View Single Post

alyoob · 03-16-2008, 06:11 PM

ComboFix 08-03-14.4 - HP_Owner 2008-03-16 9:03:08.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.116 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))
.

2008-03-16 08:08 . 2008-03-16 08:08 <DIR> d----c--- C:\WINDOWS\ERUNT
2008-03-16 07:14 . 2008-03-16 08:23 <DIR> d----c--- C:\SDFix
2008-03-15 16:25 . 2008-03-15 16:25 16,648 -r-hs---- C:\Program Files\tmp15233375.exe
2008-03-15 16:25 . 2008-03-15 16:25 16,648 -r-hs---- C:\Program Files\tmp15228171.exe
2008-03-14 19:47 . 2008-03-14 19:47 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Grisoft
2008-03-14 19:46 . 2007-05-30 05:10 10,872 --a--c--- C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-14 12:52 . 2008-03-14 12:52 <DIR> d----c--- C:\WINDOWS\system32\NtmsData
2008-03-13 18:34 . 2008-03-13 19:16 <DIR> d-------- C:\Program Files\BitComet
2008-03-08 08:48 . 2008-03-08 08:50 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Cool Record Edit Pro
2008-03-08 08:46 . 2005-05-17 13:37 1,986,560 --a--c--- C:\WINDOWS\system32\NCTAudioFile2.dll
2008-03-08 08:46 . 2005-05-18 12:52 1,212,416 --a--c--- C:\WINDOWS\system32\NCTAudioInformation2.dll
2008-03-08 08:46 . 2005-04-15 13:08 880,640 --a--c--- C:\WINDOWS\system32\NCTAudioEditor2.dll
2008-03-08 08:46 . 2005-04-04 18:21 602,112 --a--c--- C:\WINDOWS\system32\NCTAudioTransform2.dll
2008-03-08 08:46 . 2005-03-28 16:54 479,232 --a--c--- C:\WINDOWS\system32\NCTAudioVisualization2.dll
2008-03-08 08:46 . 2005-04-25 14:01 458,752 --a--c--- C:\WINDOWS\system32\NCTAudioRecord2.dll
2008-03-08 08:46 . 2005-04-25 14:01 458,752 --a--c--- C:\WINDOWS\system32\NCTAudioPlayer2.dll
2008-03-08 08:46 . 2005-02-24 12:51 348,160 --a--c--- C:\WINDOWS\system32\NCTWMAFile2.dll
2008-03-08 08:27 . 2008-03-08 08:35 1,891 --a--c--- C:\WINDOWS\imsins.BAK
2008-03-08 08:12 . 2008-03-08 08:12 <DIR> d-------- C:\Program Files\Extension Changer
2008-02-28 11:01 . 2008-02-28 11:01 664 --a--c--- C:\WINDOWS\system32\d3d9caps.dat
2008-02-28 10:55 . 2004-09-24 03:49 49,152 -----c--- C:\WINDOWS\system32\SiSPower.dll
2008-02-28 10:48 . 2004-09-24 03:44 184,320 -----c--- C:\WINDOWS\system32\SiSApCom.dll
2008-02-28 10:48 . 2004-09-24 03:49 110,592 -----c--- C:\WINDOWS\system32\TVMode.dll
2008-02-28 10:48 . 2004-10-04 17:44 103,579 --a--c--- C:\WINDOWS\VGAsetup.ini
2008-02-28 10:47 . 2008-03-15 07:50 <DIR> d----c--- C:\WINDOWS\system32\trayres
2008-02-28 10:47 . 2008-02-28 14:12 381,000 --a--c--- C:\WINDOWS\system32\VGAunistlog.ini
2008-02-28 10:47 . 2004-09-24 03:47 331,776 --a--c--- C:\WINDOWS\system32\sistray.exe
2008-02-23 10:48 . 2007-10-12 16:14 3,734,536 --a--c--- C:\WINDOWS\system32\d3dx9_36.dll
2008-02-23 10:48 . 2007-10-12 16:14 1,374,232 --a--c--- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-02-23 10:48 . 2007-10-02 10:56 444,776 --a--c--- C:\WINDOWS\system32\d3dx10_36.dll
2008-02-23 10:48 . 2007-10-22 04:39 267,272 --a--c--- C:\WINDOWS\system32\xactengine2_10.dll
2008-02-23 10:48 . 2007-07-20 01:57 267,112 --a--c--- C:\WINDOWS\system32\xactengine2_9.dll
2008-02-23 10:46 . 2006-09-28 17:05 2,414,360 --a--c--- C:\WINDOWS\system32\d3dx9_31.dll
2008-02-20 19:05 . 2008-02-20 19:05 1,044,480 --a--c--- C:\WINDOWS\system32\libdivx.dll
2008-02-20 19:05 . 2008-02-20 19:05 200,704 --a--c--- C:\WINDOWS\system32\ssldivx.dll
2008-02-18 08:19 . 2008-02-19 09:09 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-15 23:24 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AVG7
