Files\Apple Software Update
    2008-01-23 17:13:51 0 d-------- C:\Users\All Users\Apple
    2008-01-20 04:28:27 0 -rahs---- C:\MSDOS.SYS
    2008-01-20 04:28:27 0 -rahs---- C:\IO.SYS
    2008-01-20 01:19:11 0 d-------- C:\Program Files\MSXML 4.0
    2008-01-17 21:26:06 0 d-------- C:\Program Files\Voxware Audio decoder
    2008-01-17 14:54:34 0 d-------- C:\Program Files\Common Files\PX Storage Engine
    2008-01-17 14:54:29 0 d-------- C:\Program Files\DivX
    2008-01-17 14:44:32 0 d-------- C:\Program Files\Common Files\xing shared
    2008-01-17 14:44:08 0 d-------- C:\Program Files\Real
    2008-01-17 14:44:04 0 d-------- C:\Program Files\Common Files\Real
    2008-01-17 00:02:58 43520 --a------ C:\Windows\system32\CmdLineExt03.dll <CMDLIN~1.DLL>
    2008-01-16 01:39:38 0 d-------- C:\Windows\PaltalkScene
    2008-01-16 01:39:37 0 d-------- C:\Program Files\Paltalk Messenger
    2008-01-16 00:51:48 0 d-------- C:\Program Files\Common Files\Logitech
    2008-01-16 00:51:47 0 d-------- C:\Program Files\Logitech
    2008-01-15 20:41:34 0 d-------- C:\Users\All Users\Yahoo! Companion
    2008-01-15 19:56:05 0 d-------- C:\Program Files\Ares
    2008-01-15 19:13:53 0 d-------- C:\Users\All Users\MinigolfAdventures
    2008-01-15 19:05:45 0 dr------- C:\Users\Semoo\Searches
    2008-01-15 19:05:29 0 dr------- C:\Users\Semoo\Contacts
    2008-01-15 19:05:18 81 --a------ C:\Windows\system32\LOG
    2008-01-15 19:05:15 44 --a------ C:\Windows\system\hpsysdrv.dat
    2008-01-15 18:51:49 0 d-------- C:\Program Files\Yahoo!
    2008-01-15 18:50:18 0 d-------- C:\Users\All Users\Electronic Arts
    2008-01-15 18:40:29 0 d--hs---- C:\Users\Semoo\Templates
    2008-01-15 18:40:29 0 d--hs---- C:\Users\Semoo\Start Menu
    2008-01-15 18:40:29 0 d--hs---- C:\Users\Semoo\SendTo
    2008-01-15 18:40:29 0 d--hs---- C:\Users\Semoo\Recent
    2008-01-15 18:40:29 0 d--hs---- C:\Users\Semoo\PrintHood
    2008-01-15 18:40:29 0 d--hs---- C:\Users\Semoo\NetHood
    2008-01-15 18:40:29 0 d--hs---- C:\Users\Semoo\My Documents
    2008-01-15 18:40:29 0 d--hs---- C:\Users\Semoo\Local Settings
    2008-01-15 18:40:29 0 d--hs---- C:\Users\Semoo\Cookies
    2008-01-15 18:40:29 0 d--hs---- C:\Users\Semoo\Application Data
    2008-01-15 18:40:28 0 dr------- C:\Users\Semoo\Videos
    2008-01-15 18:40:28 0 dr------- C:\Users\Semoo\Saved Games
    2008-01-15 18:40:28 0 dr------- C:\Users\Semoo\Pictures
    2008-01-15 18:40:28 2621440 --ahs---- C:\Users\Semoo\NTUSER.DAT
    2008-01-15 18:40:28 0 dr------- C:\Users\Semoo\Music
    2008-01-15 18:40:28 0 dr------- C:\Users\Semoo\Links
    2008-01-15 18:40:28 0 dr------- C:\Users\Semoo\Favorites
    2008-01-15 18:40:28 0 dr------- C:\Users\Semoo\Downloads
    2008-01-15 18:40:28 0 dr------- C:\Users\Semoo\Documents
    2008-01-15 18:40:28 0 dr------- C:\Users\Semoo\Desktop
    2008-01-15 18:40:28 0 d--h----- C:\Users\Semoo\AppData
    2008-01-15 07:37:16 0 d--hs---- C:\System Volume Information


