Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer is running slow and i have various things that like to linger on screen.


  • This topic is locked This topic is locked
22 replies to this topic

#1 fscguy

fscguy

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 01 January 2009 - 09:34 AM

My computer is running slow and i have various things that like to linger on screen. I am attaching a webcam snapshot that i took to show what i mean. here is a link to a picture showing what i mean http://www.imagebam.com/image/50190922404608Attached File  Attachnew.txt   20.43KB   7 downloads

hjtlog


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:58 PM, on 12/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sprint music manager\MEMonitor.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Howies Quick Screen Capture\HQScreen.exe
C:\Program Files\SplitCam\SplitCam.exe
C:\Program Files\Microsoft LifeCam\LifeTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080610
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080610
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [\\MAIN\EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P37 "\\MAIN\EPSON Stylus Photo R320 Series" /O6 "USB002" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R320 Series on MAIN] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P43 "Auto EPSON Stylus Photo R320 Series on MAIN" /O13 "\\MAIN\EPSON1" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Eyeball Chat] "C:\PROGRA~1\Eyeball\EYEBAL~1\EyeballChat.exe" -min
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18" -"http://games.myspace.com/MySpace2.0/App/GameShell.aspx?cx=600000&cn=SD%3de9c0xS2C3jCVL98ANthwtudxsYzJ5lpRStqrPgEUH1NwTHg1DvrekFczWURI33dF%26LT%3d0%26CL%3dC%26TO%3d1229266681%26A%3dP44T%2fCJvtRhhQEij45ojlM0FBLE%3d%26SA%3dP44T%2fCJvtRhhQEij45ojlM0FBLE%3d&rx=1200000&rn=SD%3de9c0xS2C3jCVL98ANthwtudxsYzJ5lpRStqrPgEUH1NwTHg1DvrekFczWURI33dF%26LT%3d0%26CL%3dR%26TO%3d1229267281%26A%3duLYjxKrwE6DNuDnekeCR5ZLiADc%3d%26SA%3duLYjxKrwE6DNuDnekeCR5ZLiADc%3d&ui=7QWcLqKrxYe2HOkzsB%2bb42ncx3k%3d&ux=86400000&un=DA%3d%26SD%3de9c0xS2C3jCVL98ANthwtudxsYzJ5lpRStqrPgEUH1NwTHg1DvrekFczWURI33dF%26LT%3d0%26CL%3dU%26TO%3d1229352481%26A%3dp2q2Wkb0iWtuSBkJzGMQ3gsUOt8%3d%26SA%3dp2q2Wkb0iWtuSBkJzGMQ3gsUOt8%3d&room=57e317c8-076a-4778-8d05-41a69eafcf51&code=115220307&channel=110343720&lc=en&refid=&device=-1&carrier=-1&isOmitChat=0&isOmitAdd
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: check-ip-changed.bat
O4 - Startup: MEMonitor.lnk = C:\Program Files\Sprint music manager\MEMonitor.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGet.htm
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Extract Flash Video with Bytescout... - {F7DC590B-B6AD-4F7D-A778-7954A6D15B7F} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract_ie.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\StreamingStar\HiDownload\hidownload.exe (HKCU)
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth.ne...bls_speedop.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\OpenSA\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14367 bytes


dds log


DDS (Version 1.1.0) - NTFSx86
Run by jam at 18:59:23.60 on Wed 12/31/2008
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2395 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Eyeball\EYEBAL~1\EyeballChat.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sprint music manager\MEMonitor.exe
C:\PROGRA~1\Webshots\webshots.scr
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jam\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080610
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080610
uSearch Bar =
mDefault_Page_URL = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080610
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AGSearchHook Class: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - c:\program files\agi\common\agcutils.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AGSearchHook Class: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - c:\program files\agi\common\agcutils.dll
BHO: IeCatch5 Class: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\progra~1\flashget\jccatch.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: gFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\progra~1\flashget\getflash.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: NetXfer: {c16cbaac-a75c-4db5-a0dd-cdf5cafcdd3a} - c:\program files\xi\netxfer\NXToolBar.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [Eyeball Chat] "c:\progra~1\eyeball\eyebal~1\EyeballChat.exe" -min
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18" -"http://games.myspace.com/MySpace2.0/App/GameShell.aspx?cx=600000&cn=SD%3de9c0xS2C3jCVL98ANthwtudxsYzJ5lpRStqrPgEUH1NwTHg1DvrekFczWURI33dF%26LT%3d0%26CL%3dC%26TO%3d1229266681%26A%3dP44T%2fCJvtRhhQEij45ojlM0FBLE%3d%26SA%3dP44T%2fCJvtRhhQEij45ojlM0FBLE%3d&rx=1200000&rn=SD%3de9c0xS2C3jCVL98ANthwtudxsYzJ5lpRStqrPgEUH1NwTHg1DvrekFczWURI33dF%26LT%3d0%26CL%3dR%26TO%3d1229267281%26A%3duLYjxKrwE6DNuDnekeCR5ZLiADc%3d%26SA%3duLYjxKrwE6DNuDnekeCR5ZLiADc%3d&ui=7QWcLqKrxYe2HOkzsB%2bb42ncx3k%3d&ux=86400000&un=DA%3d%26SD%3de9c0xS2C3jCVL98ANthwtudxsYzJ5lpRStqrPgEUH1NwTHg1DvrekFczWURI33dF%26LT%3d0%26CL%3dU%26TO%3d1229352481%26A%3dp2q2Wkb0iWtuSBkJzGMQ3gsUOt8%3d%26SA%3dp2q2Wkb0iWtuSBkJzGMQ3gsUOt8%3d&room=57e317c8-076a-4778-8d05-41a69eafcf51&code=115220307&channel=110343720&lc=en&refid=&device=-1&carrier=-1&isOmitChat=0&isOmitAddToProfile=0"
mRun: [\\MAIN\EPSON Stylus Photo R320 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fati9fa.exe /p37 "\\main\EPSON Stylus Photo R320 Series" /O6 "USB002" /M "Stylus Photo R320"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Auto EPSON Stylus Photo R320 Series on MAIN] c:\windows\system32\spool\drivers\w32x86\3\e_fati9fa.exe /p43 "auto epson stylus photo r320 series on main" /o13 "\\main\EPSON1" /M "Stylus Photo R320"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\documents and settings\jam\start menu\programs\startup\check-ip-changed.bat
StartupFolder: c:\docume~1\jam\startm~1\programs\startup\memoni~1.lnk - c:\program files\sprint music manager\MEMonitor.exe
StartupFolder: c:\docume~1\jam\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm
IE: Download all by NetXfer - c:\program files\xi\netxfer\NXAddList.html
IE: Download All Files by HiDownload - c:\program files\streamingstar\hidownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\streamingstar\hidownload\HDGet.htm
IE: Download by NetXfer - c:\program files\xi\netxfer\NXAddLink.html
IE: Download using FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {F7DC590B-B6AD-4F7D-A778-7954A6D15B7F} - c:\program files\bytescout movies extractor scout\flashextract_ie.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jam\applic~1\mozilla\firefox\profiles\ky7hdgf7.default\
FF - prefs.js: browser.startup.homepage - hxxp://webmail.aol.com/37080/aol/en-us/suite.aspx|http://mail.google.com/mail/#inbox|http://www.match.com/connect/connectionsHelp.aspx|http://www.plentyoffish.com/inbox.aspx?Guid=&SID=#in
FF - component: c:\documents and settings\jam\application data\mozilla\firefox\profiles\ky7hdgf7.default\extensions\piclens@cooliris.com\components\piclensstub.dll
FF - plugin: c:\documents and settings\jam\application data\mozilla\firefox\profiles\ky7hdgf7.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000054.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCID.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\yahoo!\shared\npYState.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-9 201320]
R2 AGWinService;AG Windows Service;"c:\program files\agi\common\win32\PythonService.exe" [2008-11-30 10240]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-8-23 5376]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-6-9 358224]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-6-9 144704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2008-6-12 24652]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2004-10-6 283904]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-6-9 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-6-9 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-6-9 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-6-9 40488]
R3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;\??\c:\windows\system32\drivers\OEM05Afx.sys [2008-6-9 141376]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\drivers\OEM05Vfx.sys [2008-6-9 7424]
R3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\drivers\OEM05Vid.sys [2008-6-9 235616]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-6-9 31616]
S2 StudioPro;StudioPro webcam;c:\windows\system32\drivers\StudioPro.sys []
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\ATHFMWDL.sys [2004-10-4 43392]
S3 EuMusDesignVirtualAudioCableWdm;StudioPro audio (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2008-6-22 38784]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-6-9 33832]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S4 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-6-23 611664]

=============== Created Last 30 ================

2008-12-31 18:29 27,265,566 a------- C:\12302008-232738.wmv
2008-12-31 18:29 5 a------- c:\windows\system32\SySAVI2WMV.dat
2008-12-31 18:28 <DIR> --d----- c:\program files\ezvideotools.com
2008-12-31 18:24 794,624 a------- c:\windows\system32\mpgfiltr.ax
2008-12-31 18:24 348,160 a------- c:\windows\system32\axVideoConvert.dll
2008-12-31 18:24 140,288 a------- c:\windows\system32\Comdlg32.ocx
2008-12-31 18:24 <DIR> --d----- c:\program files\MPEG Converter
2008-12-31 17:33 76,056 a------- C:\img2-001.raw
2008-12-30 21:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EyePowerGames
2008-12-29 20:54 1,966,696 a------- c:\windows\system32\drivers\VX3000.sys
2008-12-29 20:54 709,992 a------- c:\windows\vVX3000.exe
2008-12-29 20:54 476,520 a------- c:\windows\vVX3000.dll
2008-12-29 20:54 202,088 a------- c:\windows\system32\LCCoin14.dll
2008-12-29 20:54 185,704 a------- c:\windows\system32\cVX3000.dll
2008-12-29 20:54 111,976 a------- c:\windows\VX3000.dll
2008-12-29 20:54 15,498 a------- c:\windows\VX3000.ini
2008-12-29 20:54 13,023 a------- c:\windows\VX3000.src
2008-12-29 20:53 <DIR> --d----- c:\program files\Microsoft LifeCam
2008-12-29 03:00 <DIR> --d----- c:\program files\MSXML 4.0
2008-12-28 16:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WEBREG
2008-12-28 16:46 271,704 a----r-- c:\windows\system32\hpzids01.dll
2008-12-28 16:46 118,272 a------- c:\windows\system32\hpz3l5mu.dll
2008-12-28 16:45 729,088 a----r-- c:\windows\system32\hpwwiax4.dll
2008-12-28 16:45 593,920 a----r-- c:\windows\system32\hpwtscl3.dll
2008-12-28 16:45 364,544 a----r-- c:\windows\system32\hppldcoi.dll
2008-12-28 16:45 309,760 a----r-- c:\windows\system32\difxapi.dll
2008-12-28 16:45 294,912 a----r-- c:\windows\system32\hpovst11.dll
2008-12-28 16:45 6,784 a------- c:\windows\system32\drivers\serscan.sys
2008-12-28 16:45 6,784 a------- c:\windows\system32\dllcache\serscan.sys
2008-12-28 16:28 <DIR> --d----- c:\program files\common files\HP
2008-12-28 16:28 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2008-12-28 16:25 2,428 a----r-- c:\windows\hpwmdl20.dat
2008-12-28 16:25 178,379 a------- c:\windows\hpwins20.dat
2008-12-28 16:15 1,373,528 a----r-- c:\windows\hpzshl01.exe
2008-12-28 16:15 1,140,056 a----r-- c:\windows\hpzmsi01.exe
2008-12-28 16:15 12,054 a----r-- c:\windows\hpwscr20.dat
2008-12-28 16:15 <DIR> --d----- c:\windows\yellowtail+1
2008-12-28 16:15 <DIR> --d----- c:\program files\HP
2008-12-28 16:15 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2008-12-28 16:15 25,856 a------- c:\windows\system32\dllcache\usbprint.sys
2008-12-28 15:31 0 a------- c:\windows\ativpsrm.bin
2008-12-28 15:29 <DIR> --d----- C:\ATI
2008-12-26 17:51 13,824 a------- c:\windows\system32\drivers\splitcam.sys
2008-12-26 17:51 389,120 a------- c:\windows\system32\actskn43.ocx
2008-12-26 17:51 <DIR> --d----- c:\program files\SplitCam
2008-12-24 22:11 664 a------- c:\windows\system32\d3d9caps.dat
2008-12-22 17:25 413,760 a------- c:\windows\system32\MPG4C32.dll
2008-12-22 17:25 <DIR> --d----- c:\program files\innoheim
2008-12-22 17:23 <DIR> --d----- c:\program files\common files\Download Manager
2008-12-21 20:51 <DIR> --d----- c:\docume~1\jam\applic~1\SkypeCap
2008-12-21 20:51 <DIR> --d----- c:\program files\SkypeCap
2008-12-21 16:43 <DIR> --d----- c:\program files\common files\TechSmith Shared
2008-12-18 18:55 25 a------- c:\windows\cdplayer.ini
2008-12-13 12:11 <DIR> --d----- c:\program files\Unity
2008-12-12 18:31 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-12 18:26 0 -------- c:\program files\jre-6u11-windows-i586-p.exe
2008-12-12 18:25 <DIR> --d----- c:\documents and settings\jam\.SunDownloadManager
2008-12-05 18:12 345 a------- c:\windows\gmer.ini