2008-03-15 22:30 --------- d-----w C:\Program Files\Blubster
2008-03-15 16:19 34,458 -c--a-w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\wklnhst.dat
2008-03-15 15:25 --------- d-----w C:\Program Files\Java
2008-03-14 21:24 --------- d-----w C:\Program Files\WinClamAVShield
2008-03-14 21:23 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Spyware Terminator
2008-03-14 21:23 --------- d-----w C:\Program Files\Spyware Terminator
2008-03-11 14:32 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AdobeUM
2008-03-02 17:23 --------- d-----w C:\Program Files\DivX
2008-02-28 21:12 --------- d-----w C:\Program Files\SiS VGA Utilities V3.63
2008-02-26 20:41 5,745,779 ----a-w C:\WINDOWS\java\Packages\5F31ZBL7.ZIP
2008-02-26 06:10 --------- d-----w C:\Program Files\CA Yahoo! Anti-Spy
2008-02-26 05:40 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-24 17:10 --------- d-----w C:\Program Files\Zards software
2008-02-23 18:08 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-23 18:08 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-23 18:08 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-18 15:26 --------- d-----w C:\Program Files\Norton Security Scan
2008-02-10 19:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-10 15:05 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-10 15:04 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-10 14:59 691,545 -c--a-w C:\WINDOWS\unins000.exe
2008-02-09 16:40 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-09 16:37 --------- d-----w C:\Program Files\SpywareGuard
2008-02-08 04:37 65,549 -c--a-w C:\WINDOWS\BricoPackUninst.cmd
2008-02-08 04:37 6,128 -c--a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-02-08 04:37 218,624 -c--a-w C:\WINDOWS\system32\uxtheme.dll
2008-02-07 17:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-07 17:23 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-07 17:22 --------- dc----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-05 16:37 --------- dc----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-05 16:20 --------- d-----w C:\Program Files\CleanUp!
2008-02-03 17:15 --------- d-----w C:\Program Files\iTunes
2008-02-03 17:15 --------- d-----w C:\Program Files\iPod
2008-02-03 17:14 --------- d-----w C:\Program Files\QuickTime
2008-02-03 17:01 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Nero
2008-01-29 04:41 --------- d-----w C:\Program Files\MSBuild
2008-01-29 04:41 --------- d-----w C:\Program Files\Microsoft Works
2008-01-29 04:39 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-29 04:36 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-01-27 19:35 --------- dc----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-27 19:34 12,632 -c--a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-24 17:34 --------- d-----w C:\Program Files\Common Files\HP
2008-01-24 17:32 --------- d-----w C:\Program Files\HP
2008-01-24 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-01-24 16:57 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-24 16:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-21 22:18 --------- d-----w C:\Program Files\InterVideo
2008-01-21 03:53 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\ICAClient
2008-01-20 01:08 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-01-19 05:08 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\IObit
2008-01-19 05:06 --------- d-----w C:\Program Files\IObit
2008-01-15 05:21 47,360 -c--a-w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\pcouffin.sys