    -- Find3M Report ---------------------------------------------------------------

    2008-02-13 19:35:23 27335 --a------ C:\Users\Semoo\AppData\Roaming\nvModes.001
    2008-02-13 19:00:20 27335 --a------ C:\Users\Semoo\AppData\Roaming\nvModes.dat
    2008-02-13 00:43:36 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-02-12 21:44:26 0 d-------- C:\Users\Semoo\AppData\Roaming\SpywareRemover
    2008-02-12 20:05:00 0 d-------- C:\Users\Semoo\AppData\Roaming\Adobe
    2008-02-12 18:53:21 0 d-------- C:\Users\Semoo\AppData\Roaming\SUPERAntiSpyware.com
    2008-02-12 18:51:04 0 d-------- C:\Users\Semoo\AppData\Roaming\Sunbelt Software
    2008-02-12 18:37:36 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2008-02-12 15:56:01 0 d-------- C:\Users\Semoo\AppData\Roaming\PC Tools
    2008-02-12 02:29:48 0 d-------- C:\Program Files\Common Files
    2008-02-12 00:49:24 0 d-------- C:\Users\Semoo\AppData\Roaming\Google
    2008-02-11 23:30:44 0 d-------- C:\Program Files\Common Files\Adobe
    2008-02-11 18:59:01 0 d-------- C:\Users\Semoo\AppData\Roaming\Move Networks
    2008-02-10 01:28:47 0 d-------- C:\Program Files\Microsoft Works
    2008-02-08 01:28:52 0 d-------- C:\Users\Semoo\AppData\Roaming\DMCache
    2008-02-04 16:41:08 0 d-------- C:\Program Files\HP Games
    2008-02-01 00:12:31 0 d-------- C:\Users\Semoo\AppData\Roaming\Gaijin Ent
    2008-01-31 21:56:26 0 d-------- C:\Users\Semoo\AppData\Roaming\IDM
    2008-01-31 17:32:10 0 d-------- C:\Users\Semoo\AppData\Roaming\GTek
    2008-01-31 16:56:21 0 d-------- C:\Users\Semoo\AppData\Roaming\Paltalk
    2008-01-31 16:51:27 0 d-------- C:\Program Files\Microsoft Games
    2008-01-28 02:44:26 0 d-------- C:\Users\Semoo\AppData\Roaming\TVU networks
    2008-01-23 01:28:13 0 d-------- C:\Program Files\Norton Internet Security
    2008-01-22 22:08:45 0 d-------- C:\Program Files\Symantec
    2008-01-22 03:15:55 0 d-------- C:\Program Files\Windows Mail
    2008-01-21 23:59:58 0 d-------- C:\Users\Semoo\AppData\Roaming\PlayFirst
    2008-01-21 23:59:58 0 d-------- C:\Users\Semoo\AppData\Roaming\Macromedia
    2008-01-21 23:48:46 0 d-------- C:\Users\Semoo\AppData\Roaming\7Wonders
    2008-01-20 03:17:58 0 d-------- C:\Program Files\Windows Sidebar
    2008-01-17 14:56:01 0 d-------- C:\Users\Semoo\AppData\Roaming\DivX
    2008-01-17 14:46:54 0 d-------- C:\Users\Semoo\AppData\Roaming\Real
    2008-01-16 23:32:00 0 d-------- C:\Users\Semoo\AppData\Roaming\WinRAR
    2008-01-16 16:44:34 0 d-------- C:\Users\Semoo\AppData\Roaming\CyberLink
    2008-01-16 16:44:31 0 d-------- C:\Users\Semoo\AppData\Roaming\HP
    2008-01-15 23:23:11 0 d-------- C:\Users\Semoo\AppData\Roaming\Hewlett-Packard
    2008-01-15 20:41:35 0 d-------- C:\Users\Semoo\AppData\Roaming\Yahoo!
    2008-01-15 19:12:32 0 d-------- C:\Users\Semoo\AppData\Roaming\WildTangent
    2008-01-15 19:06:34 0 d-------- C:\Users\Semoo\AppData\Roaming\Symantec
    2008-01-15 19:05:32 0 d-------- C:\Users\Semoo\AppData\Roaming\Identities
    2008-01-15 18:52:15 0 dr------- C:\Program Files\Online Services
    2008-01-04 13:58:50 3596288 --a------ C:\Windows\system32\qt-dx331.dll
    2008-01-04 13:57:22 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2008-01-04 13:57:22 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2008-01-04 13:57:12 823296 --a------ C:\Windows\system32\divx_xx07.dll <DIVX_X~2.DLL> <Not Verified; DivX, Inc.; DivX®>
    2008-01-04 13:57:10 802816 --a------ C:\Windows\system32\divx_xx11.dll <DIVX_X~3.DLL> <Not Verified; DivX, Inc.; DivX?>
    2008-01-04 13:57:10 823296 --a------ C:\Windows\system32\divx_xx0c.dll <DIVX_X~1.DLL> <Not Verified; DivX, Inc.; DivX®>
    2008-01-04 13:57:10 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
    2008-01-04 13:56:24 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll <DIVXWM~1.DLL>
    2007-12-14 01:17:18 0 d-------- C:\Program Files\HPQ
    2007-12-14 01:17:15 0 d-------- C:\Program Files\Hewlett-Packard
    2007-12-14 01:15:37 0 d-------- C:\Program Files\HP
    2007-12-14 01:12:11 0 d-------- C:\Program Files\Atheros
    2007-12-14 01:11:48 0 d-------- C:\Program Files\CONEXANT
    2007-12-14 01:10:06 0 d-------- C:\Program Files\NetWaiting
    2007-12-14 01:08:39 0 d-------- C:\Program Files\Synaptics