==================== Find3M ====================

2008-12-28 15:56 2,500 a------- c:\windows\mozver.dat
2008-12-12 18:26 0 a------- c:\program files\jre-6u11-windows-i586-p.exe.bak
2008-12-12 18:26 1,230 a------- c:\program files\jre-6u11-windows-i586-p.exe.sdm
2008-12-12 12:33 3,060,224 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-01 17:13 3,452,928 a------- c:\windows\system32\drivers\ati2mtag.sys
2008-12-01 17:13 3,452,928 a------- c:\windows\system32\dllcache\ati2mtag.sys
2008-12-01 15:52 425,984 a------- c:\windows\system32\ATIDEMGX.dll
2008-12-01 15:51 318,464 a------- c:\windows\system32\ati2dvag.dll
2008-12-01 15:46 11,304,960 a------- c:\windows\system32\atioglxx.dll
2008-12-01 15:41 188,416 a------- c:\windows\system32\atipdlxx.dll
2008-12-01 15:40 147,456 a------- c:\windows\system32\Oemdspif.dll
2008-12-01 15:40 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2008-12-01 15:40 43,520 a------- c:\windows\system32\ati2edxx.dll
2008-12-01 15:40 143,360 a------- c:\windows\system32\ati2evxx.dll
2008-12-01 15:38 598,016 a------- c:\windows\system32\ati2evxx.exe
2008-12-01 15:37 53,248 a------- c:\windows\system32\ATIDDC.DLL
2008-12-01 15:27 4,120,384 a------- c:\windows\system32\dllcache\ati3duag.dll
2008-12-01 15:27 4,120,384 a------- c:\windows\system32\ati3duag.dll
2008-12-01 15:19 307,200 a------- c:\windows\system32\atiiiexx.dll
2008-12-01 15:11 2,495,360 a------- c:\windows\system32\dllcache\ativvaxx.dll
2008-12-01 15:11 2,495,360 a------- c:\windows\system32\ativvaxx.dll
2008-12-01 14:57 48,640 a------- c:\windows\system32\amdpcom32.dll
2008-12-01 14:53 401,408 a------- c:\windows\system32\atikvmag.dll
2008-12-01 14:53 45,056 a------- c:\windows\system32\amdcalrt.dll
2008-12-01 14:53 45,056 a------- c:\windows\system32\amdcalcl.dll
2008-12-01 14:52 86,016 a------- c:\windows\system32\atiadlxx.dll
2008-12-01 14:52 17,408 a------- c:\windows\system32\atitvo32.dll
2008-12-01 14:51 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2008-12-01 14:50 286,720 a------- c:\windows\system32\atiok3x2.dll
2008-12-01 14:50 3,252,224 a------- c:\windows\system32\Amdcaldd.dll
2008-12-01 14:45 577,536 a------- c:\windows\system32\ati2cqag.dll
2008-12-01 14:35 593,920 -------- c:\windows\system32\ati2sgag.exe
2008-11-30 14:49 2,117,632 a------- c:\windows\system32\python25.dll
2008-11-30 14:49 348,160 a------- c:\windows\system32\msvcr71.dll
2008-11-30 14:49 339,968 a------- c:\windows\system32\pythoncom25.dll
2008-11-30 14:49 114,688 a------- c:\windows\system32\pywintypes25.dll
2008-11-16 21:52 87,699 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-30 09:45 180,720 a------- c:\windows\system32\atiicdxx.dat
2008-10-24 06:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-23 08:01 283,648 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-21 13:51 118,784 a------- c:\windows\system32\atibrtmon.exe
2008-10-21 12:40 81,920 a------- c:\windows\system32\ATIODE.exe
2008-10-21 12:40 45,056 a------- c:\windows\system32\ATIODCLI.exe
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:09 43,544 a------- c:\windows\system32\wups2(2).dll
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-15 11:57 332,800 a------- c:\windows\system32\netapi32(4).dll
2008-10-15 11:57 332,800 a------- c:\windows\system32\netapi32(3).dll
2008-10-15 11:57 332,800 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 04:45 18,432 -------- c:\windows\system32\dllcache\iedw.exe
2008-10-03 05:15 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 05:15 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2008-06-23 19:54 61,224 a------- c:\documents and settings\jam\GoToAssistDownloadHelper.exe
2008-06-14 10:56 76 ---shr-- c:\windows\CT4CET.bin

============= FINISH: 18:59:42.09 ===============

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:02 PM

Posted 06 January 2009 - 10:00 AM

Download GMER Rootkit Scanner from here.
  • Extract the contents of the zipped file to the desktop.
  • Double click GMER.exe and if you are asked if you want to allow gmer.sys driver to load, please allow it to do so.
  • If it gives you a warning about rootkit activity and asks if you want to run scan, please click on NO.
  • In the right panel you will see several boxes that have been checked. Uncheck the following the following checkboxes:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Now click on the Scan button and wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in ark.txt and save it to your desktop.
Please post the contents of the ark.txt as your next reply.

#3 fscguy

fscguy
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 06 January 2009 - 05:33 PM

here is the ark file. I also have been getting a generic host process for win32 services error. i also got an error from mcafee saying it needed to be reinstalled because something couldnt be installed.
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-06 17:31:50
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAFD089B2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xAFD08A49]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAFD0895D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAFD08976]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xAFD08A5D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xAFD08A89]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xAFD08AF7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xAFD08AE1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAFD089F2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAFD08B23]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xAFD08A35]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAFD08930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAFD08944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAFD089C6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xAFD08B5F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xAFD08ACB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xAFD08AB5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xAFD08A73]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAFD08B4B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAFD08B37]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAFD0899E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAFD0898A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xAFD08A9F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAFD08A21]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xAFD08B0D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAFD08A08]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAFD089DC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat A1D11C8A

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Files - GMER 1.0.14 ----

File C:\Documents and Settings\jam\Local Settings\Application Data\Mozilla\Firefox\Profiles\ky7hdgf7.default\Cache\3657FA53d01 359473 bytes
File C:\Documents and Settings\jam\Local Settings\Application Data\Mozilla\Firefox\Profiles\ky7hdgf7.default\Cache\05C90560d01 16385 bytes

---- EOF - GMER 1.0.14 ----

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:02 PM

Posted 07 January 2009 - 04:13 PM

Did you install that AG Search Toolbar? If not, and you dont want it, we should remove it.

Also,

Click on start, settings, control panel and double-click on add/remove programs. From with add/remove program uninstall the following if they exist:

MarketResearch
Internet Service Offers Launcher


Next,

Please visit the following link and use the instructions there to post a ComboFix log as a reply to this topic:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

After running ComboFix, please post the ComboFix log as a reply to this

#5 fscguy

fscguy
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 07 January 2009 - 05:58 PM

here is my combofix log. I didnt find any of the programs you mentioned in the programs list. I attached a picture that shows what i mean about things lingering on screen


ComboFix 09-01-07.01 - jam 2009-01-07 17:47:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2583 [GMT -5:00]
Running from: c:\documents and settings\jam\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jam\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\BMb738d35f.txt
c:\windows\cookies.ini
c:\windows\system32\MPG4C32.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.

2009-01-05 06:31 . 2009-01-05 06:31 <DIR> d-------- c:\windows\LastGood
2009-01-03 15:41 . 2009-01-03 15:41 <DIR> d-------- c:\program files\Ascentive
2009-01-03 15:41 . 2008-07-29 11:27 208,896 --a------ c:\windows\system32\ConTest.dll
2009-01-03 15:41 . 2008-08-20 17:44 45,056 --a------ c:\windows\system32\CreateLog.dll
2009-01-03 15:41 . 2007-07-03 11:48 36,864 --a------ c:\windows\system32\ascbalon.dll
2009-01-03 15:41 . 2007-07-03 11:48 20,480 --a------ c:\windows\system32\SysRestore.dll
2008-12-31 18:29 . 2008-12-31 18:30 27,265,566 --a------ C:\12302008-232738.wmv
2008-12-31 18:29 . 2008-12-31 18:49 5 --a------ c:\windows\system32\SySAVI2WMV.dat
2008-12-31 18:28 . 2008-12-31 18:28 <DIR> d-------- c:\program files\ezvideotools.com
2008-12-31 18:24 . 2008-12-31 18:25 <DIR> d-------- c:\program files\MPEG Converter
2008-12-31 18:24 . 2003-09-23 18:31 794,624 --a------ c:\windows\system32\mpgfiltr.ax
2008-12-31 18:24 . 2003-10-07 22:15 348,160 --a------ c:\windows\system32\axVideoConvert.dll
2008-12-31 18:24 . 2002-07-09 22:42 140,288 --a------ c:\windows\system32\Comdlg32.ocx
2008-12-31 17:33 . 2008-12-31 17:33 76,056 --a------ C:\img2-001.raw
2008-12-30 21:01 . 2008-12-30 21:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\EyePowerGames
2008-12-29 22:23 . 2009-01-02 21:49 <DIR> d-------- c:\documents and settings\jam\Application Data\HPAppData
2008-12-29 20:54 . 2007-04-10 16:46 1,966,696 --a------ c:\windows\system32\drivers\VX3000.sys
2008-12-29 20:54 . 2007-04-10 16:46 709,992 --a------ c:\windows\vVX3000.exe
2008-12-29 20:54 . 2007-04-10 16:46 476,520 --a------ c:\windows\vVX3000.dll
2008-12-29 20:54 . 2007-04-10 16:46 202,088 --a------ c:\windows\system32\LCCoin14.dll
2008-12-29 20:54 . 2007-04-10 16:46 185,704 --a------ c:\windows\system32\cVX3000.dll
2008-12-29 20:54 . 2007-04-10 16:46 111,976 --a------ c:\windows\VX3000.dll
2008-12-29 20:54 . 2007-04-10 16:46 15,498 --a------ c:\windows\VX3000.ini
2008-12-29 20:54 . 2007-04-10 16:46 13,023 --a------ c:\windows\VX3000.src
2008-12-29 20:53 . 2008-12-29 20:54 <DIR> d-------- c:\program files\Microsoft LifeCam
2008-12-29 03:00 . 2008-12-29 03:00 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-28 16:57 . 2008-12-28 16:57 <DIR> d-------- c:\documents and settings\jam\Application Data\HP
2008-12-28 16:48 . 2008-12-28 16:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2008-12-28 16:46 . 2008-12-28 16:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-12-28 16:46 . 2007-11-06 21:10 271,704 -ra------ c:\windows\system32\hpzids01.dll
2008-12-28 16:46 . 2007-12-03 18:57 118,272 --a------ c:\windows\system32\hpz3l5mu.dll
2008-12-28 16:45 . 2007-10-31 05:35 729,088 -ra------ c:\windows\system32\hpwwiax4.dll
2008-12-28 16:45 . 2007-10-31 05:35 593,920 -ra------ c:\windows\system32\hpwtscl3.dll
2008-12-28 16:45 . 2007-01-17 11:37 364,544 -ra------ c:\windows\system32\hppldcoi.dll
2008-12-28 16:45 . 2007-01-17 11:37 309,760 -ra------ c:\windows\system32\difxapi.dll
2008-12-28 16:45 . 2007-01-17 11:31 294,912 -ra------ c:\windows\system32\hpovst11.dll
2008-12-28 16:45 . 2001-08-17 13:53 6,784 --a------ c:\windows\system32\drivers\serscan.sys
2008-12-28 16:45 . 2001-08-17 13:53 6,784 --a------ c:\windows\system32\dllcache\serscan.sys
2008-12-28 16:29 . 2008-12-28 16:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-12-28 16:28 . 2008-12-28 16:28 <DIR> d-------- c:\program files\Hewlett-Packard
2008-12-28 16:28 . 2008-12-28 16:28 <DIR> d-------- c:\program files\Common Files\HP
2008-12-28 16:28 . 2008-12-28 16:28 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2008-12-28 16:28 . 2008-12-28 16:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2008-12-28 16:25 . 2008-12-28 16:47 178,379 --a------ c:\windows\hpwins20.dat
2008-12-28 16:25 . 2008-01-08 07:42 2,428 -ra------ c:\windows\hpwmdl20.dat
2008-12-28 16:15 . 2008-12-28 16:15 <DIR> d-------- c:\windows\yellowtail+1
2008-12-28 16:15 . 2008-12-28 16:29 <DIR> d-------- c:\program files\HP
2008-12-28 16:15 . 2007-11-06 21:04 1,373,528 -ra------ c:\windows\hpzshl01.exe
2008-12-28 16:15 . 2007-11-06 21:15 1,140,056 -ra------ c:\windows\hpzmsi01.exe
2008-12-28 16:15 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-28 16:15 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys
2008-12-28 16:15 . 2008-01-08 07:44 12,054 -ra------ c:\windows\hpwscr20.dat
2008-12-28 15:31 . 2008-12-28 15:31 0 --a------ c:\windows\ativpsrm.bin
2008-12-28 15:29 . 2008-12-28 15:29 <DIR> d-------- C:\ATI
2008-12-26 17:51 . 2008-12-31 17:37 <DIR> d-------- c:\program files\SplitCam
2008-12-26 17:51 . 2003-05-14 21:07 389,120 --a------ c:\windows\system32\actskn43.ocx
2008-12-26 17:51 . 2008-12-26 17:51 13,824 --a------ c:\windows\system32\drivers\splitcam.sys
2008-12-24 22:11 . 2008-12-30 23:14 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-22 17:25 . 2008-12-22 17:25 <DIR> d-------- c:\program files\innoheim
2008-12-22 17:23 . 2008-12-22 17:23 <DIR> d-------- c:\program files\Common Files\Download Manager
2008-12-21 20:51 . 2008-12-21 20:51 <DIR> d-------- c:\program files\SkypeCap
2008-12-21 20:51 . 2008-12-21 20:51 <DIR> d-------- c:\documents and settings\jam\Application Data\SkypeCap
2008-12-21 16:43 . 2008-12-21 16:43 <DIR> d-------- c:\program files\Common Files\TechSmith Shared
2008-12-18 18:55 . 2008-12-18 18:55 25 --a------ c:\windows\cdplayer.ini
2008-12-16 23:49 . 2008-12-16 23:49 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\agi
2008-12-13 12:11 . 2008-12-13 12:11 <DIR> d-------- c:\program files\Unity
2008-12-12 18:31 . 2008-12-12 18:31 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-12 18:26 . 2008-12-12 18:29 0 --------- c:\program files\jre-6u11-windows-i586-p.exe
2008-12-12 18:25 . 2008-12-12 18:29 <DIR> d-------- c:\documents and settings\jam\.SunDownloadManager
2008-12-12 03:00 . 2008-12-12 03:03 1,393 --a------ c:\windows\imsins.BAK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 22:28 --------- d-----w c:\documents and settings\jam\Application Data\Skype
2009-01-07 21:03 --------- d-----w c:\documents and settings\jam\Application Data\skypePM
2009-01-07 06:14 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-05 11:31 --------- d-----w c:\program files\McAfee
2009-01-03 20:41 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-30 01:35 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-28 21:23 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-28 20:56 --------- d-----w c:\program files\Virtual Earth 3D
2008-12-28 20:11 --------- d-----w c:\program files\Google
2008-12-25 19:51 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-16 04:26 --------- d-----w c:\program files\FlashGet
2008-12-12 23:34 --------- d-----w c:\program files\Java
2008-12-12 23:26 1,230 ----a-w c:\program files\jre-6u11-windows-i586-p.exe.sdm
2008-12-12 23:26 0 ----a-w c:\program files\jre-6u11-windows-i586-p.exe.bak
2008-12-12 17:33 3,060,224 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-01 22:13 3,452,928 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-12-01 22:13 3,452,928 ----a-w c:\windows\system32\dllcache\ati2mtag.sys
2008-12-01 20:52 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-12-01 20:51 318,464 ----a-w c:\windows\system32\ati2dvag.dll
2008-12-01 20:46 11,304,960 ----a-w c:\windows\system32\atioglxx.dll
2008-12-01 20:41 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-12-01 20:40 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-12-01 20:40 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-12-01 20:40 147,456 ----a-w c:\windows\system32\Oemdspif.dll
2008-12-01 20:40 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-12-01 20:38 598,016 ----a-w c:\windows\system32\ati2evxx.exe
2008-12-01 20:37 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\dllcache\ati3duag.dll
2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\ati3duag.dll
2008-12-01 20:19 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\dllcache\ativvaxx.dll
2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\ativvaxx.dll
2008-12-01 19:57 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalrt.dll
2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalcl.dll
2008-12-01 19:53 401,408 ----a-w c:\windows\system32\atikvmag.dll
2008-12-01 19:52 86,016 ----a-w c:\windows\system32\atiadlxx.dll
2008-12-01 19:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-12-01 19:51 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-12-01 19:50 3,252,224 ----a-w c:\windows\system32\Amdcaldd.dll
2008-12-01 19:50 286,720 ----a-w c:\windows\system32\atiok3x2.dll
2008-12-01 19:45 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2008-12-01 19:35 593,920 ------w c:\windows\system32\ati2sgag.exe
2008-11-30 19:50 --------- d-----w c:\program files\Webshots
2008-11-30 19:50 --------- d-----w c:\documents and settings\LocalService\Application Data\agi
2008-11-30 19:50 --------- d-----w c:\documents and settings\jam\Application Data\Webshots
2008-11-30 19:50 --------- d-----w c:\documents and settings\jam\Application Data\agi
2008-11-30 19:49 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-11-30 19:49 339,968 ----a-w c:\windows\system32\pythoncom25.dll
2008-11-30 19:49 2,117,632 ----a-w c:\windows\system32\python25.dll
2008-11-30 19:49 114,688 ----a-w c:\windows\system32\pywintypes25.dll
2008-11-30 19:49 --------- d-----w c:\documents and settings\All Users\Application Data\agi
2008-11-30 19:48 --------- d-----w c:\program files\AGI
2008-11-29 18:54 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-11-23 01:02 --------- d-----w c:\program files\Common Files\Skype
2008-11-23 01:02 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-22 22:28 --------- d-----w c:\documents and settings\jam\Application Data\Yahoo!
2008-11-22 22:23 --------- d-----w c:\program files\TimeLeft3
2008-11-22 22:23 --------- d-----w c:\program files\Skyworks Interactive
2008-11-22 22:23 --------- d-----w c:\program files\myibay
2008-11-22 22:23 --------- d-----w c:\program files\GeoVid
2008-11-22 22:23 --------- d-----w c:\program files\Bonjour
2008-11-22 22:23 --------- d-----w c:\documents and settings\jam\Application Data\NesterSoft
2008-11-22 22:23 --------- d-----w c:\documents and settings\All Users\Application Data\GeoVid
2008-11-22 22:20 --------- d-----w c:\program files\Skype
2008-11-22 22:20 --------- d-----w c:\program files\Lavasoft(2)
2008-11-22 22:20 --------- d-----w c:\program files\Lavasoft
2008-11-22 22:20 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-22 19:06 --------- d-----w c:\program files\Yahoo!
2008-11-22 18:35 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-10 23:06 --------- d-----w c:\documents and settings\jam\Application Data\.myibay
2008-11-10 23:04 --------- d-----w c:\program files\eBay Auction Sniper and Auto Search
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:01 283,648 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-21 18:51 118,784 ----a-w c:\windows\system32\atibrtmon.exe
2008-10-21 17:40 81,920 ----a-w c:\windows\system32\ATIODE.exe
2008-10-21 17:40 45,056 ----a-w c:\windows\system32\ATIODCLI.exe
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2(2).dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\netapi32(4).dll
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\netapi32(3).dll
2008-10-15 16:57 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 09:45 18,432 ------w c:\windows\system32\dllcache\iedw.exe
2008-06-24 00:54 61,224 ----a-w c:\documents and settings\jam\GoToAssistDownloadHelper.exe
2008-10-14 16:48 62,872 ----a-w c:\program files\mozilla firefox\plugins\ateccli.dll
2008-10-14 16:48 27,976 ----a-w c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-10-14 16:48 125,848 ----a-w c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-10-14 16:48 98,712 ----a-w c:\program files\mozilla firefox\plugins\ieatgpc.dll
2008-12-20 06:49 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 06:49 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 06:49 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 06:49 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 06:49 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-06-14 15:56 76 --sh--r c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-06 50528]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"Eyeball Chat"="c:\progra~1\Eyeball\EYEBAL~1\EyeballChat.exe" [2002-10-11 2863176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"Performance Center"="c:\program files\Ascentive\Performance Center\APCMain.exe" [2008-08-13 3244032]
"PC SpeedScan Pro"="c:\program files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe" [2008-08-21 2093056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\MAIN\EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-12 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"Auto EPSON Stylus Photo R320 Series on MAIN"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\jam\Start Menu\Programs\Startup\
check-ip-changed.bat [2008-10-15 58]
MEMonitor.lnk - c:\program files\Sprint music manager\MEMonitor.exe [2008-07-30 983040]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-11-30 157000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-09 21:54 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-06-06 11:04 50528 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
--a------ 2004-10-14 09:17 45056 c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2008-06-03 00:35 50528 c:\program files\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-09-25 09:12 90112 c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 05:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
--------- 2007-07-27 15:43 118784 c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
--a------ 2007-10-11 09:49 465136 c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2008-08-13 23:04 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2008-03-11 12:44 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a------ 2008-02-28 13:18 17920 c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 12:16 42032 c:\program files\Common Files\AOL\1213745417\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 13:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 14:24 458752 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 14:14 217088 c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 16:32 221184 c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 19:12 582992 c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM05Mon.exe]
-ra------ 2007-05-08 12:00 36864 c:\windows\OEM05Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
--------- 2007-09-17 11:56 124200 c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-06-12 20:29 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2008-11-05 21:59 4347120 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon]
--a------ 2006-11-08 15:01 49152 c:\windows\system32\ico.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-10-25 10:57 16855552 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"stllssvr"=3 (0x3)
"sprtsvc_dellsupportcenter"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"gusvc"=2 (0x2)
"ATI Smart"=2 (0x2)
"AOL ACS"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1213745417\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)

