Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Jr Virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 mtlman26

mtlman26

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Location:NY
  • Local time:01:57 AM

Posted 18 May 2008 - 02:54 PM

here are the logs for my tesslar a and fishdown g trojan The first one is a hijack log ( space ) 2nd combofix (please help)


ogfile of HijackThis v1.99.1
Scan saved at 9:18:31 PM, on 5/17/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\aol\1177177124\ee\aolsoftware.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\iWin Games\DesktopAlerts\DesktopAlerts.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\google\googletoolbar2user.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe -boot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1177177124\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Ceedo AutoDetect] C:\Users\Jim\AppData\Local\Temp\AutoDetect.exe /active
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: iWin Desktop Alerts.lnk = C:\ProgramData\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Magic%20Match%20Adventures/Images/stg_drm.ocx
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...S/wlscctrl2.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\Windows\system32\drivers\CDAC11BA.EXE
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\Windows\SYSTEM32\LxrSII1s.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe



omboFix 08-05-15.3 - Jim 2008-05-18 0:01:19.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.658 [GMT -4:00]
Running from: C:\Users\Jim\Downloads\ComboFix2222.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\FunWebProducts
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Temp\1cb
C:\temp\tn3
C:\Users\Jim\AppData\Roaming\inst.exe
C:\Windows\Downloaded Program Files\setup.inf
C:\Windows\system32\dFrnx05
C:\Windows\system32\dFrnx05\dFrnx051080.exe
C:\Windows\system32\f3PSSavr.scr
C:\Windows\system32\MSINET.oca
C:\Windows\system32\pac.txt
C:\Windows\system32\x64
D:\Autorun.inf
C:\Windows\system32\drivers\core.cache.dsk . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.
2008-05-17 22:55 . 2007-11-27 22:45 91,200 --a------ C:\Windows\System32\drivers\msfwdrv.sys
2008-05-17 22:55 . 2007-11-27 22:44 37,440 --a------ C:\Windows\System32\drivers\msfwhlpr.sys
2008-05-17 22:54 . 2007-07-06 15:09 70,928 --a------ C:\Windows\System32\drivers\MpFilter.sys
2008-05-17 22:45 . 2008-05-17 23:02 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-05-17 22:38 . 2008-05-17 22:38 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-05-17 22:37 . 2008-05-17 22:37 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-05-17 22:30 . 2008-05-17 22:30 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-17 22:11 . 2008-05-17 22:34 <DIR> d-------- C:\Program Files\Windows Live
2008-05-17 22:11 . 2008-05-17 22:19 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-17 22:10 . 2008-05-17 22:41 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-05-17 22:10 . 2008-05-17 22:41 <DIR> d-------- C:\ProgramData\WLInstaller
2008-05-17 21:49 . 2008-05-17 21:49 <DIR> d-------- C:\Program Files\Unlocker
2008-05-17 20:47 . 2008-05-17 20:50 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-05-17 19:42 . 2008-05-17 19:43 210,086,171 --a------ C:\Windows\MEMORY.DMP
2008-05-17 18:14 . 2008-05-17 18:14 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-05-17 18:14 . 2008-05-17 18:16 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-05-17 10:26 . 2008-05-17 10:26 <DIR> d-------- C:\Users\Jim\AppData\Roaming\SUPERAntiSpyware.com
2008-05-17 10:26 . 2008-05-17 10:26 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-17 10:26 . 2008-05-17 10:26 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-05-17 10:26 . 2008-05-17 19:54 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-17 10:25 . 2008-05-17 10:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-17 10:19 . 2008-05-17 10:19 <DIR> d-------- C:\Program Files\CCleaner
2008-05-16 13:35 . 2008-05-16 13:35 675,328 --a------ C:\Windows\is-MUREL.exe
2008-05-16 13:35 . 2002-01-19 23:10 597,834 --a------ C:\Windows\System32\AS-IFce1.ocx
2008-05-16 13:35 . 2004-02-05 20:53 389,120 --a------ C:\Windows\System32\actskn43.ocx
2008-05-16 13:35 . 2002-01-05 16:37 344,064 --a------ C:\Windows\System32\Msvcr70.dll
2008-05-16 13:35 . 2004-01-09 10:54 188,416 --a------ C:\Windows\System32\actsplash.ocx
2008-05-16 13:35 . 1999-05-06 22:00 140,288 --a------ C:\Windows\System32\comdlg32.ocx
2008-05-16 13:35 . 2003-06-23 01:31 65,536 --a------ C:\Windows\System32\vbalProgBar6.ocx
2008-05-16 13:35 . 2008-05-16 13:35 10,453 --a------ C:\Windows\is-MUREL.msg
2008-05-16 13:35 . 2008-05-16 13:35 939 --a------ C:\Windows\is-MUREL.lst
2008-05-16 13:34 . 2005-08-27 02:38 1,435,272 --a------ C:\Windows\System32\Flash8.ocx
2008-05-16 13:34 . 2002-03-04 12:27 1,140,472 --a------ C:\Windows\System32\IGUltraGrid20.ocx
2008-05-16 13:34 . 2003-11-19 13:59 512,688 --a------ C:\Windows\System32\XceedCry.dll
2008-05-16 13:34 . 2004-03-08 23:00 131,856 --a------ C:\Windows\System32\MSADODC.ocx
2008-05-16 13:34 . 2000-07-15 05:00 101,888 --a------ C:\Windows\System32\VB6STKIT.DLL
2008-05-16 13:34 . 1999-01-26 19:36 11,012 --a------ C:\Windows\System32\threadapi.tlb
2008-05-15 15:47 . 2008-05-15 15:47 <DIR> d-------- C:\Users\All Users\vsosdk
2008-05-15 15:47 . 2008-05-15 15:47 <DIR> d-------- C:\ProgramData\vsosdk
2008-05-14 20:33 . 2008-05-15 16:46 <DIR> d-------- C:\Users\Jim\AppData\Roaming\Vso
2008-05-14 20:33 . 2008-05-14 20:33 <DIR> d-------- C:\Program Files\VSO
2008-05-14 20:33 . 2004-05-04 12:53 1,645,320 --a------ C:\Windows\gdiplus.dll
2008-05-14 20:33 . 2006-05-20 17:16 1,184,984 --a------ C:\Windows\System32\wvc1dmod.dll
2008-05-14 20:33 . 2006-05-11 20:21 626,688 --a------ C:\Windows\System32\vp7vfw.dll