2008-01-13 02:39 0 -c--a-w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\FAVORITES.DAT
2008-01-13 02:38 25 -c--a-w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\RomInfo.dat
2007-12-19 02:45 16,750 -c--a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2007-12-17 15:47 572 -c--a-w C:\Documents and Settings\HP_Owner\RomInfo.dat
2007-07-05 23:03 47,104 -c--a-w C:\WINDOWS\Internet Logs\xDBAE.tmp
2007-07-05 23:03 1,686,016 -c--a-w C:\WINDOWS\Internet Logs\xDBAF.tmp
2007-07-05 18:48 39,424 -c--a-w C:\WINDOWS\Internet Logs\xDBAC.tmp
2007-07-05 18:48 1,675,264 -c--a-w C:\WINDOWS\Internet Logs\xDBAD.tmp
2007-07-05 17:00 1,673,216 -c--a-w C:\WINDOWS\Internet Logs\xDBAB.tmp
2007-07-05 16:42 1,670,144 -c--a-w C:\WINDOWS\Internet Logs\xDBAA.tmp
2007-07-05 16:29 41,984 -c--a-w C:\WINDOWS\Internet Logs\xDBA8.tmp
2007-07-05 16:28 1,668,096 -c--a-w C:\WINDOWS\Internet Logs\xDBA9.tmp
2007-07-05 03:29 1,667,584 -c--a-w C:\WINDOWS\Internet Logs\xDBA7.tmp
2007-07-05 00:40 33,792 -c--a-w C:\WINDOWS\Internet Logs\xDBA6.tmp
2007-07-04 21:11 23,552 -c--a-w C:\WINDOWS\Internet Logs\xDBA5.tmp
2007-07-04 20:51 34,304 -c--a-w C:\WINDOWS\Internet Logs\xDBA4.tmp
2007-07-04 15:37 31,744 -c--a-w C:\WINDOWS\Internet Logs\xDBA3.tmp
2007-07-04 05:21 40,960 -c--a-w C:\WINDOWS\Internet Logs\xDBA1.tmp
2007-07-04 05:21 1,659,392 -c--a-w C:\WINDOWS\Internet Logs\xDBA2.tmp
2007-07-03 22:58 36,864 -c--a-w C:\WINDOWS\Internet Logs\xDBA0.tmp
2007-07-03 15:41 42,496 -c--a-w C:\WINDOWS\Internet Logs\xDB9F.tmp
2007-07-03 02:53 28,160 -c--a-w C:\WINDOWS\Internet Logs\xDB9E.tmp
2007-07-03 01:45 39,936 -c--a-w C:\WINDOWS\Internet Logs\xDB9D.tmp
2007-07-02 21:36 53,248 -c--a-w C:\WINDOWS\Internet Logs\xDB9C.tmp
2007-07-02 18:46 32,768 -c--a-w C:\WINDOWS\Internet Logs\xDB9A.tmp
2007-07-02 18:46 1,623,552 -c--a-w C:\WINDOWS\Internet Logs\xDB9B.tmp
2007-07-02 15:27 25,600 -c--a-w C:\WINDOWS\Internet Logs\xDB99.tmp
2007-07-02 14:52 65,024 -c--a-w C:\WINDOWS\Internet Logs\xDB97.tmp
2007-07-02 14:52 1,614,848 -c--a-w C:\WINDOWS\Internet Logs\xDB98.tmp
2007-07-02 03:08 41,984 -c--a-w C:\WINDOWS\Internet Logs\xDB94.tmp
2007-07-02 03:08 1,628,672 -c--a-w C:\WINDOWS\Internet Logs\xDB95.tmp
2007-07-02 02:23 40,960 -c--a-w C:\WINDOWS\Internet Logs\xDB92.tmp
2007-07-02 02:23 1,616,384 -c--a-w C:\WINDOWS\Internet Logs\xDB93.tmp
2007-07-02 01:08 28,672 -c--a-w C:\WINDOWS\Internet Logs\xDB91.tmp
2007-07-02 00:36 65,024 -c--a-w C:\WINDOWS\Internet Logs\xDB8F.tmp
2007-07-02 00:36 1,611,776 -c--a-w C:\WINDOWS\Internet Logs\xDB90.tmp
2007-07-01 23:33 1,610,752 -c--a-w C:\WINDOWS\Internet Logs\xDB8E.tmp
2007-07-01 17:13 31,232 -c--a-w C:\WINDOWS\Internet Logs\xDB8C.tmp
2007-07-01 17:13 1,604,096 -c--a-w C:\WINDOWS\Internet Logs\xDB8D.tmp
2007-07-01 05:08 69,120 -c--a-w C:\WINDOWS\Internet Logs\xDB8A.tmp
2007-07-01 05:07 1,603,072 -c--a-w C:\WINDOWS\Internet Logs\xDB8B.tmp
2007-06-30 06:27 1,602,048 -c--a-w C:\WINDOWS\Internet Logs\xDB89.tmp
2007-06-29 16:10 1,597,440 -c--a-w C:\WINDOWS\Internet Logs\xDB96.tmp
2007-06-29 07:00 88,064 -c--a-w C:\WINDOWS\Internet Logs\xDB87.tmp
2007-06-29 07:00 1,596,928 -c--a-w C:\WINDOWS\Internet Logs\xDB88.tmp
2007-06-29 03:59 45,568 -c--a-w C:\WINDOWS\Internet Logs\xDB86.tmp
2007-06-28 22:36 41,472 -c--a-w C:\WINDOWS\Internet Logs\xDB84.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43 233472]