R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2004-10-06 283904]
R3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\drivers\OEM05Afx.sys [2008-06-09 141376]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\drivers\OEM05Vfx.sys [2008-06-09 7424]
R3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\drivers\OEM05Vid.sys [2008-06-09 235616]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-06-09 31616]
R4 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [2008-11-30 10240]
R4 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-08-23 5376]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-06-12 24652]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2004-10-04 43392]
S3 EuMusDesignVirtualAudioCableWdm;StudioPro audio (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2008-06-22 38784]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S4 0302641231155080mcinstcleanup;McAfee Application Installer Cleanup (0302641231155080);c:\windows\TEMP\030264~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\030264~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S4 StudioPro;StudioPro webcam;c:\windows\system32\DRIVERS\StudioPro.sys --> c:\windows\system32\DRIVERS\StudioPro.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2009-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2009-01-07 c:\windows\Tasks\ipresub.job
- c:\perl\bin\perl.exe [2004-02-02 23:29]

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20)
MSConfigStartUp-b40be0c3 - c:\windows\system32\wuietjop.dll
MSConfigStartUp-BMb738d35f - c:\windows\system32\oumxdixd.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080610
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080610
uInternet Settings,ProxyOverride = *.local
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download all by NetXfer - c:\program files\Xi\NetXfer\NXAddList.html
IE: Download All Files by HiDownload - c:\program files\StreamingStar\HiDownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\StreamingStar\HiDownload\HDGet.htm
IE: Download by NetXfer - c:\program files\Xi\NetXfer\NXAddLink.html
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{F7DC590B-B6AD-4F7D-A778-7954A6D15B7F} - c:\program files\Bytescout Movies Extractor Scout\flashextract_ie.html
Trusted Zone: *.internet
Trusted Zone: *.mcafee.com
FF - ProfilePath - c:\documents and settings\jam\Application Data\Mozilla\Firefox\Profiles\ky7hdgf7.default\
FF - prefs.js: browser.startup.homepage - hxxp://webmail.aol.com/37080/aol/en-us/suite.aspx|http://mail.google.com/mail/#inbox|http://www.match.com/connect/connectionsHelp.aspx|http://www.plentyoffish.com/inbox.aspx?Guid=&SID=#in
FF - component: c:\documents and settings\jam\Application Data\Mozilla\Firefox\Profiles\ky7hdgf7.default\extensions\piclens@cooliris.com\components\piclensstub.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - plugin: c:\documents and settings\jam\Application Data\Mozilla\Firefox\Profiles\ky7hdgf7.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000054.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCID.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 17:48:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1020)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2009-01-07 17:49:43
ComboFix-quarantined-files.txt 2009-01-07 22:49:41

Pre-Run: 308,281,171,968 bytes free
Post-Run: 308,423,561,216 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

429 --- E O F --- 2008-12-29 08:00:44


Attached File  311220082237380843.jpg   33.92KB   7 downloads

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:02 PM

Posted 07 January 2009 - 07:12 PM

I assume that the check-ip-changed.bat is to see when your IP address has changed? Have you also tried installing a newer video driver?

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

Folder::
c:\program files\agi

File::
c:\windows\system32\ConTest.dll
C:\windows\system32\ascbalon.dll
c:\windows\system32\SysRestore.dll
c:\windows\system32\SySAVI2WMV.dat
c:\windows\system32\LCCoin14.dll
c:\windows\CT4CET.bin
c:\windows\system32\wuietjop.dll
c:\windows\system32\oumxdixd.dll

DirLook::
c:\windows\yellowtail+1

DDS::
uURLSearchHooks: AGSearchHook Class: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - c:\program files\agi\common\agcutils.dll
BHO: AGSearchHook Class: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - c:\program files\agi\common\agcutils.dll

Driver::
AGWinService


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply[/b].

#7 fscguy

fscguy
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 07 January 2009 - 07:49 PM

The check-ip is for circumventor. I have a filter at work and i like to be able to go to sites that are blocked. I have installed the new video driver.

here is the combo fix

ComboFix 09-01-07.01 - jam 2009-01-07 19:34:33.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2614 [GMT -5:00]
Running from: c:\documents and settings\jam\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jam\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point