2008-05-14 20:33 . 2006-09-29 13:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2008-05-14 20:33 . 2006-09-29 13:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2008-05-14 20:33 . 2006-09-29 13:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2008-05-14 20:33 . 2007-03-18 21:37 65,602 --a------ C:\Windows\System32\cook3260.dll
2008-05-14 20:33 . 2008-05-14 20:33 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2008-05-14 20:33 . 2008-05-14 20:33 47,360 --a------ C:\Users\Jim\AppData\Roaming\pcouffin.sys
2008-05-14 11:45 . 2008-05-14 11:45 373 --a------ C:\Windows\System32\MRT.INI
2008-05-13 21:14 . 2008-05-13 21:14 <DIR> d-------- C:\Windows\System32\polX
2008-05-13 21:14 . 2008-05-13 21:14 <DIR> d-------- C:\Windows\System32\GUI2
2008-05-13 21:14 . 2008-05-16 18:09 <DIR> d-------- C:\Windows\System32\binR
2008-05-13 21:14 . 2008-05-13 21:14 <DIR> d-------- C:\Program Files\winvi
2008-05-13 21:14 . 2008-05-17 10:33 167,545 --------- C:\Windows\System32\drivers\core.cache.dsk
2008-05-13 21:14 . 2008-05-13 21:14 86,144 --a------ C:\Windows\System32\drivers\Dumpataa.sys
2008-05-13 21:13 . 2008-05-13 21:14 <DIR> d-------- C:\Windows\System32\3036a
2008-05-13 21:13 . 2008-05-13 21:14 <DIR> d-------- C:\Temp\tmpvc14
2008-05-13 21:13 . 2008-05-18 00:02 <DIR> d-------- C:\Temp
2008-05-13 21:13 . 2008-05-13 21:13 494,165 --a------ C:\Temp\dUbc1002.exe
2008-05-11 14:56 . 2008-05-11 17:44 <DIR> d-------- C:\divx
2008-05-11 14:04 . 2008-05-11 14:46 <DIR> d-------- C:\Users\Jim\AppData\Roaming\Azureus
2008-05-11 14:04 . 2008-05-11 14:04 <DIR> d-------- C:\Users\All Users\Azureus
2008-05-11 14:04 . 2008-05-11 14:04 <DIR> d-------- C:\ProgramData\Azureus
2008-05-11 12:44 . 2008-05-11 12:44 <DIR> d-------- C:\Program Files\Windows Media Components
2008-05-07 11:15 . 2008-05-07 11:15 414,272 --a------ C:\Windows\System32\DivXc32f.dll
2008-05-07 11:15 . 2008-05-07 11:15 414,272 --a------ C:\Windows\System32\DivXc32.dll
2008-05-07 11:15 . 2008-05-07 11:15 291,408 --a------ C:\Windows\System32\DivXa32.acm
2008-05-07 11:15 . 2008-05-07 11:15 240,400 --a------ C:\Windows\System32\DivX_c32.ax
2008-05-05 13:37 . 2008-05-05 13:37 <DIR> d-------- C:\Users\Jim\AppData\Roaming\Ludia
2008-05-05 13:37 . 2008-05-05 13:37 <DIR> d-------- C:\Users\All Users\Ludia
2008-05-05 13:37 . 2008-05-05 13:37 <DIR> d-------- C:\ProgramData\Ludia
2008-05-05 13:09 . 2008-05-05 13:09 <DIR> d-------- C:\Users\Jim\AppData\Roaming\ScreenSeven
2008-05-04 10:20 . 2008-05-04 10:47 <DIR> d-------- C:\Program Files\uTorrent
2008-05-02 16:02 . 2008-05-17 22:54 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-05-01 20:12 . 2008-05-01 20:12 <DIR> d-------- C:\Program Files\alot
2008-05-01 15:02 . 2008-05-01 15:04 <DIR> d-------- C:\Program Files\PoshShop_at
2008-04-29 19:56 . 2008-04-29 19:56 245,664 --a------ C:\Windows\System32\ZuneWlanCfgSvc.exe
2008-04-27 09:51 . 2008-04-27 09:51 <DIR> d-------- C:\Windows\Start Menu
2008-04-27 09:51 . 2008-05-01 15:32 <DIR> d-------- C:\Windows\Desktop
2008-04-25 11:20 . 2008-04-25 12:24 <DIR> d-------- C:\Program Files\Magic Match The Genies Journey
2008-04-23 09:10 . 2008-04-23 09:10 <DIR> d-------- C:\Users\Jim\AppData\Roaming\Total Eclipse
2008-04-22 17:21 . 2008-05-02 10:21 <DIR> d-------- C:\Users\Jim\new music
2008-04-21 08:32 . 2008-05-17 19:40 <DIR> d-------- C:\Program Files\RealArcade
2008-04-21 08:25 . 2008-04-21 08:25 <DIR> d-------- C:\Users\All Users\Intenium
2008-04-21 08:25 . 2008-04-21 08:25 <DIR> d-------- C:\ProgramData\Intenium
2008-04-20 17:51 . 2008-04-20 17:51 476,850 --a------ C:\Users\Jim\realarcade_en.exe
2008-04-18 16:56 . 2008-05-17 19:40 <DIR> d-------- C:\Program Files\Zune
2008-04-18 11:05 . 2008-04-18 11:05 <DIR> d-------- C:\Program Files\MSECache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 03:05 --------- d-----w C:\ProgramData\iWin Games
2008-05-18 00:48 --------- d-----w C:\ProgramData\Google Updater
2008-05-18 00:41 --------- d-----w C:\Program Files\Google
2008-05-18 00:10 --------- d-----w C:\Program Files\Picasa2
2008-05-17 23:40 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-05-17 23:40 --------- d-----w C:\ProgramData\AOL
2008-05-17 23:40 --------- d-----w C:\Program Files\Windows Mail
2008-05-17 23:40 --------- d-----w C:\Program Files\DivX
2008-05-17 23:40 --------- d-----w C:\Program Files\913D Camera
2008-05-17 20:09 --------- d-----w C:\Users\Amarie\AppData\Roaming\LimeWire
2008-05-14 20:55 --------- d-----w C:\Program Files\iWin.com
2008-05-14 20:55 --------- d-----w C:\Program Files\BoontyGames
2008-05-14 01:11 --------- d-----w C:\Users\Jim\AppData\Roaming\LimeWire
2008-05-13 10:57 --------- d---a-w C:\ProgramData\TEMP
2008-05-08 16:43 --------- d-----w C:\Users\Jim\AppData\Roaming\Apple Computer
2008-05-08 10:54 --------- d-----w C:\Users\Jim\AppData\Roaming\PlayFirst
2008-05-08 10:54 --------- d-----w C:\ProgramData\PlayFirst
2008-05-05 17:16 --------- d-----w C:\Program Files\Shockwave.com
2008-05-04 22:03 --------- d-----w C:\ProgramData\Fugazo
2008-05-04 14:49 --------- d-----w C:\Users\Jim\AppData\Roaming\DivX
2008-05-03 12:14 --------- d-----w C:\Users\Jim\AppData\Roaming\Boomzap
2008-05-01 19:32 --------- d-----w C:\Program Files\AOL Games
2008-04-27 18:04 --------- d-----w C:\Program Files\LimeWire
2008-04-20 23:06 --------- d-----w C:\Program Files\Real
2008-04-19 13:26 --------- d-----w C:\Users\Jim\AppData\Roaming\Wildfire
2008-04-16 11:30 --------- d-----w C:\ProgramData\Big Fish Games
2008-04-15 22:05 --------- d-----w C:\Users\Jim\AppData\Roaming\Yahoo!
2008-04-15 20:12 --------- d-----w C:\Users\Jim\AppData\Roaming\StoneLoopsBF
2008-04-15 19:23 --------- d-----w C:\Program Files\bfgclient
2008-04-13 14:13 --------- d-----w C:\Users\Amarie\AppData\Roaming\Apple Computer
2008-04-11 15:02 --------- d-----w C:\Users\Jim\AppData\Roaming\Jane s Hotel Family Hero
2008-04-07 10:02 --------- d-----w C:\Program Files\Yahoo! Games
2008-04-03 23:20 --------- d-----w C:\Users\Abbie\AppData\Roaming\LimeWire