"SiSPower"="SiSPower.dll" [2004-09-24 03:49 49152 C:\WINDOWS\system32\SiSPower.dll]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 17:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57 81920]
"SmartRAM"="C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 17:43 662016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-30 15:26 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-07 10:23 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner.YOUR-03667082DE^Start Menu^Programs^Startup^RocketDock.lnk]
path=C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Start Menu\Programs\Startup\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner.YOUR-03667082DE^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner.YOUR-03667082DE^Start Menu^Programs^Startup^TransBar.lnk]
path=C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Start Menu\Programs\Startup\TransBar.lnk
backup=C:\WINDOWS\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner.YOUR-03667082DE^Start Menu^Programs^Startup^UberIcon.lnk]
path=C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Start Menu\Programs\Startup\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner.YOUR-03667082DE^Start Menu^Programs^Startup^Y'z Shadow.lnk]
path=C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Start Menu\Programs\Startup\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 02:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antiviirus]
C:\Program Files\antiviirus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a--c--- 2005-07-12 06:17 50776 C:\Program Files\America Online 9.0\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar]
c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-02-07 10:23 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run]
--a------ 2008-02-07 10:23 219136 C:\PROGRA~1\Grisoft\AVG7\avgw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1199309204\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 16:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
--a--c--- 2004-06-07 18:42 659456 C:\WINDOWS\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
--a------ 2004-06-07 18:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-07 16:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a--c--- 2004-08-20 22:55 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2004-04-17 13:41 196608 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 04:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2004-10-14 21:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2003-12-18 00:31 118784 C:\Windows\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a--c--- 2007-11-04 13:21 2832384 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a--c--- 2006-10-18 12:36 1294336 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-30 15:26 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 08:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a--c--- 2006-11-03 19:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVG Anti-Spyware Guard"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Blubster\\Blubster.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-12-28 20:53]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe []

.
Contents of the 'Scheduled Tasks' folder
"2008-03-12 01:55:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-16 15:54:56 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-15 01:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 09:07:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\WinRAR\rarext.dll
.
Completion time: 2008-03-16 9:10:38
.