FILE ::
c:\windows\CT4CET.bin
c:\windows\system32\ascbalon.dll
c:\windows\system32\ConTest.dll
c:\windows\system32\LCCoin14.dll
c:\windows\system32\oumxdixd.dll
c:\windows\system32\SySAVI2WMV.dat
c:\windows\system32\SysRestore.dll
c:\windows\system32\wuietjop.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\agi
c:\program files\agi\common\agcutils.dll
c:\program files\agi\common\bootstrapper.exe
c:\program files\agi\common\common.zip
c:\program files\agi\common\comtypes\__init__.py
c:\program files\agi\common\comtypes\__init__.pyc
c:\program files\agi\common\comtypes\_comobject.py
c:\program files\agi\common\comtypes\_comobject.pyc
c:\program files\agi\common\comtypes\_meta.py
c:\program files\agi\common\comtypes\_meta.pyc
c:\program files\agi\common\comtypes\_safearray.py
c:\program files\agi\common\comtypes\_safearray.pyc
c:\program files\agi\common\comtypes\automation.py
c:\program files\agi\common\comtypes\automation.pyc
c:\program files\agi\common\comtypes\client\__init__.py
c:\program files\agi\common\comtypes\client\__init__.pyc
c:\program files\agi\common\comtypes\client\_events.py
c:\program files\agi\common\comtypes\client\_events.pyc
c:\program files\agi\common\comtypes\client\_generate.py
c:\program files\agi\common\comtypes\client\_generate.pyc
c:\program files\agi\common\comtypes\client\dynamic.py
c:\program files\agi\common\comtypes\client\dynamic.pyc
c:\program files\agi\common\comtypes\connectionpoints.py
c:\program files\agi\common\comtypes\connectionpoints.pyc
c:\program files\agi\common\comtypes\errorinfo.py
c:\program files\agi\common\comtypes\errorinfo.pyc
c:\program files\agi\common\comtypes\gen\__init__.py
c:\program files\agi\common\comtypes\gen\__init__.pyc
c:\program files\agi\common\comtypes\gen\_00020430_0000_0000_C000_000000000046_0_2_0.py
c:\program files\agi\common\comtypes\git.py
c:\program files\agi\common\comtypes\GUID.py
c:\program files\agi\common\comtypes\GUID.pyc
c:\program files\agi\common\comtypes\hresult.py
c:\program files\agi\common\comtypes\hresult.pyc
c:\program files\agi\common\comtypes\logutil.py
c:\program files\agi\common\comtypes\messageloop.py
c:\program files\agi\common\comtypes\messageloop.pyc
c:\program files\agi\common\comtypes\partial.py
c:\program files\agi\common\comtypes\partial.pyc
c:\program files\agi\common\comtypes\persist.py
c:\program files\agi\common\comtypes\safearray.py
c:\program files\agi\common\comtypes\safearray.pyc
c:\program files\agi\common\comtypes\server\__init__.py
c:\program files\agi\common\comtypes\server\__init__.pyc
c:\program files\agi\common\comtypes\server\automation.py
c:\program files\agi\common\comtypes\server\automation.pyc
c:\program files\agi\common\comtypes\server\connectionpoints.py
c:\program files\agi\common\comtypes\server\inprocserver.py
c:\program files\agi\common\comtypes\server\inprocserver.pyc
c:\program files\agi\common\comtypes\server\localserver.py
c:\program files\agi\common\comtypes\server\localserver.pyc
c:\program files\agi\common\comtypes\server\register.py
c:\program files\agi\common\comtypes\server\register.pyc
c:\program files\agi\common\comtypes\server\w_getopt.py
c:\program files\agi\common\comtypes\server\w_getopt.pyc
c:\program files\agi\common\comtypes\tools\__init__.py
c:\program files\agi\common\comtypes\tools\codegenerator.py
c:\program files\agi\common\comtypes\tools\tlbparser.py
c:\program files\agi\common\comtypes\tools\typedesc.py
c:\program files\agi\common\comtypes\tools\typedesc_base.py
c:\program files\agi\common\comtypes\typeinfo.py
c:\program files\agi\common\comtypes\typeinfo.pyc
c:\program files\agi\common\comtypes\util.py
c:\program files\agi\common\configobj.py
c:\program files\agi\common\configobj.pyc
c:\program files\agi\common\dateutil\__init__.py
c:\program files\agi\common\dateutil\__init__.pyc
c:\program files\agi\common\dateutil\easter.py
c:\program files\agi\common\dateutil\parser.py
c:\program files\agi\common\dateutil\parser.pyc
c:\program files\agi\common\dateutil\relativedelta.py
c:\program files\agi\common\dateutil\relativedelta.pyc
c:\program files\agi\common\dateutil\rrule.py
c:\program files\agi\common\dateutil\tz.py
c:\program files\agi\common\dateutil\tz.pyc
c:\program files\agi\common\dateutil\tzwin.py
c:\program files\agi\common\dateutil\tzwin.pyc
c:\program files\agi\common\dateutil\zoneinfo\__init__.py
c:\program files\agi\common\dateutil\zoneinfo\zoneinfo-2005q.tar.gz
c:\program files\agi\common\dependencies.zip
c:\program files\agi\common\Microsoft.VC80.CRT.manifest
c:\program files\agi\common\msvcp80.dll
c:\program files\agi\common\msvcr80.dll
c:\program files\agi\common\pyagcore\__init__.pyc
c:\program files\agi\common\pyagcore\agservice.pyc
c:\program files\agi\common\pyagcore\config\__init__.pyc
c:\program files\agi\common\pyagcore\config\appconfig.pyc
c:\program files\agi\common\pyagcore\config\config.pyc
c:\program files\agi\common\pyagcore\cookieutil.pyc
c:\program files\agi\common\pyagcore\install\__init__.pyc
c:\program files\agi\common\pyagcore\install\agcustomactions.pyc
c:\program files\agi\common\pyagcore\install\appupdate.pyc
c:\program files\agi\common\pyagcore\install\autoupdate.pyc
c:\program files\agi\common\pyagcore\install\dependency\__init__.pyc
c:\program files\agi\common\pyagcore\install\dependency\KiweeToolbar.pyc
c:\program files\agi\common\pyagcore\install\dependencychecker.pyc
c:\program files\agi\common\pyagcore\install\dependencythread.pyc
c:\program files\agi\common\pyagcore\install\installers\__init__.pyc
c:\program files\agi\common\pyagcore\install\installers\AGCal.pyc
c:\program files\agi\common\pyagcore\install\installers\AGToolbar.pyc
c:\program files\agi\common\pyagcore\install\installers\AGToolbarFF.pyc
c:\program files\agi\common\pyagcore\install\installers\KiweeToolbar.pyc
c:\program files\agi\common\pyagcore\install\installers\WebshotsDesktop.pyc
c:\program files\agi\common\pyagcore\install\installers\WebshotsToolbar.pyc
c:\program files\agi\common\pyagcore\install\installutil.pyc
c:\program files\agi\common\pyagcore\install\pythonchecker.pyc
c:\program files\agi\common\pyagcore\install\windows.pyc
c:\program files\agi\common\pyagcore\installer.pyc
c:\program files\agi\common\pyagcore\lilw\__init__.pyc
c:\program files\agi\common\pyagcore\lilw\AGCoreLib.pyc
c:\program files\agi\common\pyagcore\lilw\lilw.tlb
c:\program files\agi\common\pyagcore\lilw\lilwconfig.pyc
c:\program files\agi\common\pyagcore\lilw\lilwsearchdetection.pyc
c:\program files\agi\common\pyagcore\lilw\lilwsearchhook.pyc
c:\program files\agi\common\pyagcore\logwrangler.pyc
c:\program files\agi\common\pyagcore\msiecookiejar.pyc
c:\program files\agi\common\pyagcore\process\__init__.pyc
c:\program files\agi\common\pyagcore\process\winprocess.pyc
c:\program files\agi\common\pyagcore\protection\__init__.pyc
c:\program files\agi\common\pyagcore\protection\agimonitor.pyc
c:\program files\agi\common\pyagcore\protection\monitor.pyc
c:\program files\agi\common\pyagcore\protection\protection.pyc
c:\program files\agi\common\pyagcore\regspy.pyc
c:\program files\agi\common\pyagcore\regutil.pyc
c:\program files\agi\common\pyagcore\search\__init__.pyc
c:\program files\agi\common\pyagcore\search\algorithm\__init__.pyc
c:\program files\agi\common\pyagcore\search\iesearchprotection.pyc
c:\program files\agi\common\pyagcore\search\provider\__init__.pyc
c:\program files\agi\common\pyagcore\search\provider\MSN.pyc
c:\program files\agi\common\pyagcore\search\searchdetection.pyc
c:\program files\agi\common\pyagcore\search\searchgenerator.pyc
c:\program files\agi\common\pyagcore\search\searchprotection.pyc
c:\program files\agi\common\pyagcore\search\urlprotect.pyc
c:\program files\agi\common\pyagcore\setenv.pyc
c:\program files\agi\common\pyagcore\uiutil.pyc
c:\program files\agi\common\pyagcore\updateui.pyc
c:\program files\agi\common\pyagcore\urlutil.pyc
c:\program files\agi\common\pyagcore\versionnumber.pyc
c:\program files\agi\common\pythoncom.py
c:\program files\agi\common\pythoncom.pyc
c:\program files\agi\common\validate.py
c:\program files\agi\common\win32\_win32sysloader.pyd
c:\program files\agi\common\win32\_winxptheme.pyd
c:\program files\agi\common\win32\dbi.pyd
c:\program files\agi\common\win32\lib\afxres.py
c:\program files\agi\common\win32\lib\commctrl.py
c:\program files\agi\common\win32\lib\mmsystem.py
c:\program files\agi\common\win32\lib\netbios.py
c:\program files\agi\common\win32\lib\ntsecuritycon.py
c:\program files\agi\common\win32\lib\ntsecuritycon.pyc
c:\program files\agi\common\win32\lib\pywintypes.py
c:\program files\agi\common\win32\lib\pywintypes.pyc
c:\program files\agi\common\win32\lib\rasutil.py
c:\program files\agi\common\win32\lib\regcheck.py
c:\program files\agi\common\win32\lib\regutil.py
c:\program files\agi\common\win32\lib\sspi.py
c:\program files\agi\common\win32\lib\sspicon.py
c:\program files\agi\common\win32\lib\win32con.py
c:\program files\agi\common\win32\lib\win32con.pyc
c:\program files\agi\common\win32\lib\win32cryptcon.py
c:\program files\agi\common\win32\lib\win32evtlogutil.py
c:\program files\agi\common\win32\lib\win32gui_struct.py
c:\program files\agi\common\win32\lib\win32inetcon.py
c:\program files\agi\common\win32\lib\win32netcon.py
c:\program files\agi\common\win32\lib\win32pdhquery.py
c:\program files\agi\common\win32\lib\win32pdhutil.py
c:\program files\agi\common\win32\lib\win32pdhutil.pyc
c:\program files\agi\common\win32\lib\win32rcparser.py
c:\program files\agi\common\win32\lib\win32serviceutil.py
c:\program files\agi\common\win32\lib\win32serviceutil.pyc
c:\program files\agi\common\win32\lib\win32timezone.py
c:\program files\agi\common\win32\lib\win32traceutil.py
c:\program files\agi\common\win32\lib\win32verstamp.py
c:\program files\agi\common\win32\lib\winerror.py
c:\program files\agi\common\win32\lib\winerror.pyc
c:\program files\agi\common\win32\lib\winioctlcon.py
c:\program files\agi\common\win32\lib\winnt.py
c:\program files\agi\common\win32\lib\winperf.py
c:\program files\agi\common\win32\lib\winxptheme.py
c:\program files\agi\common\win32\license.txt
c:\program files\agi\common\win32\mmapfile.pyd
c:\program files\agi\common\win32\odbc.pyd
c:\program files\agi\common\win32\perfmon.pyd
c:\program files\agi\common\win32\perfmondata.dll
c:\program files\agi\common\win32\pythonservice.exe
c:\program files\agi\common\win32\scripts\backupEventLog.py
c:\program files\agi\common\win32\scripts\ControlService.py
c:\program files\agi\common\win32\scripts\killProcName.py
c:\program files\agi\common\win32\scripts\rasutil.py
c:\program files\agi\common\win32\scripts\regsetup.py
c:\program files\agi\common\win32\scripts\setup_d.py
c:\program files\agi\common\win32\servicemanager.pyd
c:\program files\agi\common\win32\timer.pyd
c:\program files\agi\common\win32\win2kras.pyd
c:\program files\agi\common\win32\win32api.pyd
c:\program files\agi\common\win32\win32clipboard.pyd
c:\program files\agi\common\win32\win32console.pyd
c:\program files\agi\common\win32\win32cred.pyd
c:\program files\agi\common\win32\win32crypt.pyd
c:\program files\agi\common\win32\win32event.pyd
c:\program files\agi\common\win32\win32evtlog.pyd
c:\program files\agi\common\win32\win32file.pyd
c:\program files\agi\common\win32\win32gui.pyd
c:\program files\agi\common\win32\win32help.pyd
c:\program files\agi\common\win32\win32inet.pyd
c:\program files\agi\common\win32\win32job.pyd
c:\program files\agi\common\win32\win32lz.pyd
c:\program files\agi\common\win32\win32net.pyd
c:\program files\agi\common\win32\win32pdh.pyd
c:\program files\agi\common\win32\win32pipe.pyd
c:\program files\agi\common\win32\win32popenWin9x.exe
c:\program files\agi\common\win32\win32print.pyd
c:\program files\agi\common\win32\win32process.pyd
c:\program files\agi\common\win32\win32profile.pyd
c:\program files\agi\common\win32\win32ras.pyd
c:\program files\agi\common\win32\win32security.pyd
c:\program files\agi\common\win32\win32service.pyd
c:\program files\agi\common\win32\win32trace.pyd
c:\program files\agi\common\win32\win32transaction.pyd
c:\program files\agi\common\win32\win32ts.pyd
c:\program files\agi\common\win32\win32wnet.pyd
c:\program files\agi\common\win32\winxpgui.pyd
c:\program files\agi\common\win32com\__init__.py
c:\program files\agi\common\win32com\__init__.pyc
c:\program files\agi\common\win32com\client\__init__.py
c:\program files\agi\common\win32com\client\build.py
c:\program files\agi\common\win32com\client\CLSIDToClass.py
c:\program files\agi\common\win32com\client\combrowse.py
c:\program files\agi\common\win32com\client\connect.py
c:\program files\agi\common\win32com\client\dynamic.py
c:\program files\agi\common\win32com\client\gencache.py
c:\program files\agi\common\win32com\client\genpy.py
c:\program files\agi\common\win32com\client\makepy.py
c:\program files\agi\common\win32com\client\selecttlb.py
c:\program files\agi\common\win32com\client\tlbrowse.py
c:\program files\agi\common\win32com\client\util.py
c:\program files\agi\common\win32com\decimal_23.py
c:\program files\agi\common\win32com\License.txt
c:\program files\agi\common\win32com\olectl.py
c:\program files\agi\common\win32com\readme.htm
c:\program files\agi\common\win32com\server\__init__.py
c:\program files\agi\common\win32com\server\connect.py
c:\program files\agi\common\win32com\server\dispatcher.py
c:\program files\agi\common\win32com\server\exception.py
c:\program files\agi\common\win32com\server\factory.py
c:\program files\agi\common\win32com\server\localserver.py
c:\program files\agi\common\win32com\server\policy.py
c:\program files\agi\common\win32com\server\register.py
c:\program files\agi\common\win32com\server\util.py
c:\program files\agi\common\win32com\storagecon.py
c:\program files\agi\common\win32com\universal.py
c:\program files\agi\common\win32com\util.py
c:\program files\agi\common\win32comext\adsi\__init__.py
c:\program files\agi\common\win32comext\adsi\adsi.pyd
c:\program files\agi\common\win32comext\adsi\adsicon.py
c:\program files\agi\common\win32comext\authorization\__init__.py
c:\program files\agi\common\win32comext\authorization\authorization.pyd
c:\program files\agi\common\win32comext\axcontrol\__init__.py
c:\program files\agi\common\win32comext\axcontrol\axcontrol.pyd
c:\program files\agi\common\win32comext\shell\__init__.py
c:\program files\agi\common\win32comext\shell\__init__.pyc
c:\program files\agi\common\win32comext\shell\shell.pyd
c:\program files\agi\common\win32comext\shell\shellcon.py
c:\program files\agi\common\win32comext\shell\shellcon.pyc
c:\program files\agi\common\windows.zip
c:\program files\agi\Python25\DLLs\_ctypes.pyd
c:\program files\agi\Python25\DLLs\_ctypes_test.pyd
c:\program files\agi\Python25\DLLs\_elementtree.pyd
c:\program files\agi\Python25\DLLs\_hashlib.pyd
c:\program files\agi\Python25\DLLs\_msi.pyd
c:\program files\agi\Python25\DLLs\_socket.pyd
c:\program files\agi\Python25\DLLs\_ssl.pyd
c:\program files\agi\Python25\DLLs\bz2.pyd
c:\program files\agi\Python25\DLLs\py.ico
c:\program files\agi\Python25\DLLs\pyc.ico
c:\program files\agi\Python25\DLLs\pyexpat.pyd
c:\program files\agi\Python25\DLLs\select.pyd
c:\program files\agi\Python25\DLLs\unicodedata.pyd
c:\program files\agi\Python25\DLLs\winsound.pyd
c:\program files\agi\Python25\Lib\__future__.py
c:\program files\agi\Python25\Lib\__future__.pyc
c:\program files\agi\Python25\Lib\__phello__.foo.py
c:\program files\agi\Python25\Lib\_LWPCookieJar.py
c:\program files\agi\Python25\Lib\_MozillaCookieJar.py
c:\program files\agi\Python25\Lib\_strptime.py
c:\program files\agi\Python25\Lib\_threading_local.py
c:\program files\agi\Python25\Lib\aifc.py
c:\program files\agi\Python25\Lib\anydbm.py
c:\program files\agi\Python25\Lib\asynchat.py
c:\program files\agi\Python25\Lib\asyncore.py
c:\program files\agi\Python25\Lib\atexit.py
c:\program files\agi\Python25\Lib\atexit.pyc
c:\program files\agi\Python25\Lib\audiodev.py
c:\program files\agi\Python25\Lib\base64.py
c:\program files\agi\Python25\Lib\base64.pyc
c:\program files\agi\Python25\Lib\BaseHTTPServer.py
c:\program files\agi\Python25\Lib\Bastion.py
c:\program files\agi\Python25\Lib\bdb.py
c:\program files\agi\Python25\Lib\binhex.py
c:\program files\agi\Python25\Lib\bisect.py
c:\program files\agi\Python25\Lib\bisect.pyc
c:\program files\agi\Python25\Lib\calendar.py
c:\program files\agi\Python25\Lib\calendar.pyc
c:\program files\agi\Python25\Lib\cgi.py
c:\program files\agi\Python25\Lib\cgi.pyc
c:\program files\agi\Python25\Lib\CGIHTTPServer.py
c:\program files\agi\Python25\Lib\cgitb.py
c:\program files\agi\Python25\Lib\chunk.py
c:\program files\agi\Python25\Lib\cmd.py
c:\program files\agi\Python25\Lib\code.py
c:\program files\agi\Python25\Lib\codecs.py
c:\program files\agi\Python25\Lib\codecs.pyc
c:\program files\agi\Python25\Lib\codeop.py
c:\program files\agi\Python25\Lib\colorsys.py
c:\program files\agi\Python25\Lib\commands.py
c:\program files\agi\Python25\Lib\compileall.py
c:\program files\agi\Python25\Lib\compiler\__init__.py
c:\program files\agi\Python25\Lib\compiler\__init__.pyc
c:\program files\agi\Python25\Lib\compiler\ast.py
c:\program files\agi\Python25\Lib\compiler\ast.pyc
c:\program files\agi\Python25\Lib\compiler\consts.py
c:\program files\agi\Python25\Lib\compiler\consts.pyc
c:\program files\agi\Python25\Lib\compiler\future.py
c:\program files\agi\Python25\Lib\compiler\future.pyc
c:\program files\agi\Python25\Lib\compiler\misc.py
c:\program files\agi\Python25\Lib\compiler\misc.pyc
c:\program files\agi\Python25\Lib\compiler\pyassem.py
c:\program files\agi\Python25\Lib\compiler\pyassem.pyc
c:\program files\agi\Python25\Lib\compiler\pycodegen.py
c:\program files\agi\Python25\Lib\compiler\pycodegen.pyc
c:\program files\agi\Python25\Lib\compiler\symbols.py
c:\program files\agi\Python25\Lib\compiler\symbols.pyc
c:\program files\agi\Python25\Lib\compiler\syntax.py
c:\program files\agi\Python25\Lib\compiler\syntax.pyc
c:\program files\agi\Python25\Lib\compiler\transformer.py
c:\program files\agi\Python25\Lib\compiler\transformer.pyc
c:\program files\agi\Python25\Lib\compiler\visitor.py
c:\program files\agi\Python25\Lib\compiler\visitor.pyc
c:\program files\agi\Python25\Lib\ConfigParser.py
c:\program files\agi\Python25\Lib\contextlib.py
c:\program files\agi\Python25\Lib\Cookie.py
c:\program files\agi\Python25\Lib\cookielib.py
c:\program files\agi\Python25\Lib\copy.py
c:\program files\agi\Python25\Lib\copy.pyc
c:\program files\agi\Python25\Lib\copy_reg.py
c:\program files\agi\Python25\Lib\copy_reg.pyc
c:\program files\agi\Python25\Lib\cProfile.py
c:\program files\agi\Python25\Lib\csv.py
c:\program files\agi\Python25\Lib\ctypes\__init__.py
c:\program files\agi\Python25\Lib\ctypes\__init__.pyc
c:\program files\agi\Python25\Lib\ctypes\_endian.py
c:\program files\agi\Python25\Lib\ctypes\_endian.pyc
c:\program files\agi\Python25\Lib\ctypes\util.py
c:\program files\agi\Python25\Lib\ctypes\util.pyc
c:\program files\agi\Python25\Lib\ctypes\wintypes.py
c:\program files\agi\Python25\Lib\ctypes\wintypes.pyc
c:\program files\agi\Python25\Lib\dbhash.py
c:\program files\agi\Python25\Lib\decimal.py
c:\program files\agi\Python25\Lib\decimal.pyc
c:\program files\agi\Python25\Lib\difflib.py
c:\program files\agi\Python25\Lib\dircache.py