2008-04-03 22:33 --------- d-----w C:\Users\Amarie\AppData\Roaming\Yahoo!
2008-04-01 20:02 --------- d-----w C:\Program Files\eMachines Games
2008-03-31 14:53 --------- d-----w C:\ProgramData\7Wonders2
2008-03-27 15:56 324 ----a-w C:\Users\Abbie\AppData\Roaming\wklnhst.dat
2008-03-27 15:50 --------- d-----w C:\Users\Abbie\AppData\Roaming\Grisoft
2008-03-26 01:27 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-26 01:26 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-24 23:11 --------- d-----w C:\Program Files\PhoTags Express
2008-03-24 22:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-23 12:16 --------- d-----w C:\Program Files\GameFiesta
2008-03-19 14:04 --------- d-----w C:\ProgramData\Megastore Madness
2008-03-18 23:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-18 08:46 --------- d-----w C:\Program Files\Norton Security Scan
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-08-29 14:30 174 --sha-w C:\Program Files\desktop.ini
2007-08-09 15:18 1,674 ----a-w C:\Users\Jim\AppData\Roaming\wklnhst.dat
2007-04-21 18:46 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}]
2008-03-11 11:07 670504 --a------ C:\Program Files\alot\bin\alot.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-04-01 08:18 160496 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}"= "C:\Program Files\alot\bin\alot.dll" [2008-03-11 11:07 670504]
[HKEY_CLASSES_ROOT\clsid\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 10:59 224248]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:34 201728]
"WinUpdater"="" []
"WebSUpdater"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-21 14:52 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"="" []
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 05:45 222208]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-21 10:18 1006264]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-12-12 10:02 81920]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-12-12 10:02 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-12-12 10:03 106496]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [ ]
"RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" [ ]
"HostManager"="C:\Program Files\Common Files\AOL\1177177124\ee\AOLSoftware.exe" [2007-05-25 13:16 42032]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 08:34 176128]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-04-29 19:56 158624]
"YMailAdvisor"="C:\Program Files\Yahoo!\Common\YMailAdvisor.exe" [2008-02-26 12:26 132376]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-17 20:07 29744]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-17 20:14 185632]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 00:15 15872]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-04-21 10:23 67112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 21:34 5419008]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2008-01-11 23:16:38 39792]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-11 01:29:22 738968]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\Windows\pss\BigFix.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\Windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigFix]
--a------ 2006-11-16 19:04 2348584 c:\program files\Bigfix\bigfix.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-05-17 20:07 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 13:16 42032 C:\Program Files\Common Files\AOL\1177177124\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-01 16:51 257088 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-05-29 21:34 5419008 C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
--a------ 2006-09-06 15:12 323216 C:\Program Files\Napster\napster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-02-25 21:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-05-21 15:48 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-17 20:14 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3967449076-243751180-1741794780-1000]
"EnableNotificationsRef"=dword:00000004
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3967449076-243751180-1741794780-500]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1E8ECE16-90C6-4454-9D8B-02E76F18AD3C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C50E79DC-73B2-4347-8C77-7A86994609B6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CAAFA7B5-DCAB-46E7-8099-0BE9A683653A}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{6BD5E8E7-12DB-4019-90D5-0C90B70D6D03}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{0E6F57DC-7FD3-4EF9-83ED-3D1B06579C2D}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8E786D86-0C35-49EC-A45F-9840DE03A7D2}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{A9CD58F9-7D2A-48A0-AC86-D1A710AA57E3}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{A3900E05-FDA5-4AA1-84CF-73A041EFD5B1}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{814505B7-F618-42CC-B5A0-670F557D9A94}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{EE5D945D-6844-4755-B07C-11811D6FA768}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{BBEA46F6-E87D-4073-BE3C-6DE018BF69C9}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{087FF0B5-02DA-4924-B692-A68B2EFC2C96}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{3DC89DB3-25C4-4E22-ABEA-7E197328F893}"= UDP:C:\Program Files\Common Files\aol\1177177124\ee\aolsoftware.exe:AOL Shared Components
"{74C5C985-3778-440E-8F81-DE4752DB32F8}"= TCP:C:\Program Files\Common Files\aol\1177177124\ee\aolsoftware.exe:AOL Shared Components
"{B1312353-5D68-402E-B3EC-3A3E559009EB}"= UDP:C:\Program Files\AOL 9.0a\waol.exe:AOL
"{51081052-EE12-46DB-8940-C3CD78EEF2D8}"= TCP:C:\Program Files\AOL 9.0a\waol.exe:AOL