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CF87193-FD1E-4400-863D-FD9AFC5F402F}]
    02/12/2008 02:11 AM 228352 --a------ C:\Windows\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
    08/24/2007 05:51 PM 316784 --a------ c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    02/01/2008 01:49 AM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7}]
    08/31/2007 10:32 AM 177504 --a------ c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvSvc "= "C:\Windows\system32\nvsvc.dll" [09/28/2007 12:06 AM]
    "NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [09/28/2007 12:06 AM]
    "NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [09/28/2007 12:06 AM]
    "SynTPStart "= "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [09/15/2007 12:29 AM]
    "QPService "= "C:\Program Files\HP\QuickPlay\QPService.exe" [10/02/2007 09:00 PM]
    "QlbCtrl "= "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [09/06/2007 01:46 PM]
    "Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [10/24/2007 11:36 PM]
    "ccApp "= "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/31/2008 01:15 PM]
    "hpqSRMon "= "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [08/22/2007 03:31 PM]
    "HP Health Check Scheduler "= "[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" []
    "HP Software Update "= "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [05/08/2007 03:24 PM]
    "hpWirelessAssistant "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [09/13/2007 07:47 AM]
    "WAWifiMessage "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [01/08/2007 02:53 PM]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 03:00 AM]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/17/2008 02:44 PM]
    "PC Booster "= "C:\Program Files\inKline Global\PC Booster\pcbooster.exe" [11/30/2007 05:16 PM]
    "QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [01/10/2008 03:27 PM]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
    "ISTray "= "C:\Program Files\Spyware Doctor\pctsTray.exe" [12/10/2007 02:53 PM]
    "@ "=" " []
    "SBCSTray "= "C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [06/15/2007 03:17 PM]
    "SpyHunter Security Suite "= "C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe" [01/23/2008 02:48 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [01/20/2008 01:23 AM]
    "HPAdvisor "= "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [10/01/2007 03:10 PM]
    "ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [11/02/2006 04:35 AM]
    "DAEMON Tools "= "C:\Program Files\DAEMON Tools\daemon.exe" [04/03/2007 02:29 PM]
    "ares "= "C:\Program Files\Ares\Ares.exe" [03/03/2007 07:31 AM]
    "WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 04:36 AM]
    "rlmfbew "= "c:\users\semoo\appdata\local\rlmfbew.exe" [02/09/2008 03:28 PM]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [02/11/2008 11:26 PM]
    "SUPERAntiSpyware "= "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]
    "SpywareRemover "= "C:\Program Files\SpywareRemover\SpywareRemover.exe" [02/11/2008 02:31 PM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "=2 (0x2)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @= "IEEE 1394 Bus host controllers "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @= "SBP2 IEEE 1394 Devices "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @= "SecurityDevices "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

    *Newly Created Service* - COMHOST
    *Newly Created Service* - SBAPIFS

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-02-14 00:51:47 ------------
     
    Last edited: 2008/02/12
    semoo201,
    #3
  5. 2008/02/13
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi semoo201

    Having any p2p file sharing apps such as Limewire, BitTorrent uTorrent etc.. is almost like inviting malware into your computer. There is absolutely no way for you to know which of the hundreds of thousands of users you are sharing files with are infected or not.
    I strongly recommend removing any P2P applications.