c:\program files\agi\Python25\Lib\dis.py
c:\program files\agi\Python25\Lib\dis.pyc
c:\program files\agi\Python25\Lib\doctest.py
c:\program files\agi\Python25\Lib\DocXMLRPCServer.py
c:\program files\agi\Python25\Lib\dumbdbm.py
c:\program files\agi\Python25\Lib\dummy_thread.py
c:\program files\agi\Python25\Lib\dummy_threading.py
c:\program files\agi\Python25\Lib\email\__init__.py
c:\program files\agi\Python25\Lib\email\_parseaddr.py
c:\program files\agi\Python25\Lib\email\base64mime.py
c:\program files\agi\Python25\Lib\email\charset.py
c:\program files\agi\Python25\Lib\email\encoders.py
c:\program files\agi\Python25\Lib\email\errors.py
c:\program files\agi\Python25\Lib\email\feedparser.py
c:\program files\agi\Python25\Lib\email\generator.py
c:\program files\agi\Python25\Lib\email\header.py
c:\program files\agi\Python25\Lib\email\iterators.py
c:\program files\agi\Python25\Lib\email\message.py
c:\program files\agi\Python25\Lib\email\mime\__init__.py
c:\program files\agi\Python25\Lib\email\mime\application.py
c:\program files\agi\Python25\Lib\email\mime\audio.py
c:\program files\agi\Python25\Lib\email\mime\base.py
c:\program files\agi\Python25\Lib\email\mime\image.py
c:\program files\agi\Python25\Lib\email\mime\message.py
c:\program files\agi\Python25\Lib\email\mime\multipart.py
c:\program files\agi\Python25\Lib\email\mime\nonmultipart.py
c:\program files\agi\Python25\Lib\email\mime\text.py
c:\program files\agi\Python25\Lib\email\parser.py
c:\program files\agi\Python25\Lib\email\quoprimime.py
c:\program files\agi\Python25\Lib\email\utils.py
c:\program files\agi\Python25\Lib\encodings\__init__.py
c:\program files\agi\Python25\Lib\encodings\__init__.pyc
c:\program files\agi\Python25\Lib\encodings\aliases.py
c:\program files\agi\Python25\Lib\encodings\aliases.pyc
c:\program files\agi\Python25\Lib\encodings\ascii.py
c:\program files\agi\Python25\Lib\encodings\ascii.pyc
c:\program files\agi\Python25\Lib\encodings\base64_codec.py
c:\program files\agi\Python25\Lib\encodings\big5.py
c:\program files\agi\Python25\Lib\encodings\big5hkscs.py
c:\program files\agi\Python25\Lib\encodings\bz2_codec.py
c:\program files\agi\Python25\Lib\encodings\charmap.py
c:\program files\agi\Python25\Lib\encodings\cp037.py
c:\program files\agi\Python25\Lib\encodings\cp1006.py
c:\program files\agi\Python25\Lib\encodings\cp1026.py
c:\program files\agi\Python25\Lib\encodings\cp1140.py
c:\program files\agi\Python25\Lib\encodings\cp1250.py
c:\program files\agi\Python25\Lib\encodings\cp1251.py
c:\program files\agi\Python25\Lib\encodings\cp1252.py
c:\program files\agi\Python25\Lib\encodings\cp1252.pyc
c:\program files\agi\Python25\Lib\encodings\cp1253.py
c:\program files\agi\Python25\Lib\encodings\cp1254.py
c:\program files\agi\Python25\Lib\encodings\cp1255.py
c:\program files\agi\Python25\Lib\encodings\cp1256.py
c:\program files\agi\Python25\Lib\encodings\cp1257.py
c:\program files\agi\Python25\Lib\encodings\cp1258.py
c:\program files\agi\Python25\Lib\encodings\cp424.py
c:\program files\agi\Python25\Lib\encodings\cp437.py
c:\program files\agi\Python25\Lib\encodings\cp500.py
c:\program files\agi\Python25\Lib\encodings\cp737.py
c:\program files\agi\Python25\Lib\encodings\cp775.py
c:\program files\agi\Python25\Lib\encodings\cp850.py
c:\program files\agi\Python25\Lib\encodings\cp852.py
c:\program files\agi\Python25\Lib\encodings\cp855.py
c:\program files\agi\Python25\Lib\encodings\cp856.py
c:\program files\agi\Python25\Lib\encodings\cp857.py
c:\program files\agi\Python25\Lib\encodings\cp860.py
c:\program files\agi\Python25\Lib\encodings\cp861.py
c:\program files\agi\Python25\Lib\encodings\cp862.py
c:\program files\agi\Python25\Lib\encodings\cp863.py
c:\program files\agi\Python25\Lib\encodings\cp864.py
c:\program files\agi\Python25\Lib\encodings\cp865.py
c:\program files\agi\Python25\Lib\encodings\cp866.py
c:\program files\agi\Python25\Lib\encodings\cp869.py
c:\program files\agi\Python25\Lib\encodings\cp874.py
c:\program files\agi\Python25\Lib\encodings\cp875.py
c:\program files\agi\Python25\Lib\encodings\cp932.py
c:\program files\agi\Python25\Lib\encodings\cp949.py
c:\program files\agi\Python25\Lib\encodings\cp950.py
c:\program files\agi\Python25\Lib\encodings\euc_jis_2004.py
c:\program files\agi\Python25\Lib\encodings\euc_jisx0213.py
c:\program files\agi\Python25\Lib\encodings\euc_jp.py
c:\program files\agi\Python25\Lib\encodings\euc_kr.py
c:\program files\agi\Python25\Lib\encodings\gb18030.py
c:\program files\agi\Python25\Lib\encodings\gb2312.py
c:\program files\agi\Python25\Lib\encodings\gbk.py
c:\program files\agi\Python25\Lib\encodings\hex_codec.py
c:\program files\agi\Python25\Lib\encodings\hp_roman8.py
c:\program files\agi\Python25\Lib\encodings\hz.py
c:\program files\agi\Python25\Lib\encodings\idna.py
c:\program files\agi\Python25\Lib\encodings\iso2022_jp.py
c:\program files\agi\Python25\Lib\encodings\iso2022_jp_1.py
c:\program files\agi\Python25\Lib\encodings\iso2022_jp_2.py
c:\program files\agi\Python25\Lib\encodings\iso2022_jp_2004.py
c:\program files\agi\Python25\Lib\encodings\iso2022_jp_3.py
c:\program files\agi\Python25\Lib\encodings\iso2022_jp_ext.py
c:\program files\agi\Python25\Lib\encodings\iso2022_kr.py
c:\program files\agi\Python25\Lib\encodings\iso8859_1.py
c:\program files\agi\Python25\Lib\encodings\iso8859_10.py
c:\program files\agi\Python25\Lib\encodings\iso8859_11.py
c:\program files\agi\Python25\Lib\encodings\iso8859_13.py
c:\program files\agi\Python25\Lib\encodings\iso8859_14.py
c:\program files\agi\Python25\Lib\encodings\iso8859_15.py
c:\program files\agi\Python25\Lib\encodings\iso8859_16.py
c:\program files\agi\Python25\Lib\encodings\iso8859_2.py
c:\program files\agi\Python25\Lib\encodings\iso8859_3.py
c:\program files\agi\Python25\Lib\encodings\iso8859_4.py
c:\program files\agi\Python25\Lib\encodings\iso8859_5.py
c:\program files\agi\Python25\Lib\encodings\iso8859_6.py
c:\program files\agi\Python25\Lib\encodings\iso8859_7.py
c:\program files\agi\Python25\Lib\encodings\iso8859_8.py
c:\program files\agi\Python25\Lib\encodings\iso8859_9.py
c:\program files\agi\Python25\Lib\encodings\johab.py
c:\program files\agi\Python25\Lib\encodings\koi8_r.py
c:\program files\agi\Python25\Lib\encodings\koi8_u.py
c:\program files\agi\Python25\Lib\encodings\latin_1.py
c:\program files\agi\Python25\Lib\encodings\mac_arabic.py
c:\program files\agi\Python25\Lib\encodings\mac_centeuro.py
c:\program files\agi\Python25\Lib\encodings\mac_croatian.py
c:\program files\agi\Python25\Lib\encodings\mac_cyrillic.py
c:\program files\agi\Python25\Lib\encodings\mac_farsi.py
c:\program files\agi\Python25\Lib\encodings\mac_greek.py
c:\program files\agi\Python25\Lib\encodings\mac_iceland.py
c:\program files\agi\Python25\Lib\encodings\mac_latin2.py
c:\program files\agi\Python25\Lib\encodings\mac_roman.py
c:\program files\agi\Python25\Lib\encodings\mac_romanian.py
c:\program files\agi\Python25\Lib\encodings\mac_turkish.py
c:\program files\agi\Python25\Lib\encodings\mbcs.py
c:\program files\agi\Python25\Lib\encodings\palmos.py
c:\program files\agi\Python25\Lib\encodings\ptcp154.py
c:\program files\agi\Python25\Lib\encodings\punycode.py
c:\program files\agi\Python25\Lib\encodings\quopri_codec.py
c:\program files\agi\Python25\Lib\encodings\raw_unicode_escape.py
c:\program files\agi\Python25\Lib\encodings\rot_13.py
c:\program files\agi\Python25\Lib\encodings\shift_jis.py
c:\program files\agi\Python25\Lib\encodings\shift_jis_2004.py
c:\program files\agi\Python25\Lib\encodings\shift_jisx0213.py
c:\program files\agi\Python25\Lib\encodings\string_escape.py
c:\program files\agi\Python25\Lib\encodings\string_escape.pyc
c:\program files\agi\Python25\Lib\encodings\tis_620.py
c:\program files\agi\Python25\Lib\encodings\undefined.py
c:\program files\agi\Python25\Lib\encodings\unicode_escape.py
c:\program files\agi\Python25\Lib\encodings\unicode_internal.py
c:\program files\agi\Python25\Lib\encodings\utf_16.py
c:\program files\agi\Python25\Lib\encodings\utf_16_be.py
c:\program files\agi\Python25\Lib\encodings\utf_16_le.py
c:\program files\agi\Python25\Lib\encodings\utf_7.py
c:\program files\agi\Python25\Lib\encodings\utf_8.py
c:\program files\agi\Python25\Lib\encodings\utf_8.pyc
c:\program files\agi\Python25\Lib\encodings\utf_8_sig.py
c:\program files\agi\Python25\Lib\encodings\uu_codec.py
c:\program files\agi\Python25\Lib\encodings\zlib_codec.py
c:\program files\agi\Python25\Lib\filecmp.py
c:\program files\agi\Python25\Lib\fileinput.py
c:\program files\agi\Python25\Lib\fnmatch.py
c:\program files\agi\Python25\Lib\fnmatch.pyc
c:\program files\agi\Python25\Lib\formatter.py
c:\program files\agi\Python25\Lib\fpformat.py
c:\program files\agi\Python25\Lib\ftplib.py
c:\program files\agi\Python25\Lib\functools.py
c:\program files\agi\Python25\Lib\getopt.py
c:\program files\agi\Python25\Lib\getpass.py
c:\program files\agi\Python25\Lib\gettext.py
c:\program files\agi\Python25\Lib\gettext.pyc
c:\program files\agi\Python25\Lib\glob.py
c:\program files\agi\Python25\Lib\glob.pyc
c:\program files\agi\Python25\Lib\gopherlib.py
c:\program files\agi\Python25\Lib\gzip.py
c:\program files\agi\Python25\Lib\gzip.pyc
c:\program files\agi\Python25\Lib\hashlib.py
c:\program files\agi\Python25\Lib\hashlib.pyc
c:\program files\agi\Python25\Lib\heapq.py
c:\program files\agi\Python25\Lib\hmac.py
c:\program files\agi\Python25\Lib\hotshot\__init__.py
c:\program files\agi\Python25\Lib\hotshot\log.py
c:\program files\agi\Python25\Lib\hotshot\stats.py
c:\program files\agi\Python25\Lib\hotshot\stones.py
c:\program files\agi\Python25\Lib\htmlentitydefs.py
c:\program files\agi\Python25\Lib\htmllib.py
c:\program files\agi\Python25\Lib\HTMLParser.py
c:\program files\agi\Python25\Lib\httplib.py
c:\program files\agi\Python25\Lib\httplib.pyc
c:\program files\agi\Python25\Lib\ihooks.py
c:\program files\agi\Python25\Lib\imaplib.py
c:\program files\agi\Python25\Lib\imghdr.py
c:\program files\agi\Python25\Lib\imputil.py
c:\program files\agi\Python25\Lib\inspect.py
c:\program files\agi\Python25\Lib\keyword.py
c:\program files\agi\Python25\Lib\linecache.py
c:\program files\agi\Python25\Lib\linecache.pyc
c:\program files\agi\Python25\Lib\locale.py
c:\program files\agi\Python25\Lib\locale.pyc
c:\program files\agi\Python25\Lib\logging\__init__.py
c:\program files\agi\Python25\Lib\logging\__init__.pyc
c:\program files\agi\Python25\Lib\logging\config.py
c:\program files\agi\Python25\Lib\logging\handlers.py
c:\program files\agi\Python25\Lib\logging\handlers.pyc
c:\program files\agi\Python25\Lib\macpath.py
c:\program files\agi\Python25\Lib\macurl2path.py
c:\program files\agi\Python25\Lib\mailbox.py
c:\program files\agi\Python25\Lib\mailcap.py
c:\program files\agi\Python25\Lib\markupbase.py
c:\program files\agi\Python25\Lib\md5.py
c:\program files\agi\Python25\Lib\mhlib.py
c:\program files\agi\Python25\Lib\mimetools.py
c:\program files\agi\Python25\Lib\mimetools.pyc
c:\program files\agi\Python25\Lib\mimetypes.py
c:\program files\agi\Python25\Lib\MimeWriter.py
c:\program files\agi\Python25\Lib\mimify.py
c:\program files\agi\Python25\Lib\modulefinder.py
c:\program files\agi\Python25\Lib\multifile.py
c:\program files\agi\Python25\Lib\mutex.py
c:\program files\agi\Python25\Lib\netrc.py
c:\program files\agi\Python25\Lib\new.py
c:\program files\agi\Python25\Lib\new.pyc
c:\program files\agi\Python25\Lib\nntplib.py
c:\program files\agi\Python25\Lib\ntpath.py
c:\program files\agi\Python25\Lib\ntpath.pyc
c:\program files\agi\Python25\Lib\nturl2path.py
c:\program files\agi\Python25\Lib\nturl2path.pyc
c:\program files\agi\Python25\Lib\opcode.py
c:\program files\agi\Python25\Lib\opcode.pyc
c:\program files\agi\Python25\Lib\optparse.py
c:\program files\agi\Python25\Lib\optparse.pyc
c:\program files\agi\Python25\Lib\os.py
c:\program files\agi\Python25\Lib\os.pyc
c:\program files\agi\Python25\Lib\os2emxpath.py
c:\program files\agi\Python25\Lib\pdb.py
c:\program files\agi\Python25\Lib\pickle.py
c:\program files\agi\Python25\Lib\pickle.pyc
c:\program files\agi\Python25\Lib\pickletools.py
c:\program files\agi\Python25\Lib\pipes.py
c:\program files\agi\Python25\Lib\pkgutil.py
c:\program files\agi\Python25\Lib\platform.py
c:\program files\agi\Python25\Lib\popen2.py
c:\program files\agi\Python25\Lib\poplib.py
c:\program files\agi\Python25\Lib\posixfile.py
c:\program files\agi\Python25\Lib\posixpath.py
c:\program files\agi\Python25\Lib\posixpath.pyc
c:\program files\agi\Python25\Lib\pprint.py
c:\program files\agi\Python25\Lib\profile.py
c:\program files\agi\Python25\Lib\pstats.py
c:\program files\agi\Python25\Lib\pty.py
c:\program files\agi\Python25\Lib\py_compile.py
c:\program files\agi\Python25\Lib\pyclbr.py
c:\program files\agi\Python25\Lib\pydoc.py
c:\program files\agi\Python25\Lib\Queue.py
c:\program files\agi\Python25\Lib\Queue.pyc
c:\program files\agi\Python25\Lib\quopri.py
c:\program files\agi\Python25\Lib\random.py
c:\program files\agi\Python25\Lib\random.pyc
c:\program files\agi\Python25\Lib\re.py
c:\program files\agi\Python25\Lib\re.pyc
c:\program files\agi\Python25\Lib\repr.py
c:\program files\agi\Python25\Lib\rexec.py
c:\program files\agi\Python25\Lib\rfc822.py
c:\program files\agi\Python25\Lib\rfc822.pyc
c:\program files\agi\Python25\Lib\rlcompleter.py
c:\program files\agi\Python25\Lib\robotparser.py
c:\program files\agi\Python25\Lib\runpy.py
c:\program files\agi\Python25\Lib\sched.py
c:\program files\agi\Python25\Lib\sets.py
c:\program files\agi\Python25\Lib\sgmllib.py
c:\program files\agi\Python25\Lib\sha.py
c:\program files\agi\Python25\Lib\shelve.py
c:\program files\agi\Python25\Lib\shlex.py
c:\program files\agi\Python25\Lib\shutil.py
c:\program files\agi\Python25\Lib\shutil.pyc
c:\program files\agi\Python25\Lib\SimpleHTTPServer.py
c:\program files\agi\Python25\Lib\SimpleXMLRPCServer.py
c:\program files\agi\Python25\Lib\site.py
c:\program files\agi\Python25\Lib\site.pyc
c:\program files\agi\Python25\Lib\smtpd.py
c:\program files\agi\Python25\Lib\smtplib.py
c:\program files\agi\Python25\Lib\sndhdr.py
c:\program files\agi\Python25\Lib\socket.py
c:\program files\agi\Python25\Lib\socket.pyc
c:\program files\agi\Python25\Lib\SocketServer.py
c:\program files\agi\Python25\Lib\sre.py
c:\program files\agi\Python25\Lib\sre_compile.py
c:\program files\agi\Python25\Lib\sre_compile.pyc
c:\program files\agi\Python25\Lib\sre_constants.py
c:\program files\agi\Python25\Lib\sre_constants.pyc
c:\program files\agi\Python25\Lib\sre_parse.py
c:\program files\agi\Python25\Lib\sre_parse.pyc
c:\program files\agi\Python25\Lib\stat.py
c:\program files\agi\Python25\Lib\stat.pyc
c:\program files\agi\Python25\Lib\statvfs.py
c:\program files\agi\Python25\Lib\string.py
c:\program files\agi\Python25\Lib\string.pyc
c:\program files\agi\Python25\Lib\StringIO.py
c:\program files\agi\Python25\Lib\StringIO.pyc
c:\program files\agi\Python25\Lib\stringold.py
c:\program files\agi\Python25\Lib\stringprep.py
c:\program files\agi\Python25\Lib\struct.py
c:\program files\agi\Python25\Lib\struct.pyc
c:\program files\agi\Python25\Lib\subprocess.py
c:\program files\agi\Python25\Lib\subprocess.pyc
c:\program files\agi\Python25\Lib\sunau.py
c:\program files\agi\Python25\Lib\sunaudio.py
c:\program files\agi\Python25\Lib\symbol.py
c:\program files\agi\Python25\Lib\symbol.pyc
c:\program files\agi\Python25\Lib\symtable.py
c:\program files\agi\Python25\Lib\tabnanny.py
c:\program files\agi\Python25\Lib\tarfile.py
c:\program files\agi\Python25\Lib\telnetlib.py
c:\program files\agi\Python25\Lib\tempfile.py
c:\program files\agi\Python25\Lib\tempfile.pyc
c:\program files\agi\Python25\Lib\textwrap.py
c:\program files\agi\Python25\Lib\textwrap.pyc
c:\program files\agi\Python25\Lib\this.py
c:\program files\agi\Python25\Lib\threading.py
c:\program files\agi\Python25\Lib\threading.pyc
c:\program files\agi\Python25\Lib\timeit.py
c:\program files\agi\Python25\Lib\toaiff.py
c:\program files\agi\Python25\Lib\token.py
c:\program files\agi\Python25\Lib\token.pyc
c:\program files\agi\Python25\Lib\tokenize.py
c:\program files\agi\Python25\Lib\trace.py
c:\program files\agi\Python25\Lib\traceback.py
c:\program files\agi\Python25\Lib\traceback.pyc
c:\program files\agi\Python25\Lib\tty.py
c:\program files\agi\Python25\Lib\types.py
c:\program files\agi\Python25\Lib\types.pyc
c:\program files\agi\Python25\Lib\unittest.py
c:\program files\agi\Python25\Lib\urllib.py
c:\program files\agi\Python25\Lib\urllib.pyc
c:\program files\agi\Python25\Lib\urllib2.py
c:\program files\agi\Python25\Lib\urllib2.pyc
c:\program files\agi\Python25\Lib\urlparse.py
c:\program files\agi\Python25\Lib\urlparse.pyc
c:\program files\agi\Python25\Lib\user.py
c:\program files\agi\Python25\Lib\UserDict.py
c:\program files\agi\Python25\Lib\UserDict.pyc
c:\program files\agi\Python25\Lib\UserList.py
c:\program files\agi\Python25\Lib\UserString.py
c:\program files\agi\Python25\Lib\uu.py
c:\program files\agi\Python25\Lib\uuid.py
c:\program files\agi\Python25\Lib\uuid.pyc
c:\program files\agi\Python25\Lib\warnings.py
c:\program files\agi\Python25\Lib\warnings.pyc
c:\program files\agi\Python25\Lib\wave.py
c:\program files\agi\Python25\Lib\weakref.py
c:\program files\agi\Python25\Lib\weakref.pyc
c:\program files\agi\Python25\Lib\webbrowser.py
c:\program files\agi\Python25\Lib\whichdb.py
c:\program files\agi\Python25\Lib\xdrlib.py
c:\program files\agi\Python25\Lib\xml\__init__.py
c:\program files\agi\Python25\Lib\xml\dom\__init__.py
c:\program files\agi\Python25\Lib\xml\dom\domreg.py
c:\program files\agi\Python25\Lib\xml\dom\expatbuilder.py
c:\program files\agi\Python25\Lib\xml\dom\minicompat.py
c:\program files\agi\Python25\Lib\xml\dom\minidom.py
c:\program files\agi\Python25\Lib\xml\dom\NodeFilter.py
c:\program files\agi\Python25\Lib\xml\dom\pulldom.py
c:\program files\agi\Python25\Lib\xml\dom\xmlbuilder.py
c:\program files\agi\Python25\Lib\xml\etree\__init__.py
c:\program files\agi\Python25\Lib\xml\etree\cElementTree.py
c:\program files\agi\Python25\Lib\xml\etree\ElementInclude.py
c:\program files\agi\Python25\Lib\xml\etree\ElementPath.py
c:\program files\agi\Python25\Lib\xml\etree\ElementTree.py
c:\program files\agi\Python25\Lib\xml\parsers\__init__.py
c:\program files\agi\Python25\Lib\xml\parsers\expat.py
c:\program files\agi\Python25\Lib\xml\sax\__init__.py
c:\program files\agi\Python25\Lib\xml\sax\_exceptions.py
c:\program files\agi\Python25\Lib\xml\sax\expatreader.py
c:\program files\agi\Python25\Lib\xml\sax\handler.py
c:\program files\agi\Python25\Lib\xml\sax\saxutils.py
c:\program files\agi\Python25\Lib\xml\sax\xmlreader.py
c:\program files\agi\Python25\Lib\xmllib.py
c:\program files\agi\Python25\Lib\xmlrpclib.py
c:\program files\agi\Python25\Lib\zipfile.py
c:\program files\agi\Python25\Lib\zipfile.pyc
c:\program files\agi\Python25\LICENSE.txt
c:\program files\agi\Python25\python.exe
c:\program files\agi\Python25\pythonw.exe
c:\program files\agi\tmp\installShell.log
c:\program files\agi\tmp\python25.zip
c:\windows\CT4CET.bin
c:\windows\system32\ascbalon.dll
c:\windows\system32\ConTest.dll
c:\windows\system32\LCCoin14.dll
c:\windows\system32\SySAVI2WMV.dat
c:\windows\system32\SysRestore.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AGWINSERVICE
-------\Service_AGWinService