2007-12-27 05:09:38 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:40 AM, on 3/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops....gi3.0.84.2.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7518 bytes

03-16-2008, 06:11 PM	#8 (permalink)
alyoob Silver Member Join Date: Sep 2005 Age: 22 Posts: 163	combofix and hijacklog ComboFix 08-03-14.4 - HP_Owner 2008-03-16 9:03:08.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.116 [GMT -7:00] Running from: C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 ))))))))))))))))))))))))))))))) . 2008-03-16 08:08 . 2008-03-16 08:08 <DIR> d----c--- C:\WINDOWS\ERUNT 2008-03-16 07:14 . 2008-03-16 08:23 <DIR> d----c--- C:\SDFix 2008-03-15 16:25 . 2008-03-15 16:25 16,648 -r-hs---- C:\Program Files\tmp15233375.exe 2008-03-15 16:25 . 2008-03-15 16:25 16,648 -r-hs---- C:\Program Files\tmp15228171.exe 2008-03-14 19:47 . 2008-03-14 19:47 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Grisoft 2008-03-14 19:46 . 2007-05-30 05:10 10,872 --a--c--- C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-03-14 12:52 . 2008-03-14 12:52 <DIR> d----c--- C:\WINDOWS\system32\NtmsData 2008-03-13 18:34 . 2008-03-13 19:16 <DIR> d-------- C:\Program Files\BitComet 2008-03-08 08:48 . 2008-03-08 08:50 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Cool Record Edit Pro 2008-03-08 08:46 . 2005-05-17 13:37 1,986,560 --a--c--- C:\WINDOWS\system32\NCTAudioFile2.dll 2008-03-08 08:46 . 2005-05-18 12:52 1,212,416 --a--c--- C:\WINDOWS\system32\NCTAudioInformation2.dll 2008-03-08 08:46 . 2005-04-15 13:08 880,640 --a--c--- C:\WINDOWS\system32\NCTAudioEditor2.dll 2008-03-08 08:46 . 2005-04-04 18:21 602,112 --a--c--- C:\WINDOWS\system32\NCTAudioTransform2.dll 2008-03-08 08:46 . 2005-03-28 16:54 479,232 --a--c--- C:\WINDOWS\system32\NCTAudioVisualization2.dll 2008-03-08 08:46 . 2005-04-25 14:01 458,752 --a--c--- C:\WINDOWS\system32\NCTAudioRecord2.dll 2008-03-08 08:46 . 2005-04-25 14:01 458,752 --a--c--- C:\WINDOWS\system32\NCTAudioPlayer2.dll 2008-03-08 08:46 . 2005-02-24 12:51 348,160 --a--c--- C:\WINDOWS\system32\NCTWMAFile2.dll 2008-03-08 08:27 . 2008-03-08 08:35 1,891 --a--c--- C:\WINDOWS\imsins.BAK 2008-03-08 08:12 . 2008-03-08 08:12 <DIR> d-------- C:\Program Files\Extension Changer 2008-02-28 11:01 . 2008-02-28 11:01 664 --a--c--- C:\WINDOWS\system32\d3d9caps.dat 2008-02-28 10:55 . 2004-09-24 03:49 49,152 -----c--- C:\WINDOWS\system32\SiSPower.dll 2008-02-28 10:48 . 2004-09-24 03:44 184,320 -----c--- C:\WINDOWS\system32\SiSApCom.dll 2008-02-28 10:48 . 2004-09-24 03:49 110,592 -----c--- C:\WINDOWS\system32\TVMode.dll 2008-02-28 10:48 . 2004-10-04 17:44 103,579 --a--c--- C:\WINDOWS\VGAsetup.ini 2008-02-28 10:47 . 2008-03-15 07:50 <DIR> d----c--- C:\WINDOWS\system32\trayres 2008-02-28 10:47 . 2008-02-28 14:12 381,000 --a--c--- C:\WINDOWS\system32\VGAunistlog.ini 2008-02-28 10:47 . 2004-09-24 03:47 331,776 --a--c--- C:\WINDOWS\system32\sistray.exe 2008-02-23 10:48 . 2007-10-12 16:14 3,734,536 --a--c--- C:\WINDOWS\system32\d3dx9_36.dll 2008-02-23 10:48 . 2007-10-12 16:14 1,374,232 --a--c--- C:\WINDOWS\system32\D3DCompiler_36.dll 2008-02-23 10:48 . 2007-10-02 10:56 444,776 --a--c--- C:\WINDOWS\system32\d3dx10_36.dll 2008-02-23 10:48 . 2007-10-22 04:39 267,272 --a--c--- C:\WINDOWS\system32\xactengine2_10.dll 2008-02-23 10:48 . 2007-07-20 01:57 267,112 --a--c--- C:\WINDOWS\system32\xactengine2_9.dll 2008-02-23 10:46 . 2006-09-28 17:05 2,414,360 --a--c--- C:\WINDOWS\system32\d3dx9_31.dll 2008-02-20 19:05 . 2008-02-20 19:05 1,044,480 --a--c--- C:\WINDOWS\system32\libdivx.dll 2008-02-20 19:05 . 2008-02-20 19:05 200,704 --a--c--- C:\WINDOWS\system32\ssldivx.dll 2008-02-18 08:19 . 