    Please go to Start > Control Panel > Programs and Features and remove the following (if present):

    SpywareRemover

    Please note any other programs that you dont recognize in that list and post them in your next response

    Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these folders (if present):

    C:\Program Files\SpywareRemover

    Please reboot.
    Let me know if you still get the pop-ups.

    Thanks
    Geri
     
    Geri,
    #4
  6. 2008/02/13
    semoo201

    semoo201 Inactive Thread Starter

    Joined:
    2008/02/12
    Messages:
    7
    Likes Received:
    0
    still getting the pop-ups !!

    hey Geri


    I just removed ares and all the stuff i downloaded throu it , i also uninstalled

    spyware remover and some other programs that i dont recognize and

    restarted the pc but Still i got the pop -ups .. what do you think i should do

    nxt ..!! :confused:




    thanx in advance :)


    semoo201
     
    semoo201,
    #5
  7. 2008/02/14
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi semoo201

    Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

    O4 - HKCU\..\Run: [rlmfbew] c:\users\semoo\appdata\local\rlmfbew.exe rlmfbew

    Now close all windows other than HiJackThis, then click Fix Checked.

    Close HJT.


    Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these files (if present):

    c:\users\semoo\appdata\local\rlmfbew.exe

    After that, Reboot.

    Please post a New HJT Log into this Thread.
    Let me know if you still get the pop-up

    Thanks
    Geri
     
    Geri,
    #6
  8. 2008/02/15
    semoo201

    semoo201 Inactive Thread Starter

    Joined:
    2008/02/12
    Messages:
    7
    Likes Received:
    0
    hey Geri


    i did just dat but didnt work , i still get the pop ups :rolleyes: ..

    here is my HJT LOG



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 02:04:55 ?, on 16/02/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
    c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\servicing\TrustedInstaller.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {5CF87193-FD1E-4400-863D-FD9AFC5F402F} - C:\Windows\AcroIEHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
    O4 - Global Startup: Vongo Tray.lnk = ?
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
    O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://www.cherrytreeinn.com:8080/kxhcm10.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 11324 bytes





    thanx in advance :)
     
    semoo201,
    #7
  9. 2008/02/15
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi semoo201
    OK, lets run this tool, make sure you follow the Vista instruction.

    Download ComboFix from [color= "Red"]Here[/color] to your Desktop.
    It's best to disable realtime protection applications as they sometimes interfere with the tool. Check this link for any applicable programs you may have.
    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • Vista users right click Combofix.exe and select Run As Administrator. <<<
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Please post the Combofix log.

    Thanks
    Geri
     
    Geri,
    #8
  10. 2008/02/16
    semoo201

    semoo201 Inactive Thread Starter

    Joined:
    2008/02/12
    Messages:
    7
    Likes Received:
    0
    Hi Geri,


    okay here is compofix's log



    ComboFix 08-02-16.2 - Semoo 02/17/2008 1:33:01.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.275 [GMT -8:00]
    Running from: C:\Users\Semoo\Documents\Downloads\Programs\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\webmediaplayer
    C:\Program Files\webmediaplayer\Privacy Policy.url
    C:\Program Files\webmediaplayer\resources\languages_v2.xml
    C:\Program Files\webmediaplayer\resources\webmedias
    C:\Program Files\webmediaplayer\skins\classic.skn
    C:\Program Files\webmediaplayer\sqlite3.dll
    C:\Program Files\webmediaplayer\Terms and conditions.url
    C:\Program Files\webmediaplayer\uninst.exe
    C:\Program Files\webmediaplayer\WebMediaPlayer.exe
    C:\Program Files\webmediaplayer\Website.url
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Privacy Policy.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Terms and conditions.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.lnk
    C:\Users\Semoo\AppData\Local\rlmfbew.dat
    C:\Users\Semoo\AppData\Local\rlmfbew.exe
    C:\Users\Semoo\AppData\Local\rlmfbew_nav.dat
    C:\Users\Semoo\AppData\Local\rlmfbew_navps.dat
    C:\Windows\system32\KBL.LOG
    C:\Windows\system32\nvs2.inf

    .
    ((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
    .