"{A4D5EF23-C7BC-4943-820C-AEF85C404586}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{ECFC12EB-9A75-4003-A2D8-27751F2AC8C3}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{6A2D6599-952F-4F71-A62B-3561ACAB8E12}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{D8CB0E1B-0372-42F3-A65D-11AB6BDEFCE2}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{B143096F-AE6B-49A4-B751-203D1B938713}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{BA8CDAC6-EA05-44FF-BF1A-FE89E3AB45A8}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"TCP Query User{58DEE20A-603F-49B9-B6A6-A3851D9BE973}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{69ADDBB7-F0A5-4CA2-B963-051FA6365446}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{7D350D3D-A7C0-458C-B063-F4A32436744C}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{368DA09C-2EBD-4315-8CF1-3E09E0B32616}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{D6D607B2-7473-4EE6-A81D-2CA4C7F0587D}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{1B45747F-8D0B-4D44-8AFE-E925C8E423A9}C:\\program files\\popcap games\\dynomite deluxe\\dynomite.exe"= UDP:C:\program files\popcap games\dynomite deluxe\dynomite.exe:Dynomite
"UDP Query User{BC55A076-5109-4537-AE9E-E5263B50CF11}C:\\program files\\popcap games\\dynomite deluxe\\dynomite.exe"= TCP:C:\program files\popcap games\dynomite deluxe\dynomite.exe:Dynomite
"TCP Query User{CDA31002-BD86-41C3-B0F4-BEDD94F19D3D}C:\\program files\\gamehouse\\ricochet\\ricochet.exe"= UDP:C:\program files\gamehouse\ricochet\ricochet.exe:Ricochet
"UDP Query User{FD3DA470-0A4D-4398-B917-B2FDFA44C2EF}C:\\program files\\gamehouse\\ricochet\\ricochet.exe"= TCP:C:\program files\gamehouse\ricochet\ricochet.exe:Ricochet
"TCP Query User{99E6D6DD-468F-41D0-8CCD-BBB2498CDB57}C:\\program files\\yahoo! games\\astropop deluxe\\winap.exe"= UDP:C:\program files\yahoo! games\astropop deluxe\winap.exe:AstroPop Deluxe
"UDP Query User{F3C93DE3-6FA0-4A18-97B4-12B01BF530D4}C:\\program files\\yahoo! games\\astropop deluxe\\winap.exe"= TCP:C:\program files\yahoo! games\astropop deluxe\winap.exe:AstroPop Deluxe
"TCP Query User{83FF8D99-5DC7-4948-A919-56D0EC114215}C:\\program files\\gamehouse\\gemdrop\\gemdrop.exe"= UDP:C:\program files\gamehouse\gemdrop\gemdrop.exe:Super Gem Drop
"UDP Query User{0F7CB1A0-4565-4363-BBD0-98D9371B2FB1}C:\\program files\\gamehouse\\gemdrop\\gemdrop.exe"= TCP:C:\program files\gamehouse\gemdrop\gemdrop.exe:Super Gem Drop
"{91ADD717-97BC-441B-AD64-DA92C7EEFFA6}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{390DC7E2-CA53-44C1-AAB0-FA67F1D17060}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{4F4A2E80-2EB1-451D-A15A-37522D065B1F}C:\\program files\\yahoo! games\\zuma deluxe\\zuma.exe"= UDP:C:\program files\yahoo! games\zuma deluxe\zuma.exe:Zuma
"UDP Query User{1BF956D5-AE8E-4C7E-A1FE-23395D9899FE}C:\\program files\\yahoo! games\\zuma deluxe\\zuma.exe"= TCP:C:\program files\yahoo! games\zuma deluxe\zuma.exe:Zuma
"TCP Query User{8A65A5E7-D647-409B-AE71-C222BB68D887}C:\\program files\\rhapsody\\rhapsody.exe"= UDP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"UDP Query User{82CFFA1E-C82E-48EB-B6EA-32973F74F58A}C:\\program files\\rhapsody\\rhapsody.exe"= TCP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"{B1A3A18C-D494-41C1-A350-B4E266AB8110}"= UDP:C:\Program Files\AOL 9.1\waol.exe:AOL
"{CF807953-AFDB-49F4-ABD2-F2821B2E6E0A}"= TCP:C:\Program Files\AOL 9.1\waol.exe:AOL
"TCP Query User{88A35D5E-B5C3-47B4-8C3F-9B3FBD23B657}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{7AA43B29-43F3-4357-B779-6AB852BA3E41}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{09317A33-4445-4506-9BFA-BD26861662AA}"= UDP:C:\Program Files\Real\RealArcade\RNArcade.exe:RealArcade
"{07D2C70A-0C69-4677-B17E-4D7208A80CC0}"= TCP:C:\Program Files\Real\RealArcade\RNArcade.exe:RealArcade
"{C87FE120-BFFA-4ED7-884B-160D69DA55FC}"= UDP:C:\Program Files\Real\RealArcade\Setup\setup_rac.exe:RealArcade Setup
"{EAB671FD-5F26-4D8B-9D61-F76B18547EC9}"= TCP:C:\Program Files\Real\RealArcade\Setup\setup_rac.exe:RealArcade Setup
"TCP Query User{B8DC1291-B798-4963-8B44-337A82DF90A2}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{98BCC2FA-C9FF-4DB8-A04D-9277FCD878A2}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{894E0E37-F8A4-410E-BEBB-F90C573F1723}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{FA68FE3C-E4E1-4BDB-8605-EEE8E09F92F2}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 LxrSII1d;Secure II Driver;C:\Windows\system32\Drivers\LxrSII1d.sys [2006-12-14 10:37]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-06-29 09:11]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 10:49]
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2007-06-26 21:55]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe" [2008-01-29 13:09]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-17 20:07]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 03:30]
S3 SQTECH913D;913D Camera;C:\Windows\system32\Drivers\Capt913D.sys [2007-08-21 17:37]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 03:30]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\Windows\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d6b1091-e594-11dc-9ae7-00038a000015}]
\shell\AutoRun\command - K:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-05-18 02:38:34 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-18 08:46:48 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 00:11:14
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\aol\acs\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\System32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\System32\LxrSII1s.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Common Files\aol\Loader\aolload.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\lpremove.exe
C:\Windows\System32\lpksetup.exe
C:\Windows\System32\RacAgent.exe
.
**************************************************************************
.
Completion time: 2008-05-18 0:26:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-18 04:26:05
Pre-Run: 58,697,990,144 bytes free
Post-Run: 58,792,247,296 bytes free
451 --- E O F --- 2008-05-15 19:43:26