2008-02-19 09:09 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-03-15 23:24 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AVG7 2008-03-15 22:30 --------- d-----w C:\Program Files\Blubster 2008-03-15 16:19 34,458 -c--a-w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\wklnhst.dat 2008-03-15 15:25 --------- d-----w C:\Program Files\Java 2008-03-14 21:24 --------- d-----w C:\Program Files\WinClamAVShield 2008-03-14 21:23 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Spyware Terminator 2008-03-14 21:23 --------- d-----w C:\Program Files\Spyware Terminator 2008-03-11 14:32 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AdobeUM 2008-03-02 17:23 --------- d-----w C:\Program Files\DivX 2008-02-28 21:12 --------- d-----w C:\Program Files\SiS VGA Utilities V3.63 2008-02-26 20:41 5,745,779 ----a-w C:\WINDOWS\java\Packages\5F31ZBL7.ZIP 2008-02-26 06:10 --------- d-----w C:\Program Files\CA Yahoo! Anti-Spy 2008-02-26 05:40 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-02-24 17:10 --------- d-----w C:\Program Files\Zards software 2008-02-23 18:08 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL OCP 2008-02-23 18:08 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL 2008-02-23 18:08 --------- d-----w C:\Program Files\Common Files\AOL 2008-02-18 15:26 --------- d-----w C:\Program Files\Norton Security Scan 2008-02-10 19:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-02-10 15:05 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-10 15:04 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-10 14:59 691,545 -c--a-w C:\WINDOWS\unins000.exe 2008-02-09 16:40 --------- d-----w C:\Program Files\SpywareBlaster 2008-02-09 16:37 --------- d-----w C:\Program Files\SpywareGuard 2008-02-08 04:37 65,549 -c--a-w C:\WINDOWS\BricoPackUninst.cmd 2008-02-08 04:37 6,128 -c--a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-02-08 04:37 218,624 -c--a-w C:\WINDOWS\system32\uxtheme.dll 2008-02-07 17:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\Avg7 2008-02-07 17:23 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7 2008-02-07 17:22 --------- dc----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-05 16:37 --------- dc----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-02-05 16:20 --------- d-----w C:\Program Files\CleanUp! 2008-02-03 17:15 --------- d-----w C:\Program Files\iTunes 2008-02-03 17:15 --------- d-----w C:\Program Files\iPod 2008-02-03 17:14 --------- d-----w C:\Program Files\QuickTime 2008-02-03 17:01 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Nero 2008-01-29 04:41 --------- d-----w C:\Program Files\MSBuild 2008-01-29 04:41 --------- d-----w C:\Program Files\Microsoft Works 2008-01-29 04:39 --------- d-----w C:\Program Files\Microsoft.NET 2008-01-29 04:36 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-01-27 19:35 --------- dc----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-27 19:34 12,632 -c--a-w C:\WINDOWS\system32\lsdelete.exe 2008-01-24 17:34 --------- d-----w C:\Program Files\Common Files\HP 2008-01-24 17:32 --------- d-----w C:\Program Files\HP 2008-01-24 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard 2008-01-24 16:57 --------- d-----w C:\Program Files\Hewlett-Packard 2008-01-24 16:56 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-21 22:18 --------- d-----w C:\Program Files\InterVideo 2008-01-21 03:53 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\ICAClient 2008-01-20 01:08 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2008-01-19 05:08 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\IObit 2008-01-19 05:06 --------- d-----w C:\Program Files\IObit 2008-01-15 05:21 47,360 -c--a-w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\pcouffin.sys 2008-01-13 02:39 0 -c--a-w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\FAVORITES.DAT 2008-01-13 02:38 25 -c--a-w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\RomInfo.dat 2007-12-19 02:45 16,750 -c--a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat 2007-12-17 15:47 572 -c--a-w C:\Documents and Settings\HP_Owner\RomInfo.dat 2007-07-05 23:03 47,104 -c--a-w