    No new files created in this timespan

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-17 09:30 --------- d-----w C:\Users\Semoo\AppData\Roaming\DMCache
    2008-02-17 05:19 --------- d---a-w C:\ProgramData\TEMP
    2008-02-17 03:39 --------- d-----w C:\ProgramData\Symantec
    2008-02-16 13:57 27,335 ----a-w C:\Users\Semoo\AppData\Roaming\nvModes.dat
    2008-02-16 10:34 --------- d-----w C:\Program Files\Essentials Codec Pack
    2008-02-15 23:10 --------- d-----w C:\Program Files\Game Cam v1.4
    2008-02-15 11:21 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-02-15 11:21 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-02-15 11:15 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-02-15 11:15 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-02-15 11:15 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-02-15 11:15 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-02-15 11:15 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-02-15 11:15 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
    2008-02-15 11:15 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
    2008-02-15 11:14 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-15 11:14 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-02-15 11:14 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-02-15 11:14 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-15 11:14 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-02-15 11:13 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-15 11:13 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-15 11:13 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-02-15 11:13 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-15 11:13 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-15 11:13 1,686,528 ----a-w C:\Windows\System32\gameux.dll
    2008-02-15 11:05 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-15 11:05 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-15 11:05 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-15 11:05 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-15 08:30 --------- d-----w C:\Program Files\Google
    2008-02-15 08:26 --------- d-----w C:\Program Files\Spyware Doctor
    2008-02-15 08:24 --------- d-----w C:\ProgramData\Lavasoft
    2008-02-15 08:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-14 08:19 --------- d-----w C:\Program Files\Trend Micro
    2008-02-14 03:30 5,910 ----a-w C:\Windows\System32\tmp.reg
    2008-02-13 23:37 --------- d-----w C:\Program Files\SUPERAntiSpyware
    2008-02-13 08:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-13 07:02 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-02-13 06:15 --------- d-----w C:\Program Files\Enigma Software Group
    2008-02-13 05:44 --------- d-----w C:\Users\Semoo\AppData\Roaming\SpywareRemover
    2008-02-13 02:53 --------- d-----w C:\Users\Semoo\AppData\Roaming\SUPERAntiSpyware.com
    2008-02-13 02:53 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
    2008-02-13 02:51 --------- d-----w C:\Users\Semoo\AppData\Roaming\Sunbelt Software
    2008-02-13 02:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-02-12 23:56 --------- d-----w C:\Users\Semoo\AppData\Roaming\PC Tools
    2008-02-12 10:11 51 ----a-w C:\tmp.bat
    2008-02-12 10:11 228,352 ----a-w C:\Windows\AcroIEHelper.dll
    2008-02-12 07:30 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-02-12 02:59 --------- d-----w C:\Users\Semoo\AppData\Roaming\Move Networks
    2008-02-10 10:53 --------- d-----w C:\Program Files\KONAMI
    2008-02-10 09:46 --------- d-----w C:\Program Files\DivX
    2008-02-10 09:28 --------- d-----w C:\Program Files\Microsoft Works
    2008-02-05 11:14 --------- d-----w C:\ProgramData\Double Trump
    2008-02-05 11:13 --------- d-----w C:\Program Files\PlayOn
    2008-02-05 05:49 737,280 ----a-w C:\Windows\iun6002.exe
    2008-02-05 03:21 --------- d-----w C:\ProgramData\WildTangent
    2008-02-05 00:41 --------- d-----w C:\Program Files\HP Games
    2008-02-02 23:00 --------- d-----w C:\Program Files\Ares
    2008-02-01 08:12 --------- d-----w C:\Users\Semoo\AppData\Roaming\Gaijin Ent
    2008-02-01 06:44 --------- d-----w C:\ProgramData\GoBit Games
    2008-02-01 05:56 --------- d-----w C:\Users\Semoo\AppData\Roaming\IDM
    2008-02-01 02:55 --------- d-----w C:\ProgramData\Apple Computer
    2008-02-01 02:55 --------- d-----w C:\Program Files\QuickTime
    2008-02-01 02:51 --------- d-----w C:\Program Files\Internet Download Manager
    2008-02-01 02:21 --------- d-----w C:\Program Files\inKline Global
    2008-02-01 01:59 --------- d-----w C:\Program Files\DSL Speed
    2008-02-01 01:32 --------- d-----w C:\Users\Semoo\AppData\Roaming\GTek
    2008-02-01 00:56 --------- d-----w C:\Users\Semoo\AppData\Roaming\Paltalk
    2008-02-01 00:56 --------- d-----w C:\Program Files\Paltalk Messenger
    2008-02-01 00:51 --------- d-----w C:\Program Files\Microsoft Games
    2008-01-31 07:22 --------- d-----w C:\Program Files\DAEMON Tools
    2008-01-31 07:16 682,232 ----a-w C:\Windows\system32\drivers\sptd.sys
    2008-01-28 10:44 --------- d-----w C:\Users\Semoo\AppData\Roaming\TVU networks
    2008-01-28 10:44 --------- d-----w C:\ProgramData\TVU networks
    2008-01-24 01:13 --------- d-----w C:\ProgramData\Apple
    2008-01-24 01:13 --------- d-----w C:\Program Files\Apple Software Update
    2008-01-23 09:28 --------- d-----w C:\ProgramData\Microsoft Help
    2008-01-23 09:28 --------- d-----w C:\Program Files\Norton Internet Security
    2008-01-23 06:08 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
    2008-01-23 06:08 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
    2008-01-23 06:08 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
    2008-01-23 06:08 --------- d-----w C:\Program Files\Symantec
    2008-01-22 11:15 --------- d-----w C:\Program Files\Windows Mail
    2008-01-22 11:06 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
    2008-01-22 11:05 86,016 ----a-w C:\Windows\System32\icfupgd.dll
    2008-01-22 11:05 7,680 ----a-w C:\Windows\System32\spwmp.dll
    2008-01-22 11:05 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
    2008-01-22 11:05 61,952 ----a-w C:\Windows\System32\cmifw.dll
    2008-01-22 11:05 4,096 ----a-w C:\Windows\System32\dxmasf.dll
    2008-01-22 11:05 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
    2008-01-22 11:05 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
    2008-01-22 11:05 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
    2008-01-22 11:05 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
    2008-01-22 11:05 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
    2008-01-22 11:05 16,896 ----a-w C:\Windows\System32\wfapigp.dll
    2008-01-22 11:05 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
    2008-01-22 11:03 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2008-01-22 11:03 8,704 ----a-w C:\Windows\System32\hcrstco.dll
    2008-01-22 11:03 8,704 ----a-w C:\Windows\System32\hccoin.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CF87193-FD1E-4400-863D-FD9AFC5F402F}]
    02/12/2008 02:11 AM 228352 --a------ C:\Windows\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
    08/24/2007 05:51 PM 316784 --a------ c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    02/01/2008 01:49 AM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7}]
    08/31/2007 10:32 AM 177504 --a------ c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
    {EF99BD32-C1FB-11D2-892F-0090271D4F88}