BC AdBot (Login to Remove)

 


#2 mtlman26

mtlman26
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Location:NY
  • Local time:01:57 AM

Posted 20 May 2008 - 04:11 PM

Tesslar A Trojan , and Fishdown G Trojan I ran both hijack this , and combofix , the decker one will not load . Any help would be greatly appreciated .



ComboFix 08-05-15.3 - Jim 2008-05-20 16:26:15.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.739 [GMT -4:00]
Running from: c:\Users\Jim\Downloads\ComboFix2222.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\tn3
C:\Windows\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))
.

2008-05-20 16:33 . 2008-05-20 16:33 <DIR> d-------- C:\Temp\tn3
2008-05-20 16:02 . 2008-05-20 16:02 <DIR> d-------- C:\Users\Jim\AppData\Roaming\Uniblue
2008-05-20 15:22 . 2008-05-20 15:22 <DIR> d-------- C:\Deckard
2008-05-18 14:13 . 2008-05-15 19:18 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-05-18 14:11 . 2008-05-18 14:11 <DIR> d-------- C:\Users\Jim\AppData\Roaming\Grisoft
2008-05-18 14:11 . 2007-05-30 08:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-05-18 08:59 . 2008-05-18 09:02 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-05-18 08:59 . 2008-05-18 09:02 <DIR> d-------- C:\ProgramData\Lavasoft
2008-05-17 22:38 . 2008-05-18 13:38 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-05-17 22:11 . 2008-05-18 13:44 <DIR> d-------- C:\Program Files\Windows Live
2008-05-17 22:11 . 2008-05-17 22:19 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-17 22:10 . 2008-05-18 13:57 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-05-17 22:10 . 2008-05-18 13:57 <DIR> d-------- C:\ProgramData\WLInstaller
2008-05-17 21:49 . 2008-05-17 21:49 <DIR> d-------- C:\Program Files\Unlocker
2008-05-17 19:42 . 2008-05-18 15:08 206,314,675 --a------ C:\Windows\MEMORY.DMP
2008-05-17 18:14 . 2008-05-17 18:14 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-05-17 18:14 . 2008-05-17 18:16 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-05-17 10:26 . 2008-05-17 10:26 <DIR> d-------- C:\Users\Jim\AppData\Roaming\SUPERAntiSpyware.com
2008-05-17 10:26 . 2008-05-17 10:26 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-17 10:26 . 2008-05-17 10:26 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-05-17 10:26 . 2008-05-17 19:54 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-17 10:25 . 2008-05-18 08:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-17 10:19 . 2008-05-17 10:19 <DIR> d-------- C:\Program Files\CCleaner
2008-05-16 13:35 . 2008-05-16 13:35 675,328 --a------ C:\Windows\is-MUREL.exe
2008-05-16 13:35 . 2002-01-19 23:10 597,834 --a------ C:\Windows\System32\AS-IFce1.ocx
2008-05-16 13:35 . 2004-02-05 20:53 389,120 --a------ C:\Windows\System32\actskn43.ocx
2008-05-16 13:35 . 2002-01-05 16:37 344,064 --a------ C:\Windows\System32\Msvcr70.dll
2008-05-16 13:35 . 2004-01-09 10:54 188,416 --a------ C:\Windows\System32\actsplash.ocx
2008-05-16 13:35 . 1999-05-06 22:00 140,288 --a------ C:\Windows\System32\comdlg32.ocx
2008-05-16 13:35 . 2003-06-23 01:31 65,536 --a------ C:\Windows\System32\vbalProgBar6.ocx
2008-05-16 13:35 . 2008-05-16 13:35 10,453 --a------ C:\Windows\is-MUREL.msg
2008-05-16 13:35 . 2008-05-16 13:35 939 --a------ C:\Windows\is-MUREL.lst
2008-05-16 13:34 . 2005-08-27 02:38 1,435,272 --a------ C:\Windows\System32\Flash8.ocx
2008-05-16 13:34 . 2002-03-04 12:27 1,140,472 --a------ C:\Windows\System32\IGUltraGrid20.ocx
2008-05-16 13:34 . 2003-11-19 13:59 512,688 --a------ C:\Windows\System32\XceedCry.dll
2008-05-16 13:34 . 2004-03-08 23:00 131,856 --a------ C:\Windows\System32\MSADODC.ocx
2008-05-16 13:34 . 2000-07-15 05:00 101,888 --a------ C:\Windows\System32\VB6STKIT.DLL
2008-05-16 13:34 . 1999-01-26 19:36 11,012 --a------ C:\Windows\System32\threadapi.tlb
2008-05-15 15:47 . 2008-05-15 15:47 <DIR> d-------- C:\Users\All Users\vsosdk
2008-05-15 15:47 . 2008-05-15 15:47 <DIR> d-------- C:\ProgramData\vsosdk
2008-05-14 20:33 . 2008-05-15 16:46 <DIR> d-------- C:\Users\Jim\AppData\Roaming\Vso
2008-05-14 20:33 . 2008-05-14 20:33 <DIR> d-------- C:\Program Files\VSO
2008-05-14 20:33 . 2004-05-04 12:53 1,645,320 --a------ C:\Windows\gdiplus.dll
2008-05-14 20:33 . 2006-05-20 17:16 1,184,984 --a------ C:\Windows\System32\wvc1dmod.dll
2008-05-14 20:33 . 2006-05-11 20:21 626,688 --a------ C:\Windows\System32\vp7vfw.dll
2008-05-14 20:33 . 2006-09-29 13:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2008-05-14 20:33 . 2006-09-29 13:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2008-05-14 20:33 . 2006-09-29 13:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2008-05-14 20:33 . 2007-03-18 21:37 65,602 --a------ C:\Windows\System32\cook3260.dll
2008-05-14 20:33 . 2008-05-14 20:33 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2008-05-14 20:33 . 2008-05-14 20:33 47,360 --a------ C:\Users\Jim\AppData\Roaming\pcouffin.sys
2008-05-14 11:45 . 2008-05-14 11:45 373 --a------ C:\Windows\System32\MRT.INI
2008-05-13 21:14 . 2008-05-18 09:34 <DIR> d-------- C:\Windows\System32\polX
2008-05-13 21:14 . 2008-05-13 21:14 <DIR> d-------- C:\Windows\System32\GUI2
2008-05-13 21:14 . 2008-05-16 18:09 <DIR> d-------- C:\Windows\System32\binR
2008-05-13 21:14 . 2008-05-13 21:14 <DIR> d-------- C:\Program Files\winvi
2008-05-13 21:14 . 2008-05-17 10:33 191,127 --------- C:\Windows\System32\drivers\core.cache.dsk
2008-05-13 21:14 . 2008-05-13 21:14 86,144 --a------ C:\Windows\System32\drivers\Dumpataa.sys
2008-05-13 21:13 . 2008-05-13 21:14 <DIR> d-------- C:\Windows\System32\3036a
2008-05-13 21:13 . 2008-05-13 21:14 <DIR> d-------- C:\Temp\tmpvc14
2008-05-13 21:13 . 2008-05-20 16:33 <DIR> d-------- C:\Temp
2008-05-13 21:13 . 2008-05-13 21:13 494,165 --a------ C:\Temp\dUbc1002.exe