((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.

2009-01-05 06:31 . 2009-01-05 06:31 <DIR> d-------- c:\windows\LastGood.Tmp
2009-01-03 15:41 . 2009-01-03 15:41 <DIR> d-------- c:\program files\Ascentive
2009-01-03 15:41 . 2008-08-20 17:44 45,056 --a------ c:\windows\system32\CreateLog.dll
2008-12-31 18:29 . 2008-12-31 18:30 27,265,566 --a------ C:\12302008-232738.wmv
2008-12-31 18:28 . 2008-12-31 18:28 <DIR> d-------- c:\program files\ezvideotools.com
2008-12-31 18:24 . 2008-12-31 18:25 <DIR> d-------- c:\program files\MPEG Converter
2008-12-31 18:24 . 2003-09-23 18:31 794,624 --a------ c:\windows\system32\mpgfiltr.ax
2008-12-31 18:24 . 2003-10-07 22:15 348,160 --a------ c:\windows\system32\axVideoConvert.dll
2008-12-31 18:24 . 2002-07-09 22:42 140,288 --a------ c:\windows\system32\Comdlg32.ocx
2008-12-31 17:33 . 2008-12-31 17:33 76,056 --a------ C:\img2-001.raw
2008-12-30 21:01 . 2008-12-30 21:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\EyePowerGames
2008-12-29 22:23 . 2009-01-02 21:49 <DIR> d-------- c:\documents and settings\jam\Application Data\HPAppData
2008-12-29 20:54 . 2007-04-10 16:46 1,966,696 --a------ c:\windows\system32\drivers\VX3000.sys
2008-12-29 20:54 . 2007-04-10 16:46 709,992 --a------ c:\windows\vVX3000.exe
2008-12-29 20:54 . 2007-04-10 16:46 476,520 --a------ c:\windows\vVX3000.dll
2008-12-29 20:54 . 2007-04-10 16:46 185,704 --a------ c:\windows\system32\cVX3000.dll
2008-12-29 20:54 . 2007-04-10 16:46 111,976 --a------ c:\windows\VX3000.dll
2008-12-29 20:54 . 2007-04-10 16:46 15,498 --a------ c:\windows\VX3000.ini
2008-12-29 20:54 . 2007-04-10 16:46 13,023 --a------ c:\windows\VX3000.src
2008-12-29 20:53 . 2008-12-29 20:54 <DIR> d-------- c:\program files\Microsoft LifeCam
2008-12-29 03:00 . 2008-12-29 03:00 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-28 16:57 . 2008-12-28 16:57 <DIR> d-------- c:\documents and settings\jam\Application Data\HP
2008-12-28 16:48 . 2008-12-28 16:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2008-12-28 16:46 . 2008-12-28 16:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-12-28 16:46 . 2007-11-06 21:10 271,704 -ra------ c:\windows\system32\hpzids01.dll
2008-12-28 16:46 . 2007-12-03 18:57 118,272 --a------ c:\windows\system32\hpz3l5mu.dll
2008-12-28 16:45 . 2007-10-31 05:35 729,088 -ra------ c:\windows\system32\hpwwiax4.dll
2008-12-28 16:45 . 2007-10-31 05:35 593,920 -ra------ c:\windows\system32\hpwtscl3.dll
2008-12-28 16:45 . 2007-01-17 11:37 364,544 -ra------ c:\windows\system32\hppldcoi.dll
2008-12-28 16:45 . 2007-01-17 11:37 309,760 -ra------ c:\windows\system32\difxapi.dll
2008-12-28 16:45 . 2007-01-17 11:31 294,912 -ra------ c:\windows\system32\hpovst11.dll
2008-12-28 16:45 . 2001-08-17 13:53 6,784 --a------ c:\windows\system32\drivers\serscan.sys
2008-12-28 16:45 . 2001-08-17 13:53 6,784 --a------ c:\windows\system32\dllcache\serscan.sys
2008-12-28 16:29 . 2008-12-28 16:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-12-28 16:28 . 2008-12-28 16:28 <DIR> d-------- c:\program files\Hewlett-Packard
2008-12-28 16:28 . 2008-12-28 16:28 <DIR> d-------- c:\program files\Common Files\HP
2008-12-28 16:28 . 2008-12-28 16:28 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2008-12-28 16:28 . 2008-12-28 16:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2008-12-28 16:25 . 2008-12-28 16:47 178,379 --a------ c:\windows\hpwins20.dat
2008-12-28 16:25 . 2008-01-08 07:42 2,428 -ra------ c:\windows\hpwmdl20.dat
2008-12-28 16:15 . 2008-12-28 16:15 <DIR> d-------- c:\windows\yellowtail+1
2008-12-28 16:15 . 2008-12-28 16:29 <DIR> d-------- c:\program files\HP
2008-12-28 16:15 . 2007-11-06 21:04 1,373,528 -ra------ c:\windows\hpzshl01.exe
2008-12-28 16:15 . 2007-11-06 21:15 1,140,056 -ra------ c:\windows\hpzmsi01.exe
2008-12-28 16:15 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-28 16:15 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys
2008-12-28 16:15 . 2008-01-08 07:44 12,054 -ra------ c:\windows\hpwscr20.dat
2008-12-28 15:31 . 2008-12-28 15:31 0 --a------ c:\windows\ativpsrm.bin
2008-12-28 15:29 . 2008-12-28 15:29 <DIR> d-------- C:\ATI
2008-12-26 17:51 . 2008-12-31 17:37 <DIR> d-------- c:\program files\SplitCam
2008-12-26 17:51 . 2003-05-14 21:07 389,120 --a------ c:\windows\system32\actskn43.ocx
2008-12-26 17:51 . 2008-12-26 17:51 13,824 --a------ c:\windows\system32\drivers\splitcam.sys
2008-12-24 22:11 . 2008-12-30 23:14 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-22 17:25 . 2008-12-22 17:25 <DIR> d-------- c:\program files\innoheim
2008-12-22 17:23 . 2008-12-22 17:23 <DIR> d-------- c:\program files\Common Files\Download Manager
2008-12-21 20:51 . 2008-12-21 20:51 <DIR> d-------- c:\program files\SkypeCap
2008-12-21 20:51 . 2008-12-21 20:51 <DIR> d-------- c:\documents and settings\jam\Application Data\SkypeCap
2008-12-21 16:43 . 2008-12-21 16:43 <DIR> d-------- c:\program files\Common Files\TechSmith Shared
2008-12-18 18:55 . 2008-12-18 18:55 25 --a------ c:\windows\cdplayer.ini
2008-12-16 23:49 . 2008-12-16 23:49 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\agi
2008-12-13 12:11 . 2008-12-13 12:11 <DIR> d-------- c:\program files\Unity
2008-12-12 18:31 . 2008-12-12 18:31 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-12 18:26 . 2008-12-12 18:29 0 --------- c:\program files\jre-6u11-windows-i586-p.exe
2008-12-12 18:25 . 2008-12-12 18:29 <DIR> d-------- c:\documents and settings\jam\.SunDownloadManager
2008-12-12 03:00 . 2008-12-12 03:03 1,393 --a------ c:\windows\imsins.BAK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 00:31 --------- d-----w c:\documents and settings\jam\Application Data\Skype
2009-01-07 23:16 --------- d-----w c:\documents and settings\jam\Application Data\skypePM
2009-01-07 06:14 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-05 11:31 --------- d-----w c:\program files\McAfee
2009-01-03 20:41 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-30 01:35 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-28 21:23 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-28 20:56 --------- d-----w c:\program files\Virtual Earth 3D
2008-12-28 20:11 --------- d-----w c:\program files\Google
2008-12-25 19:51 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-16 04:26 --------- d-----w c:\program files\FlashGet
2008-12-12 23:34 --------- d-----w c:\program files\Java
2008-12-12 23:26 1,230 ----a-w c:\program files\jre-6u11-windows-i586-p.exe.sdm
2008-12-12 23:26 0 ----a-w c:\program files\jre-6u11-windows-i586-p.exe.bak
2008-12-01 22:13 3,452,928 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-12-01 19:51 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-11-30 19:50 --------- d-----w c:\program files\Webshots
2008-11-30 19:50 --------- d-----w c:\documents and settings\LocalService\Application Data\agi
2008-11-30 19:50 --------- d-----w c:\documents and settings\jam\Application Data\Webshots
2008-11-30 19:50 --------- d-----w c:\documents and settings\jam\Application Data\agi
2008-11-30 19:49 --------- d-----w c:\documents and settings\All Users\Application Data\agi
2008-11-29 18:54 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-11-23 01:02 --------- d-----w c:\program files\Common Files\Skype
2008-11-23 01:02 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-22 22:28 --------- d-----w c:\documents and settings\jam\Application Data\Yahoo!
2008-11-22 22:23 --------- d-----w c:\program files\TimeLeft3
2008-11-22 22:23 --------- d-----w c:\program files\Skyworks Interactive
2008-11-22 22:23 --------- d-----w c:\program files\myibay
2008-11-22 22:23 --------- d-----w c:\program files\GeoVid
2008-11-22 22:23 --------- d-----w c:\program files\Bonjour
2008-11-22 22:23 --------- d-----w c:\documents and settings\jam\Application Data\NesterSoft
2008-11-22 22:23 --------- d-----w c:\documents and settings\All Users\Application Data\GeoVid
2008-11-22 22:20 --------- d-----w c:\program files\Skype
2008-11-22 22:20 --------- d-----w c:\program files\Lavasoft(2)
2008-11-22 22:20 --------- d-----w c:\program files\Lavasoft
2008-11-22 22:20 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-22 19:06 --------- d-----w c:\program files\Yahoo!
2008-11-22 18:35 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-10 23:06 --------- d-----w c:\documents and settings\jam\Application Data\.myibay
2008-11-10 23:04 --------- d-----w c:\program files\eBay Auction Sniper and Auto Search
2008-06-24 00:54 61,224 ----a-w c:\documents and settings\jam\GoToAssistDownloadHelper.exe
2008-10-14 16:48 62,872 ----a-w c:\program files\mozilla firefox\plugins\ateccli.dll
2008-10-14 16:48 27,976 ----a-w c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-10-14 16:48 125,848 ----a-w c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-10-14 16:48 98,712 ----a-w c:\program files\mozilla firefox\plugins\ieatgpc.dll
2008-12-20 06:49 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 06:49 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 06:49 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 06:49 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 06:49 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\windows\yellowtail+1 ----