    [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [01/20/2008 01:23 AM 1232896]
    "HPAdvisor "= "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [10/01/2007 03:10 PM 1783136]
    "ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [11/02/2006 04:35 AM 125440]
    "DAEMON Tools "= "C:\Program Files\DAEMON Tools\daemon.exe" [04/03/2007 02:29 PM 165784]
    "ares "= "C:\Program Files\Ares\Ares.exe" [03/03/2007 07:31 AM 947712]
    "WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 04:36 AM 201728]
    "SUPERAntiSpyware "= "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM 1318912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvSvc "= "C:\Windows\system32\nvsvc.dll" [09/28/2007 12:06 AM 86016]
    "NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [09/28/2007 12:06 AM 8497696]
    "NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [09/28/2007 12:06 AM 81920]
    "SynTPStart "= "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [09/15/2007 12:29 AM 102400]
    "QPService "= "C:\Program Files\HP\QuickPlay\QPService.exe" [10/02/2007 09:00 PM 181544]
    "QlbCtrl "= "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [09/06/2007 01:46 PM 202032]
    "Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [10/24/2007 11:36 PM 1006264]
    "ccApp "= "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/31/2008 01:15 PM 51048]
    "hpqSRMon "= "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [08/22/2007 03:31 PM 80896]
    "HP Health Check Scheduler "= "[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
    "HP Software Update "= "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [05/08/2007 03:24 PM 54840]
    "hpWirelessAssistant "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [09/13/2007 07:47 AM 480560]
    "WAWifiMessage "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [01/08/2007 02:53 PM 311296]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 03:00 AM 132496]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/17/2008 02:44 PM 185896]
    "PC Booster "= "C:\Program Files\inKline Global\PC Booster\pcbooster.exe" [11/30/2007 05:16 PM 14450688]
    "QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [01/10/2008 03:27 PM 385024]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM 39792]
    "ISTray "= "C:\Program Files\Spyware Doctor\pctsTray.exe" [12/10/2007 02:53 PM 1103752]
    "Media Codec Update Service "= "C:\Program Files\Essentials Codec Pack\update.exe" [04/08/2007 08:44 AM 303104]
    "eXaMiNaToR "= "C:\Windows\system32\eXaMiNaToR\eXaMiNaToR.exe" [ ]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs "=0 (0x0)