2008-05-11 14:56 . 2008-05-11 17:44 <DIR> d-------- C:\divx
2008-05-11 14:04 . 2008-05-11 14:46 <DIR> d-------- C:\Users\Jim\AppData\Roaming\Azureus
2008-05-11 14:04 . 2008-05-11 14:04 <DIR> d-------- C:\Users\All Users\Azureus
2008-05-11 14:04 . 2008-05-11 14:04 <DIR> d-------- C:\ProgramData\Azureus
2008-05-11 12:44 . 2008-05-11 12:44 <DIR> d-------- C:\Program Files\Windows Media Components
2008-05-07 11:15 . 2008-05-07 11:15 414,272 --a------ C:\Windows\System32\DivXc32f.dll
2008-05-07 11:15 . 2008-05-07 11:15 414,272 --a------ C:\Windows\System32\DivXc32.dll
2008-05-07 11:15 . 2008-05-07 11:15 291,408 --a------ C:\Windows\System32\DivXa32.acm
2008-05-07 11:15 . 2008-05-07 11:15 240,400 --a------ C:\Windows\System32\DivX_c32.ax
2008-05-05 13:37 . 2008-05-05 13:37 <DIR> d-------- C:\Users\Jim\AppData\Roaming\Ludia
2008-05-05 13:37 . 2008-05-05 13:37 <DIR> d-------- C:\Users\All Users\Ludia
2008-05-05 13:37 . 2008-05-05 13:37 <DIR> d-------- C:\ProgramData\Ludia
2008-05-05 13:09 . 2008-05-05 13:09 <DIR> d-------- C:\Users\Jim\AppData\Roaming\ScreenSeven
2008-05-04 10:20 . 2008-05-04 10:47 <DIR> d-------- C:\Program Files\uTorrent
2008-05-02 16:02 . 2008-05-18 15:06 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-05-01 15:02 . 2008-05-01 15:04 <DIR> d-------- C:\Program Files\PoshShop_at
2008-04-29 19:56 . 2008-04-29 19:56 245,664 --a------ C:\Windows\System32\ZuneWlanCfgSvc.exe
2008-04-27 09:51 . 2008-04-27 09:51 <DIR> d-------- C:\Windows\Start Menu
2008-04-27 09:51 . 2008-05-01 15:32 <DIR> d-------- C:\Windows\Desktop
2008-04-25 11:20 . 2008-04-25 12:24 <DIR> d-------- C:\Program Files\Magic Match The Genies Journey
2008-04-23 09:10 . 2008-04-23 09:10 <DIR> d-------- C:\Users\Jim\AppData\Roaming\Total Eclipse
2008-04-22 17:21 . 2008-05-02 10:21 <DIR> d-------- C:\Users\Jim\new music
2008-04-21 08:32 . 2008-05-18 15:06 <DIR> d-------- C:\Program Files\RealArcade
2008-04-21 08:25 . 2008-04-21 08:25 <DIR> d-------- C:\Users\All Users\Intenium
2008-04-21 08:25 . 2008-04-21 08:25 <DIR> d-------- C:\ProgramData\Intenium
2008-04-20 17:51 . 2008-04-20 17:51 476,850 --a------ C:\Users\Jim\realarcade_en.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 14:59 --------- d-----w C:\ProgramData\Google Updater
2008-05-20 13:19 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-18 19:06 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-05-18 19:06 --------- d-----w C:\ProgramData\AOL
2008-05-18 19:06 --------- d-----w C:\Program Files\Zune
2008-05-18 19:06 --------- d-----w C:\Program Files\Windows Mail
2008-05-18 19:06 --------- d-----w C:\Program Files\Picasa2
2008-05-18 19:06 --------- d-----w C:\Program Files\Google
2008-05-18 19:06 --------- d-----w C:\Program Files\913D Camera
2008-05-18 12:59 --------- d-----w C:\Program Files\Lavasoft
2008-05-18 03:05 --------- d-----w C:\ProgramData\iWin Games
2008-05-17 23:40 --------- d-----w C:\Program Files\DivX
2008-05-17 20:09 --------- d-----w C:\Users\Amarie\AppData\Roaming\LimeWire
2008-05-14 20:55 --------- d-----w C:\Program Files\iWin.com
2008-05-14 20:55 --------- d-----w C:\Program Files\BoontyGames
2008-05-14 01:11 --------- d-----w C:\Users\Jim\AppData\Roaming\LimeWire
2008-05-13 10:57 --------- d---a-w C:\ProgramData\TEMP
2008-05-08 16:43 --------- d-----w C:\Users\Jim\AppData\Roaming\Apple Computer
2008-05-08 10:54 --------- d-----w C:\Users\Jim\AppData\Roaming\PlayFirst
2008-05-08 10:54 --------- d-----w C:\ProgramData\PlayFirst
2008-05-05 17:16 --------- d-----w C:\Program Files\Shockwave.com
2008-05-04 22:03 --------- d-----w C:\ProgramData\Fugazo
2008-05-04 14:49 --------- d-----w C:\Users\Jim\AppData\Roaming\DivX
2008-05-03 12:14 --------- d-----w C:\Users\Jim\AppData\Roaming\Boomzap
2008-05-01 19:32 --------- d-----w C:\Program Files\AOL Games
2008-04-27 18:04 --------- d-----w C:\Program Files\LimeWire
2008-04-20 23:06 --------- d-----w C:\Program Files\Real
2008-04-19 13:26 --------- d-----w C:\Users\Jim\AppData\Roaming\Wildfire
2008-04-18 15:05 --------- d-----w C:\Program Files\MSECache
2008-04-16 11:30 --------- d-----w C:\ProgramData\Big Fish Games
2008-04-15 22:05 --------- d-----w C:\Users\Jim\AppData\Roaming\Yahoo!
2008-04-15 20:12 --------- d-----w C:\Users\Jim\AppData\Roaming\StoneLoopsBF
2008-04-15 19:23 --------- d-----w C:\Program Files\bfgclient
2008-04-13 14:13 --------- d-----w C:\Users\Amarie\AppData\Roaming\Apple Computer
2008-04-11 15:02 --------- d-----w C:\Users\Jim\AppData\Roaming\Jane s Hotel Family Hero
2008-04-07 10:02 --------- d-----w C:\Program Files\Yahoo! Games
2008-04-03 23:20 --------- d-----w C:\Users\Abbie\AppData\Roaming\LimeWire
2008-04-03 22:33 --------- d-----w C:\Users\Amarie\AppData\Roaming\Yahoo!
2008-04-01 20:02 --------- d-----w C:\Program Files\eMachines Games
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-31 14:53 --------- d-----w C:\ProgramData\7Wonders2
2008-03-27 15:56 324 ----a-w C:\Users\Abbie\AppData\Roaming\wklnhst.dat
2008-03-27 15:50 --------- d-----w C:\Users\Abbie\AppData\Roaming\Grisoft
2008-03-26 01:27 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-26 01:26 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-24 23:11 --------- d-----w C:\Program Files\PhoTags Express
2008-03-24 22:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-23 12:16 --------- d-----w C:\Program Files\GameFiesta
2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-03-21 20:30 129,784 ------w C:\Windows\System32\pxafs.dll
2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-08-29 14:30 174 --sha-w C:\Program Files\desktop.ini
2007-08-09 15:18 1,674 ----a-w C:\Users\Jim\AppData\Roaming\wklnhst.dat