C:\WINDOWS\Internet Logs\xDBAE.tmp 2007-07-05 23:03 1,686,016 -c--a-w C:\WINDOWS\Internet Logs\xDBAF.tmp 2007-07-05 18:48 39,424 -c--a-w C:\WINDOWS\Internet Logs\xDBAC.tmp 2007-07-05 18:48 1,675,264 -c--a-w C:\WINDOWS\Internet Logs\xDBAD.tmp 2007-07-05 17:00 1,673,216 -c--a-w C:\WINDOWS\Internet Logs\xDBAB.tmp 2007-07-05 16:42 1,670,144 -c--a-w C:\WINDOWS\Internet Logs\xDBAA.tmp 2007-07-05 16:29 41,984 -c--a-w C:\WINDOWS\Internet Logs\xDBA8.tmp 2007-07-05 16:28 1,668,096 -c--a-w C:\WINDOWS\Internet Logs\xDBA9.tmp 2007-07-05 03:29 1,667,584 -c--a-w C:\WINDOWS\Internet Logs\xDBA7.tmp 2007-07-05 00:40 33,792 -c--a-w C:\WINDOWS\Internet Logs\xDBA6.tmp 2007-07-04 21:11 23,552 -c--a-w C:\WINDOWS\Internet Logs\xDBA5.tmp 2007-07-04 20:51 34,304 -c--a-w C:\WINDOWS\Internet Logs\xDBA4.tmp 2007-07-04 15:37 31,744 -c--a-w C:\WINDOWS\Internet Logs\xDBA3.tmp 2007-07-04 05:21 40,960 -c--a-w C:\WINDOWS\Internet Logs\xDBA1.tmp 2007-07-04 05:21 1,659,392 -c--a-w C:\WINDOWS\Internet Logs\xDBA2.tmp 2007-07-03 22:58 36,864 -c--a-w C:\WINDOWS\Internet Logs\xDBA0.tmp 2007-07-03 15:41 42,496 -c--a-w C:\WINDOWS\Internet Logs\xDB9F.tmp 2007-07-03 02:53 28,160 -c--a-w C:\WINDOWS\Internet Logs\xDB9E.tmp 2007-07-03 01:45 39,936 -c--a-w C:\WINDOWS\Internet Logs\xDB9D.tmp 2007-07-02 21:36 53,248 -c--a-w C:\WINDOWS\Internet Logs\xDB9C.tmp 2007-07-02 18:46 32,768 -c--a-w C:\WINDOWS\Internet Logs\xDB9A.tmp 2007-07-02 18:46 1,623,552 -c--a-w C:\WINDOWS\Internet Logs\xDB9B.tmp 2007-07-02 15:27 25,600 -c--a-w C:\WINDOWS\Internet Logs\xDB99.tmp 2007-07-02 14:52 65,024 -c--a-w C:\WINDOWS\Internet Logs\xDB97.tmp 2007-07-02 14:52 1,614,848 -c--a-w C:\WINDOWS\Internet Logs\xDB98.tmp 2007-07-02 03:08 41,984 -c--a-w C:\WINDOWS\Internet Logs\xDB94.tmp 2007-07-02 03:08 1,628,672 -c--a-w C:\WINDOWS\Internet Logs\xDB95.tmp 2007-07-02 02:23 40,960 -c--a-w C:\WINDOWS\Internet Logs\xDB92.tmp 2007-07-02 02:23 1,616,384 -c--a-w C:\WINDOWS\Internet Logs\xDB93.tmp 2007-07-02 01:08 28,672 -c--a-w C:\WINDOWS\Internet Logs\xDB91.tmp 2007-07-02 00:36 65,024 -c--a-w C:\WINDOWS\Internet Logs\xDB8F.tmp 2007-07-02 00:36 1,611,776 -c--a-w C:\WINDOWS\Internet Logs\xDB90.tmp 2007-07-01 23:33 1,610,752 -c--a-w C:\WINDOWS\Internet Logs\xDB8E.tmp 2007-07-01 17:13 31,232 -c--a-w C:\WINDOWS\Internet Logs\xDB8C.tmp 2007-07-01 17:13 1,604,096 -c--a-w C:\WINDOWS\Internet Logs\xDB8D.tmp 2007-07-01 05:08 69,120 -c--a-w C:\WINDOWS\Internet Logs\xDB8A.tmp 2007-07-01 05:07 1,603,072 -c--a-w C:\WINDOWS\Internet Logs\xDB8B.tmp 2007-06-30 06:27 1,602,048 -c--a-w C:\WINDOWS\Internet Logs\xDB89.tmp 2007-06-29 16:10 1,597,440 -c--a-w C:\WINDOWS\Internet Logs\xDB96.tmp 2007-06-29 07:00 88,064 -c--a-w C:\WINDOWS\Internet Logs\xDB87.tmp 2007-06-29 07:00 1,596,928 -c--a-w C:\WINDOWS\Internet Logs\xDB88.tmp 2007-06-29 03:59 45,568 -c--a-w C:\WINDOWS\Internet Logs\xDB86.tmp 2007-06-28 22:36 41,472 -c--a-w C:\WINDOWS\Internet Logs\xDB84.tmp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02 61440] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43 233472] "SiSPower"="SiSPower.dll" [2004-09-24 03:49 49152 C:\WINDOWS\system32\SiSPower.dll] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 17:06 88363 C:\WINDOWS\AGRSMMSG.exe] "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57 81920] "SmartRAM"="C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 17:43 662016] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-30 15:26 185896] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-07 10:23 219136] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner.YOUR-03667082DE^Start Menu^Programs^Startup^RocketDock.lnk] path=C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Start Menu\Programs\Startup\RocketDock.lnk backup=C:\WINDOWS\pss\RocketDock.