    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080215.001\IDSvix86.sys [02/13/2008 08:18 AM]
    R2 LiveUpdate Notice;LiveUpdate Notice; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [01/31/2008 01:15 PM]
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [07/09/2007 03:27 PM]
    R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [05/30/2007 03:40 PM]
    R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [01/12/2008 06:32 PM]
    R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [02/16/2007 12:50 AM]
    R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [08/09/2007 02:27 PM]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [08/13/2007 10:50 AM]
    R3 USB_RNDIS_VISTA;Westell WireSpeed Dual Connect Modem;C:\Windows\system32\DRIVERS\usb8023.sys [11/02/2006 12:57 AM]
    S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [11/01/2006 11:30 PM]
    S3 GameConsoleService;GameConsoleService; "C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [01/29/2008 09:09 AM]
    S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [08/09/2007 02:27 PM]

    *Newly Created Service* - COMHOST
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-02-12 07:04:51 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Semoo.job "
    - c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
    "2008-02-16 11:00:00 C:\Windows\Tasks\SpywareRemover Scheduled Scan.job "
    - C:\Program Files\SpywareRemover\SpywareRemover.exe
    - C:\Program Files\SpywareRemover
    "2008-02-16 23:58:26 C:\Windows\Tasks\User_Feed_Synchronization-{E4C43625-9AC9-4017-84D2-7F1C69C17AFC}.job "
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-17 01:41:05
    Windows 6.0.6000 NTFS

    detected NTDLL code modification:
    ZwClose

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 02/17/2008 1:44:21
    ComboFix-quarantined-files.txt 2008-02-17 09:44:07
    .
    2008-02-16 11:04:58 --- E O F ---

    ----------------------------------------------------------------------------------------------------------------------------------------------------


    now this is HJT LOG

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:53:48 ?, on 17/02/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Windows\system32\taskeng.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {5CF87193-FD1E-4400-863D-FD9AFC5F402F} - C:\Windows\AcroIEHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
    O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
    O4 - HKLM\..\Run: [eXaMiNaToR] C:\Windows\system32\eXaMiNaToR\eXaMiNaToR.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
    O4 - Global Startup: Vongo Tray.lnk = ?
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
    O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://www.cherrytreeinn.com:8080/kxhcm10.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 11615 bytes

    THanx for taking the time to replay :)
     
    semoo201,
    #9
  11. 2008/02/16
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi semoo201

    Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
    Click here to see how to use CFScript.txt
    Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    Code:
    File::
C:\Windows\iun6002.exe

Folder::
C:\Program Files\SpywareRemover

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "eXaMiNaToR "=-
    Please post the new log.

    Thanks
    Geri
     
    Geri,
    #10
  12. 2008/02/17
    semoo201

    semoo201 Inactive Thread Starter

    Joined:
    2008/02/12
    Messages:
    7
    Likes Received:
    0
    hey Geri


    the problem have been fixed . no more pop ups .. i gratefully thank you for taking the time and helpin me out . much appriciated man ;)
     
    semoo201,
    #11
  13. 2008/02/17
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi semoo201

    OK glad to hear the pop ups are gone.

    Please post the logs CFscript log and a new HJT log.

    If they look ok then we'll run a on-line scan.

    Thanks
    Geri
     
    Geri,
    #12

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...