2007-06-08 08:12 477 -ra------ c:\windows\yellowtail+1\scrub2k.ini
2007-05-09 06:07 65536 -ra------ c:\windows\yellowtail+1\scrub2k.exe


((((((((((((((((((((((((((((( snapshot@2009-01-07_17.49.03.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-01-07 19:01:57 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-07 23:09:58 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-07 19:01:57 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-07 23:09:58 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-08 00:39:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2a0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-06 50528]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"Eyeball Chat"="c:\progra~1\Eyeball\EYEBAL~1\EyeballChat.exe" [2002-10-11 2863176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"Performance Center"="c:\program files\Ascentive\Performance Center\ApcMain.exe" [2008-08-13 3244032]
"PC SpeedScan Pro"="c:\program files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe" [2008-08-21 2093056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\MAIN\EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-12 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"Auto EPSON Stylus Photo R320 Series on MAIN"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\jam\Start Menu\Programs\Startup\
check-ip-changed.bat [2008-10-15 58]
MEMonitor.lnk - c:\program files\Sprint music manager\MEMonitor.exe [2008-07-30 983040]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-11-30 157000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-09 21:54 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-06-06 11:04 50528 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
--a------ 2004-10-14 09:17 45056 c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2008-06-03 00:35 50528 c:\program files\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-09-25 09:12 90112 c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 05:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
--------- 2007-07-27 15:43 118784 c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
--a------ 2007-10-11 09:49 465136 c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2008-08-13 23:04 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2008-03-11 12:44 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a------ 2008-02-28 13:18 17920 c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 12:16 42032 c:\program files\Common Files\AOL\1213745417\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 13:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 14:24 458752 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 14:14 217088 c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 16:32 221184 c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 19:12 582992 c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM05Mon.exe]
-ra------ 2007-05-08 12:00 36864 c:\windows\OEM05Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
--------- 2007-09-17 11:56 124200 c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-06-12 20:29 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2008-11-05 21:59 4347120 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon]
--a------ 2006-11-08 15:01 49152 c:\windows\system32\ico.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-10-25 10:57 16855552 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"stllssvr"=3 (0x3)
"sprtsvc_dellsupportcenter"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"gusvc"=2 (0x2)
"ATI Smart"=2 (0x2)
"AOL ACS"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1213745417\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)

R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2004-10-06 283904]
R3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\drivers\OEM05Afx.sys [2008-06-09 141376]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\drivers\OEM05Vfx.sys [2008-06-09 7424]
R3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\drivers\OEM05Vid.sys [2008-06-09 235616]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-06-09 31616]
R4 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-08-23 5376]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-06-12 24652]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2004-10-04 43392]
S3 EuMusDesignVirtualAudioCableWdm;StudioPro audio (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2008-06-22 38784]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S4 0302641231155080mcinstcleanup;McAfee Application Installer Cleanup (0302641231155080);c:\windows\TEMP\030264~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\030264~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S4 StudioPro;StudioPro webcam;c:\windows\system32\DRIVERS\StudioPro.sys --> c:\windows\system32\DRIVERS\StudioPro.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 0302641231155080MCINSTCLEANUP

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2009-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2009-01-08 c:\windows\Tasks\ipresub.job
- c:\perl\bin\perl.exe [2004-02-02 23:29]

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080610
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080610
uInternet Settings,ProxyOverride = *.local
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download all by NetXfer - c:\program files\Xi\NetXfer\NXAddList.html
IE: Download All Files by HiDownload - c:\program files\StreamingStar\HiDownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\StreamingStar\HiDownload\HDGet.htm
IE: Download by NetXfer - c:\program files\Xi\NetXfer\NXAddLink.html
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{F7DC590B-B6AD-4F7D-A778-7954A6D15B7F} - c:\program files\Bytescout Movies Extractor Scout\flashextract_ie.html
Trusted Zone: *.internet
Trusted Zone: *.mcafee.com
FF - ProfilePath - c:\documents and settings\jam\Application Data\Mozilla\Firefox\Profiles\ky7hdgf7.default\
FF - prefs.js: browser.startup.homepage - hxxp://webmail.aol.com/37080/aol/en-us/suite.aspx|http://mail.google.com/mail/#inbox|http://www.match.com/connect/connectionsHelp.aspx|http://www.plentyoffish.com/inbox.aspx?Guid=&SID=#in
FF - component: c:\documents and settings\jam\Application Data\Mozilla\Firefox\Profiles\ky7hdgf7.default\extensions\piclens@cooliris.com\components\piclensstub.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - plugin: c:\documents and settings\jam\Application Data\Mozilla\Firefox\Profiles\ky7hdgf7.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000054.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCID.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 19:39:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1028)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\AOL\acs\AOLacsd.exe
c:\opensa\Apache2\bin\Apache.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\opensa\Apache2\bin\Apache.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\hh.exe
c:\program files\AIM6\aolsoftware.exe
c:\progra~1\Webshots\Webshots.scr
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\progra~1\MOZILL~1\firefox.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-01-07 19:44:58 - machine was rebooted [jam]
ComboFix-quarantined-files.txt 2009-01-08 00:44:55
ComboFix2.txt 2009-01-07 22:49:44

Pre-Run: 308,470,177,792 bytes free
Post-Run: 308,369,235,968 bytes free

1157 --- E O F --- 2008-12-29 08:00:44

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:02 PM

Posted 08 January 2009 - 05:23 PM

How is it now?

#9 fscguy

fscguy
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 08 January 2009 - 05:44 PM

i haven't had any problems. can we give it a day or two and see how it goes?

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:02 PM

Posted 08 January 2009 - 05:55 PM

Sure...let it rest for a day or two, then let me know how it is. If all good, I will give my all clean speech :thumbsup:

#11 fscguy

fscguy
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 29 April 2009 - 05:48 AM

things are lingering on screen again.

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:02 PM

Posted 29 April 2009 - 07:23 AM

Redownload combofix and post another log.

#13 fscguy

fscguy
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 29 April 2009 - 11:53 AM

ComboFix 09-04-29.01 - jam 04/29/2009 12:48.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2242 [GMT -4:00]
Running from: c:\documents and settings\jam\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.

2009-04-29 07:00 . 2009-03-11 02:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-04-29 07:00 . 2009-03-11 02:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-04-29 07:00 . 2009-04-29 07:00 -------- d-----w c:\windows\system32\KB905474
2009-04-29 07:00 . 2009-04-29 07:00 -------- d-----w C:\c6796f9fb2d5e7370e79295f8719c5
2009-04-26 23:28 . 2009-04-26 23:28 -------- d-----w c:\program files\Common Files\Skype
2009-04-26 13:50 . 2009-04-26 13:50 -------- d-----w c:\windows\LastGood
2009-04-20 23:24 . 2009-04-20 23:55 -------- d-----w C:\SDFix
2009-04-18 16:33 . 2009-04-18 17:44 -------- d-----w c:\program files\EsetOnlineScanner
2009-04-18 12:50 . 2009-04-18 12:50 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-18 12:50 . 2009-04-18 12:50 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-18 12:50 . 2009-04-18 12:50 -------- d-----w c:\documents and settings\jam\Application Data\SUPERAntiSpyware.com
2009-04-17 01:51 . 2009-03-06 14:00 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-17 01:51 . 2005-07-26 04:20 60416 ------w c:\windows\system32\dllcache\colbact.dll
2009-04-17 01:51 . 2009-02-06 09:54 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-17 01:51 . 2009-02-09 10:01 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 01:51 . 2009-02-06 10:22 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-17 01:51 . 2009-02-09 10:01 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 01:51 . 2009-02-06 09:41 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 01:51 . 2009-02-09 10:01 617984 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 01:51 . 2009-02-09 10:01 715264 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 01:51 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 01:44 . 2009-04-15 23:15 0 ----a-w c:\windows\Jsohuriviki.bin
2009-04-14 01:44 . 2009-04-14 01:44 -------- d-----w c:\documents and settings\jam\Local Settings\Application Data\{5D909F89-B86E-478C-91DE-A55134BFB854}
2009-04-14 01:44 . 2009-04-15 23:15 408 ----a-w c:\windows\Eyedusiku.dat
2009-04-06 16:59 . 2009-04-06 16:59 -------- d-----w c:\program files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 23:28 . 2008-11-18 22:29 -------- d-----r c:\program files\Skype
2009-04-26 13:49 . 2009-03-08 13:50 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-18 15:21 . 2008-06-10 02:50 -------- d-----w c:\program files\McAfee
2009-04-16 01:24 . 2009-03-10 00:32 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-15 21:19 . 2008-06-25 23:35 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-06 19:32 . 2009-03-10 00:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2009-03-10 00:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-06 17:01 . 2008-06-20 22:46 -------- d-----w c:\program files\QuickTime
2009-03-25 15:06 . 2008-06-10 02:51 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 15:06 . 2008-06-10 02:51 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 15:06 . 2008-06-10 02:51 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-25 15:06 . 2008-06-10 02:51 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-25 15:05 . 2008-06-10 02:51 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-12 23:33 . 2009-03-12 23:33 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-08 13:49 . 2009-03-08 15:00 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-03-08 13:44 . 2009-03-08 13:44 -------- d-----w c:\program files\Lavasoft
2009-03-06 14:00 . 2004-08-11 22:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:30 . 2004-08-11 22:00 659456 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:30 . 2004-08-11 22:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:19 . 2004-08-11 22:00 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2004-08-11 22:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2004-08-11 22:00 728576 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2004-08-11 22:00 617984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2004-08-11 22:00 715264 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:29 . 2004-08-11 22:00 2142720 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:22 . 2004-08-11 22:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 09:54 . 2004-08-11 22:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 09:49 . 2004-08-04 03:59 2020864 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2004-08-11 22:00 55808 ----a-w c:\windows\system32\secur32.dll
2008-12-12 23:29 . 2008-12-12 23:26 0 ------w c:\program files\jre-6u11-windows-i586-p.exe
2008-12-12 23:26 . 2008-12-12 23:26 0 ----a-w c:\program files\jre-6u11-windows-i586-p.exe.bak
2008-12-12 23:26 . 2008-12-12 23:26 1230 ----a-w c:\program files\jre-6u11-windows-i586-p.exe.sdm
2008-10-14 16:48 . 2008-10-14 16:48 62872 ----a-w c:\program files\mozilla firefox\plugins\ateccli.dll
2008-10-14 16:48 . 2008-10-14 16:48 27976 ----a-w c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-10-14 16:48 . 2008-10-14 16:48 125848 ----a-w c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-10-14 16:48 . 2008-10-14 16:48 98712 ----a-w c:\program files\mozilla firefox\plugins\ieatgpc.dll
2008-12-20 06:49 . 2008-11-22 22:41 67688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 06:49 . 2008-11-22 22:41 54368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 06:49 . 2008-11-22 22:41 34944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 06:49 . 2008-11-22 22:41 46712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 06:49 . 2008-11-22 22:41 172136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-06 50528]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"Eyeball Chat"="c:\progra~1\Eyeball\EYEBAL~1\EyeballChat.exe" [2002-10-11 2863176]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-06 4347120]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\MAIN\EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-13 185896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"Auto EPSON Stylus Photo R320 Series on MAIN"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-26 516440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-25 16855552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\jam\Start Menu\Programs\Startup\
check-ip-changed.bat [2009-3-14 58]
MEMonitor.lnk - c:\program files\Sprint music manager\MEMonitor.exe [2008-7-30 983040]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-11-30 157000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 15:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-10 02:54 10536 ----a-w c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"stllssvr"=3 (0x3)
"sprtsvc_dellsupportcenter"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"gusvc"=2 (0x2)
"ATI Smart"=2 (0x2)
"AOL ACS"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1213745417\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\WINDOWS\\system32\\wbem\\unsecapp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)