2007-04-21 18:46 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-18_ 0.25.25.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-18 04:09:58 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-20 20:31:17 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-18 13:00:53 1,038,336 ----a-r C:\Windows\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2008-05-18 13:00:53 178,688 ----a-r C:\Windows\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2008-05-18 13:00:53 171,008 ----a-r C:\Windows\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2008-05-18 13:00:53 8,704 ----a-r C:\Windows\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
- 2008-05-18 04:10:00 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-20 20:31:18 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-18 04:10:00 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-20 20:31:18 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-18 04:10:38 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-20 20:33:31 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-05-18 04:11:37 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-20 20:33:31 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-15 23:24:43 1,152,888 ----a-w C:\Windows\System32\aswBoot.exe
+ 2008-05-15 23:12:36 95,608 ----a-w C:\Windows\System32\AvastSS.scr
- 2008-05-18 04:10:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-20 20:31:52 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-18 04:10:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-20 20:31:52 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-18 04:10:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-20 20:31:52 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-15 23:16:06 20,560 ----a-w C:\Windows\System32\drivers\aswFsBlk.sys
+ 2008-05-15 23:15:29 23,152 ----a-w C:\Windows\System32\drivers\aswRdr.sys
+ 2008-05-15 23:20:32 78,416 ----a-w C:\Windows\System32\drivers\aswSP.sys
+ 2008-05-15 23:14:11 42,912 ----a-w C:\Windows\System32\drivers\aswTdi.sys
+ 2007-07-11 18:37:26 6,272 ----a-w C:\Windows\System32\drivers\AWRTPD.sys
+ 2007-08-07 17:58:08 8,320 ----a-w C:\Windows\System32\drivers\AWRTRD.sys
+ 2007-08-07 17:56:58 9,344 ----a-w C:\Windows\System32\drivers\NSDriver.sys
+ 2007-12-14 16:32:52 12,632 ----a-w C:\Windows\System32\lsdelete.exe
- 2008-05-18 03:00:59 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
+ 2008-05-18 18:06:26 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
- 2008-05-18 03:03:54 22,076 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3967449076-243751180-1741794780-1000_UserData.bin
+ 2008-05-20 20:11:20 22,926 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3967449076-243751180-1741794780-1000_UserData.bin
- 2008-05-18 04:12:01 69,634 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-20 20:11:19 69,880 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-18 00:18:24 4,646 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-05-18 18:14:33 4,904 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-05-18 04:11:55 90,538 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-20 20:11:15 91,752 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-04-01 08:18 160496 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 10:59 224248]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:34 201728]
"WinUpdater"="" []
"WebSUpdater"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-21 14:52 68856]
"AOL Fast Start"="C:\Program Files\AOL 9.1\AOL.exe" [2007-10-27 13:44 50528]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"="" []
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 05:45 222208]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-21 10:18 1006264]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-12-12 10:02 81920]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-12-12 10:02 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-12-12 10:03 106496]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [ ]
"RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" [ ]
"HostManager"="C:\Program Files\Common Files\AOL\1177177124\ee\AOLSoftware.exe" [2007-05-25 13:16 42032]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 08:34 176128]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-04-29 19:56 158624]
"YMailAdvisor"="C:\Program Files\Yahoo!\Common\YMailAdvisor.exe" [2008-02-26 12:26 132376]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-17 20:07 29744]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-17 20:14 185632]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 00:15 15872]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 21:34 5419008]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2008-01-11 23:16:38 39792]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-11 01:29:22 738968]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\Windows\pss\BigFix.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\Windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigFix]
--a------ 2006-11-16 19:04 2348584 c:\program files\Bigfix\bigfix.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-05-17 20:07 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 13:16 42032 C:\Program Files\Common Files\AOL\1177177124\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-01 16:51 257088 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-05-29 21:34 5419008 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
--a------ 2006-09-06 15:12 323216 C:\Program Files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-02-25 21:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-05-21 15:48 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-17 20:14 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3967449076-243751180-1741794780-1000]
"EnableNotificationsRef"=dword:00000004