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner.YOUR-03667082DE^Start Menu^Programs^Startup^SpywareGuard.lnk] path=C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Start Menu\Programs\Startup\SpywareGuard.lnk backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner.YOUR-03667082DE^Start Menu^Programs^Startup^TransBar.lnk] path=C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Start Menu\Programs\Startup\TransBar.lnk backup=C:\WINDOWS\pss\TransBar.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner.YOUR-03667082DE^Start Menu^Programs^Startup^UberIcon.lnk] path=C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Start Menu\Programs\Startup\UberIcon.lnk backup=C:\WINDOWS\pss\UberIcon.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner.YOUR-03667082DE^Start Menu^Programs^Startup^Y'z Shadow.lnk] path=C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Start Menu\Programs\Startup\Y'z Shadow.lnk backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] --a------ 2007-06-11 02:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antiviirus] C:\Program Files\antiviirus.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start] --a--c--- 2005-07-12 06:17 50776 C:\Program Files\America Online 9.0\AOL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] --a------ 2008-02-07 10:23 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run] --a------ 2008-02-07 10:23 219136 C:\PROGRA~1\Grisoft\AVG7\avgw.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] C:\Program Files\Common Files\AOL\1199309204\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2004-09-13 16:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06] --a--c--- 2004-06-07 18:42 659456 C:\WINDOWS\system32\hphmon06.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06] --a------ 2004-06-07 18:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] --a------ 1998-05-07 16:04 52736 c:\windows\system\hpsysdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a--c--- 2004-08-20 22:55 155648 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a--c--- 2004-04-17 13:41 196608 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-01-15 04:22 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher] --a------ 2004-10-14 21:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] --a------ 2003-12-18 00:31 118784 C:\Windows\Creator\Remind_XP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator] --a--c--- 2007-11-04 13:21 2832384 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a--c--- 2006-10-18 12:36 1294336 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-12-30 15:26 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] --a------ 2003-08-19 08:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a--c--- 2006-11-03 19:20 866584 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-08-30 18:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AVG Anti-Spyware Guard"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Blubster\\Blubster.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\America Online 9.0\\waol.exe"= R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-12-28 20:53] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe [] . Contents of the 'Scheduled Tasks' folder "2008-03-12 01:55:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-03-16 15:54:56 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2008-03-15 01:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe . ************************************************ ******************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-16 09:07:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************** ********************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\Program Files\WinRAR\rarext.dll . Completion time: 2008-03-16 9:10:38 . 2007-12-27 05:09:38 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:14:40 AM, on 3/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops....gi3.0.84.2.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 7518 bytes Last edited by alyoob; 03-16-2008 at 06:15 PM.