R3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys [2004-10-04 43392]
R3 EuMusDesignVirtualAudioCableWdm;StudioPro audio (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2007-04-22 38784]
S2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\A5AGU.sys [2004-10-06 283904]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2009-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 13:49]

2009-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-04-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-10 10:56]

2009-04-29 c:\windows\Tasks\ipresub.job
- c:\perl\bin\perl.exe [2004-02-03 04:29]

2009-04-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-10 15:53]

2009-04-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-10 15:53]

2009-04-29 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 02:18]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Performance Center - c:\program files\Ascentive\Performance Center\ApcMain.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080610
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080610
uInternet Settings,ProxyOverride = *.local
IE: Download all by NetXfer - c:\program files\Xi\NetXfer\NXAddList.html
IE: Download All Files by HiDownload - c:\program files\StreamingStar\HiDownload\HDGetAll.htm
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download by HiDownload - c:\program files\StreamingStar\HiDownload\HDGet.htm
IE: Download by NetXfer - c:\program files\Xi\NetXfer\NXAddLink.html
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{F7DC590B-B6AD-4F7D-A778-7954A6D15B7F} - c:\program files\Bytescout Movies Extractor Scout\flashextract_ie.html
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\jam\Application Data\Mozilla\Firefox\Profiles\ky7hdgf7.default\
FF - prefs.js: browser.startup.homepage - hxxp://webmail.aol.com/37080/aol/en-us/suite.aspx|http://mail.google.com/mail/#inbox|http://www.match.com/connect/connectionsHelp.aspx|http://www.plentyoffish.com/inbox.aspx?Guid=&SID=#in
FF - component: c:\documents and settings\jam\Application Data\Mozilla\Firefox\Profiles\ky7hdgf7.default\extensions\piclens@cooliris.com\components\piclensstub.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\jam\Application Data\Mozilla\Firefox\Profiles\ky7hdgf7.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000054.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCID.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 12:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(4812)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-29 12:51
ComboFix-quarantined-files.txt 2009-04-29 16:51
ComboFix2.txt 2009-01-08 00:45
ComboFix3.txt 2009-01-07 22:49

Pre-Run: 311,533,416,448 bytes free
Post-Run: 311,646,138,368 bytes free

260 --- E O F --- 2009-04-29 07:00

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:02 PM

Posted 01 May 2009 - 12:54 PM

Download GMER Rootkit Scanner from here.
  • Extract the contents of the zipped file to the desktop.
  • Double click GMER.exe and if you are asked if you want to allow gmer.sys driver to load, please allow it to do so.
  • If it gives you a warning about rootkit activity and asks if you want to run scan, please click on NO.
  • In the right panel you will see several boxes that have been checked. Uncheck the following the following checkboxes:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Now click on the Scan button and wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in ark.txt and save it to your desktop.

Also,
* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
c:\windows\Jsohuriviki.bin
c:\windows\Eyedusiku.dat

Dirlook::
c:\documents and settings\jam\Local Settings\Application Data\{5D909F89-B86E-478C-91DE-A55134BFB854}


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply[/b].

#15 fscguy

fscguy
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 02 May 2009 - 10:17 AM

ComboFix 09-05-02.4 - jam 05/02/2009 11:14.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2552 [GMT -4:00]
Running from: c:\documents and settings\jam\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jam\Desktop\CFScript .txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

FILE ::
c:\windows\Eyedusiku.dat
c:\windows\Jsohuriviki.bin
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Eyedusiku.dat
c:\windows\Jsohuriviki.bin

.
((((((((((((((((((((((((( Files Created from 2009-04-02 to 2009-05-02 )))))))))))))))))))))))))))))))
.

2009-04-29 07:00 . 2009-03-11 02:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-04-29 07:00 . 2009-03-11 02:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-04-29 07:00 . 2009-04-29 07:00 -------- d-----w c:\windows\system32\KB905474
2009-04-26 23:28 . 2009-04-26 23:28 -------- d-----w c:\program files\Common Files\Skype
2009-04-20 23:24 . 2009-04-20 23:55 -------- d-----w C:\SDFix
2009-04-18 16:33 . 2009-04-18 17:44 -------- d-----w c:\program files\EsetOnlineScanner
2009-04-18 12:50 . 2009-04-18 12:50 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-18 12:50 . 2009-04-18 12:50 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-18 12:50 . 2009-04-18 12:50 -------- d-----w c:\documents and settings\jam\Application Data\SUPERAntiSpyware.com
2009-04-17 01:51 . 2009-03-06 14:00 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-17 01:51 . 2005-07-26 04:20 60416 ------w c:\windows\system32\dllcache\colbact.dll
2009-04-17 01:51 . 2009-02-06 09:54 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-17 01:51 . 2009-02-09 10:01 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 01:51 . 2009-02-06 10:22 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-17 01:51 . 2009-02-09 10:01 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 01:51 . 2009-02-06 09:41 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 01:51 . 2009-02-09 10:01 617984 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 01:51 . 2009-02-09 10:01 715264 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 01:51 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 01:44 . 2009-04-14 01:44 -------- d-----w c:\documents and settings\jam\Local Settings\Application Data\{5D909F89-B86E-478C-91DE-A55134BFB854}
2009-04-06 16:59 . 2009-04-06 16:59 -------- d-----w c:\program files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 15:14 . 2004-08-11 22:20 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-02 14:25 . 2009-03-27 10:56 868 ----a-w c:\windows\Tasks\Google Software Updater.job
2009-05-02 14:16 . 2008-10-15 17:15 256 ----a-w c:\windows\Tasks\ipresub.job
2009-05-02 05:36 . 2009-04-29 07:00 260 ----a-w c:\windows\Tasks\WGASetup.job
2009-05-01 05:00 . 2008-06-10 02:50 348 ----a-w c:\windows\Tasks\McQcTask.job
2009-04-27 13:49 . 2009-03-08 13:49 472 ----a-w c:\windows\Tasks\Ad-Aware Update (Weekly).job
2009-04-26 23:28 . 2008-11-18 22:29 -------- d-----r c:\program files\Skype
2009-04-26 13:49 . 2009-03-08 13:50 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-25 20:35 . 2008-07-09 23:09 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-04-18 15:21 . 2008-06-10 02:50 -------- d-----w c:\program files\McAfee
2009-04-16 01:24 . 2009-03-10 00:32 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-15 21:19 . 2008-06-25 23:35 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-15 04:59 . 2008-06-10 02:50 356 ----a-w c:\windows\Tasks\McDefragTask.job
2009-04-06 19:32 . 2009-03-10 00:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2009-03-10 00:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-06 17:01 . 2008-06-20 22:46 -------- d-----w c:\program files\QuickTime
2009-03-25 15:06 . 2008-06-10 02:51 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 15:06 . 2008-06-10 02:51 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 15:06 . 2008-06-10 02:51 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-25 15:06 . 2008-06-10 02:51 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-25 15:05 . 2008-06-10 02:51 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-12 23:33 . 2009-03-12 23:33 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-08 13:49 . 2009-03-08 15:00 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-03-08 13:44 . 2009-03-08 13:44 -------- d-----w c:\program files\Lavasoft
2009-03-06 14:00 . 2004-08-11 22:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:30 . 2004-08-11 22:00 659456 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:30 . 2004-08-11 22:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:19 . 2004-08-11 22:00 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2004-08-11 22:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2004-08-11 22:00 728576 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2004-08-11 22:00 617984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2004-08-11 22:00 715264 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:29 . 2004-08-11 22:00 2142720 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:22 . 2004-08-11 22:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 09:54 . 2004-08-11 22:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 09:49 . 2004-08-04 03:59 2020864 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2004-08-11 22:00 55808 ----a-w c:\windows\system32\secur32.dll
2008-12-12 23:29 . 2008-12-12 23:26 0 ------w c:\program files\jre-6u11-windows-i586-p.exe
2008-12-12 23:26 . 2008-12-12 23:26 0 ----a-w c:\program files\jre-6u11-windows-i586-p.exe.bak
2008-12-12 23:26 . 2008-12-12 23:26 1230 ----a-w c:\program files\jre-6u11-windows-i586-p.exe.sdm
2008-10-14 16:48 . 2008-10-14 16:48 62872 ----a-w c:\program files\mozilla firefox\plugins\ateccli.dll
2008-10-14 16:48 . 2008-10-14 16:48 27976 ----a-w c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-10-14 16:48 . 2008-10-14 16:48 125848 ----a-w c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-10-14 16:48 . 2008-10-14 16:48 98712 ----a-w c:\program files\mozilla firefox\plugins\ieatgpc.dll
2008-12-20 06:49 . 2008-11-22 22:41 67688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 06:49 . 2008-11-22 22:41 54368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 06:49 . 2008-11-22 22:41 34944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 06:49 . 2008-11-22 22:41 46712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 06:49 . 2008-11-22 22:41 172136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\jam\Local Settings\Application Data\{5D909F89-B86E-478C-91DE-A55134BFB854} ----

2009-04-14 01:44 . 2009-04-14 01:44 9229 ----a-w c:\documents and settings\jam\Local Settings\Application Data\{5D909F89-B86E-478C-91DE-A55134BFB854}\chrome\content\overlay.xul
2009-04-14 01:44 . 2009-04-14 01:44 3323 ----a-w c:\documents and settings\jam\Local Settings\Application Data\{5D909F89-B86E-478C-91DE-A55134BFB854}\chrome\content\c.js
2009-04-14 01:44 . 2009-04-14 01:44 2125 ----a-w c:\documents and settings\jam\Local Settings\Application Data\{5D909F89-B86E-478C-91DE-A55134BFB854}\chrome\content\_cfg.js
2009-04-14 01:44 . 2009-04-14 01:44 770 ----a-w c:\documents and settings\jam\Local Settings\Application Data\{5D909F89-B86E-478C-91DE-A55134BFB854}\install.rdf
2009-04-14 01:44 . 2009-04-14 01:44 120 ----a-w c:\documents and settings\jam\Local Settings\Application Data\{5D909F89-B86E-478C-91DE-A55134BFB854}\chrome.manifest


((((((((((((((((((((((((((((( SnapShot@2009-04-29_16.50.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-01 21:14 . 2009-05-01 21:14 16384 c:\windows\Temp\Perflib_Perfdata_234.dat
+ 2009-05-01 21:14 . 2009-05-01 21:14 16384 c:\windows\Temp\Perflib_Perfdata_10e0.dat
+ 2009-04-29 18:33 . 2009-05-02 13:16 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-12 23:01 . 2009-05-02 13:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-06-12 23:01 . 2009-04-29 13:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-12 23:01 . 2009-05-02 13:16 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-06-12 23:01 . 2009-04-29 13:59 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-06 50528]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"Eyeball Chat"="c:\program files\Eyeball\Eyeball Chat\EyeballChat.exe" [2002-10-11 2863176]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-06 4347120]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\MAIN\EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-13 185896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"Auto EPSON Stylus Photo R320 Series on MAIN"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-26 516440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-25 16855552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\jam\Start Menu\Programs\Startup\
check-ip-changed.bat [2009-3-14 58]
MEMonitor.lnk - c:\program files\Sprint music manager\MEMonitor.exe [2008-7-30 983040]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-11-30 157000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 15:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-10 02:54 10536 ----a-w c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"stllssvr"=3 (0x3)
"sprtsvc_dellsupportcenter"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"gusvc"=2 (0x2)
"ATI Smart"=2 (0x2)
"AOL ACS"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1213745417\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\WINDOWS\\system32\\wbem\\unsecapp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)

R2 StudioPro;StudioPro webcam; [x]
R3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys [2004-10-04 43392]
R3 EuMusDesignVirtualAudioCableWdm;StudioPro audio (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2007-04-22 38784]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-26 64160]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-02-17 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-02-17 55024]
S2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-26 953168]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\A5AGU.sys [2004-10-06 283904]
S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\Drivers\OEM05Afx.sys [2007-06-07 141376]
S3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\DRIVERS\OEM05Vfx.sys [2007-03-05 7424]
S3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\DRIVERS\OEM05Vid.sys [2007-07-19 235616]
S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\DRIVERS\livecamv.sys [2007-01-15 31616]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2009-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 13:49]

2009-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-10 10:56]

2009-05-02 c:\windows\Tasks\ipresub.job
- c:\perl\bin\perl.exe [2004-02-03 04:29]

2009-04-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-10 15:53]

2009-05-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-10 15:53]

2009-05-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080610
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080610
uInternet Settings,ProxyOverride = *.local
IE: Download all by NetXfer - c:\program files\Xi\NetXfer\NXAddList.html
IE: Download All Files by HiDownload - c:\program files\StreamingStar\HiDownload\HDGetAll.htm
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download by HiDownload - c:\program files\StreamingStar\HiDownload\HDGet.htm
IE: Download by NetXfer - c:\program files\Xi\NetXfer\NXAddLink.html
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{F7DC590B-B6AD-4F7D-A778-7954A6D15B7F} - c:\program files\Bytescout Movies Extractor Scout\flashextract_ie.html
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\jam\Application Data\Mozilla\Firefox\Profiles\ky7hdgf7.default\
FF - prefs.js: browser.startup.homepage - hxxp://webmail.aol.com/37080/aol/en-us/suite.aspx|http://mail.google.com/mail/#inbox|http://www.match.com/connect/connectionsHelp.aspx|http://www.plentyoffish.com/inbox.aspx?Guid=&SID=#in
FF - component: c:\documents and settings\jam\Application Data\Mozilla\Firefox\Profiles\ky7hdgf7.default\extensions\piclens@cooliris.com\components\piclensstub.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-02 11:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2009-05-02 11:17
ComboFix-quarantined-files.txt 2009-05-02 15:17
ComboFix2.txt 2009-04-29 16:51
ComboFix3.txt 2009-01-08 00:45
ComboFix4.txt 2009-01-07 22:49

Pre-Run: 390,065,582,080 bytes free
Post-Run: 390,084,718,592 bytes free

290 --- E O F --- 2009-04-29 07:00




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users