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3967449076-243751180-1741794780-500]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1E8ECE16-90C6-4454-9D8B-02E76F18AD3C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C50E79DC-73B2-4347-8C77-7A86994609B6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CAAFA7B5-DCAB-46E7-8099-0BE9A683653A}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{6BD5E8E7-12DB-4019-90D5-0C90B70D6D03}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{0E6F57DC-7FD3-4EF9-83ED-3D1B06579C2D}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8E786D86-0C35-49EC-A45F-9840DE03A7D2}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{A9CD58F9-7D2A-48A0-AC86-D1A710AA57E3}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{A3900E05-FDA5-4AA1-84CF-73A041EFD5B1}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{814505B7-F618-42CC-B5A0-670F557D9A94}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{EE5D945D-6844-4755-B07C-11811D6FA768}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{BBEA46F6-E87D-4073-BE3C-6DE018BF69C9}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{087FF0B5-02DA-4924-B692-A68B2EFC2C96}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{3DC89DB3-25C4-4E22-ABEA-7E197328F893}"= UDP:C:\Program Files\Common Files\aol\1177177124\ee\aolsoftware.exe:AOL Shared Components
"{74C5C985-3778-440E-8F81-DE4752DB32F8}"= TCP:C:\Program Files\Common Files\aol\1177177124\ee\aolsoftware.exe:AOL Shared Components
"{B1312353-5D68-402E-B3EC-3A3E559009EB}"= UDP:C:\Program Files\AOL 9.0a\waol.exe:AOL
"{51081052-EE12-46DB-8940-C3CD78EEF2D8}"= TCP:C:\Program Files\AOL 9.0a\waol.exe:AOL
"{A4D5EF23-C7BC-4943-820C-AEF85C404586}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{ECFC12EB-9A75-4003-A2D8-27751F2AC8C3}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{6A2D6599-952F-4F71-A62B-3561ACAB8E12}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{D8CB0E1B-0372-42F3-A65D-11AB6BDEFCE2}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{B143096F-AE6B-49A4-B751-203D1B938713}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{BA8CDAC6-EA05-44FF-BF1A-FE89E3AB45A8}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"TCP Query User{58DEE20A-603F-49B9-B6A6-A3851D9BE973}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{69ADDBB7-F0A5-4CA2-B963-051FA6365446}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{7D350D3D-A7C0-458C-B063-F4A32436744C}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{368DA09C-2EBD-4315-8CF1-3E09E0B32616}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{D6D607B2-7473-4EE6-A81D-2CA4C7F0587D}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{1B45747F-8D0B-4D44-8AFE-E925C8E423A9}C:\\program files\\popcap games\\dynomite deluxe\\dynomite.exe"= UDP:C:\program files\popcap games\dynomite deluxe\dynomite.exe:Dynomite
"UDP Query User{BC55A076-5109-4537-AE9E-E5263B50CF11}C:\\program files\\popcap games\\dynomite deluxe\\dynomite.exe"= TCP:C:\program files\popcap games\dynomite deluxe\dynomite.exe:Dynomite
"TCP Query User{CDA31002-BD86-41C3-B0F4-BEDD94F19D3D}C:\\program files\\gamehouse\\ricochet\\ricochet.exe"= UDP:C:\program files\gamehouse\ricochet\ricochet.exe:Ricochet
"UDP Query User{FD3DA470-0A4D-4398-B917-B2FDFA44C2EF}C:\\program files\\gamehouse\\ricochet\\ricochet.exe"= TCP:C:\program files\gamehouse\ricochet\ricochet.exe:Ricochet
"TCP Query User{99E6D6DD-468F-41D0-8CCD-BBB2498CDB57}C:\\program files\\yahoo! games\\astropop deluxe\\winap.exe"= UDP:C:\program files\yahoo! games\astropop deluxe\winap.exe:AstroPop Deluxe
"UDP Query User{F3C93DE3-6FA0-4A18-97B4-12B01BF530D4}C:\\program files\\yahoo! games\\astropop deluxe\\winap.exe"= TCP:C:\program files\yahoo! games\astropop deluxe\winap.exe:AstroPop Deluxe
"TCP Query User{83FF8D99-5DC7-4948-A919-56D0EC114215}C:\\program files\\gamehouse\\gemdrop\\gemdrop.exe"= UDP:C:\program files\gamehouse\gemdrop\gemdrop.exe:Super Gem Drop
"UDP Query User{0F7CB1A0-4565-4363-BBD0-98D9371B2FB1}C:\\program files\\gamehouse\\gemdrop\\gemdrop.exe"= TCP:C:\program files\gamehouse\gemdrop\gemdrop.exe:Super Gem Drop
"{91ADD717-97BC-441B-AD64-DA92C7EEFFA6}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{390DC7E2-CA53-44C1-AAB0-FA67F1D17060}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{4F4A2E80-2EB1-451D-A15A-37522D065B1F}C:\\program files\\yahoo! games\\zuma deluxe\\zuma.exe"= UDP:C:\program files\yahoo! games\zuma deluxe\zuma.exe:Zuma
"UDP Query User{1BF956D5-AE8E-4C7E-A1FE-23395D9899FE}C:\\program files\\yahoo! games\\zuma deluxe\\zuma.exe"= TCP:C:\program files\yahoo! games\zuma deluxe\zuma.exe:Zuma
"TCP Query User{8A65A5E7-D647-409B-AE71-C222BB68D887}C:\\program files\\rhapsody\\rhapsody.exe"= UDP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"UDP Query User{82CFFA1E-C82E-48EB-B6EA-32973F74F58A}C:\\program files\\rhapsody\\rhapsody.exe"= TCP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"{B1A3A18C-D494-41C1-A350-B4E266AB8110}"= UDP:C:\Program Files\AOL 9.1\waol.exe:AOL
"{CF807953-AFDB-49F4-ABD2-F2821B2E6E0A}"= TCP:C:\Program Files\AOL 9.1\waol.exe:AOL
"TCP Query User{88A35D5E-B5C3-47B4-8C3F-9B3FBD23B657}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{7AA43B29-43F3-4357-B779-6AB852BA3E41}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{09317A33-4445-4506-9BFA-BD26861662AA}"= UDP:C:\Program Files\Real\RealArcade\RNArcade.exe:RealArcade
"{07D2C70A-0C69-4677-B17E-4D7208A80CC0}"= TCP:C:\Program Files\Real\RealArcade\RNArcade.exe:RealArcade
"{C87FE120-BFFA-4ED7-884B-160D69DA55FC}"= UDP:C:\Program Files\Real\RealArcade\Setup\setup_rac.exe:RealArcade Setup
"{EAB671FD-5F26-4D8B-9D61-F76B18547EC9}"= TCP:C:\Program Files\Real\RealArcade\Setup\setup_rac.exe:RealArcade Setup
"TCP Query User{B8DC1291-B798-4963-8B44-337A82DF90A2}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{98BCC2FA-C9FF-4DB8-A04D-9277FCD878A2}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{894E0E37-F8A4-410E-BEBB-F90C573F1723}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{FA68FE3C-E4E1-4BDB-8605-EEE8E09F92F2}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-15 19:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-15 19:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-15 19:18]
R2 LxrSII1d;Secure II Driver;C:\Windows\system32\Drivers\LxrSII1d.sys [2006-12-14 10:37]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-06-29 09:11]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 10:49]
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2007-06-26 21:55]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe" [2008-01-29 13:09]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-17 20:07]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 03:30]
S3 SQTECH913D;913D Camera;C:\Windows\system32\Drivers\Capt913D.sys [2007-08-21 17:37]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 03:30]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\Windows\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d6b1091-e594-11dc-9ae7-00038a000015}]
\shell\AutoRun\command - K:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-03-18 08:46:48 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 16:33:36
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\aol\acs\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Windows\System32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\System32\LxrSII1s.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\aol\Loader\aolload.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2008-05-20 16:52:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-20 20:52:02
ComboFix2.txt 2008-05-18 04:26:36

Pre-Run: 56,587,788,288 bytes free
Post-Run: 56,595,992,576 bytes free

447 --- E O F --- 2008-05-20 20:07:15


HIjack This File:

ogfile of HijackThis v1.99.1
Scan saved at 9:18:31 PM, on 5/17/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\aol\1177177124\ee\aolsoftware.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\iWin Games\DesktopAlerts\DesktopAlerts.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\google\googletoolbar2user.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe -boot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1177177124\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Ceedo AutoDetect] C:\Users\Jim\AppData\Local\Temp\AutoDetect.exe /active
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: iWin Desktop Alerts.lnk = C:\ProgramData\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Magic%20Match%20Adventures/Images/stg_drm.ocx
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...S/wlscctrl2.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\Windows\system32\drivers\CDAC11BA.EXE
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\Windows\SYSTEM32\LxrSII1s.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

#3 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 AM

Posted 11 June 2008 - 06:33 PM

As you are being helped in other topics, I am closing this one. If you need it reopened, please PM a member of the HJT Team.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users