Help!

IE7/Google links appear to be getting hijacked
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> HijackThis Logs RSS
Next:  McCain's Voice Mail to Palin Leaked to Press (Hum..  
Author Message
fxgopher



Joined: Sep 03, 2008
Posts: 6
PostPosted: Wed Sep 03, 2008 12:31 pm    Post subject: IE7/Google links appear to be getting hijacked
Hi

my google search links are been hijacked a lot - sending me off to weird sites.

i've run Spybot and Windows defender, Also avast Virus scanner

i've used ATF cleaner & then run Haijack this, the results are below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:47, on 03/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/c...nt/wuwe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} -
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/c...nt/muwe
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15105/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - Unknown owner - C:\WINDOWS\system32\bgsvcgen.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13905 bytes


Can anyone help me please
Thanks in advance
Frank Xerri
Back to top
greyknight17



Joined: Feb 03, 2003
Posts: 5058

Location: Brooklyn, NY
PostPosted: Wed Sep 03, 2008 6:11 pm    Post subject: Re: IE7/Google links appear to be getting hijacked [Login to view extended thread Info.]
Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} -
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} -

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\WINDOWS\system32\msxml71.dll

1. Download combofix at http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe or http://download.bleepingcomputer.com/sUBs/ComboFix.exe Save it to your Desktop before you run it.
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.
Back to top
AIM Address Yahoo Messenger
fxgopher



Joined: Sep 03, 2008
Posts: 6
PostPosted: Wed Sep 03, 2008 6:47 pm    Post subject: [Login to view extended thread Info.]
Right - Done all that.

Here's the Combofix log as requested

ComboFix 08-09-03.02 - Frank 2008-09-03 23:45:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.777 [GMT 1:00]
Running from: C:\Documents and Settings\Frank\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Frank\Application Data\macromedia\Flash Player\#SharedObjects\X5KA4PRZ\interclick.com
C:\Documents and Settings\Frank\Application Data\macromedia\Flash Player\#SharedObjects\X5KA4PRZ\interclick.com\ud.sol
C:\Documents and Settings\Frank\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Frank\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\HKEJ9KAA\bin.clearspring.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\HKEJ9KAA\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\HKEJ9KAA\interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\HKEJ9KAA\interclick.com\pep3.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\HKEJ9KAA\interclick.com\ud.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\system32\_004601_.tmp.dll
C:\WINDOWS\system32\_004602_.tmp.dll
C:\WINDOWS\system32\_004603_.tmp.dll
C:\WINDOWS\system32\_004604_.tmp.dll
C:\WINDOWS\system32\_004611_.tmp.dll
C:\WINDOWS\system32\_004612_.tmp.dll
C:\WINDOWS\system32\_004613_.tmp.dll
C:\WINDOWS\system32\_004614_.tmp.dll
C:\WINDOWS\system32\_004615_.tmp.dll
C:\WINDOWS\system32\_004616_.tmp.dll
C:\WINDOWS\system32\_004617_.tmp.dll
C:\WINDOWS\system32\_004618_.tmp.dll
C:\WINDOWS\system32\_004619_.tmp.dll
C:\WINDOWS\system32\_004620_.tmp.dll
C:\WINDOWS\system32\_004621_.tmp.dll
C:\WINDOWS\system32\_004622_.tmp.dll
C:\WINDOWS\system32\_004623_.tmp.dll
C:\WINDOWS\system32\_004624_.tmp.dll
C:\WINDOWS\system32\_004625_.tmp.dll
C:\WINDOWS\system32\_004627_.tmp.dll
C:\WINDOWS\system32\_004628_.tmp.dll
C:\WINDOWS\system32\_004630_.tmp.dll
C:\WINDOWS\system32\_004631_.tmp.dll
C:\WINDOWS\system32\_004632_.tmp.dll
C:\WINDOWS\system32\_004635_.tmp.dll
C:\WINDOWS\system32\_004636_.tmp.dll
C:\WINDOWS\system32\_004637_.tmp.dll
C:\WINDOWS\system32\_004638_.tmp.dll
C:\WINDOWS\system32\_004639_.tmp.dll
C:\WINDOWS\system32\_004640_.tmp.dll
C:\WINDOWS\system32\_004641_.tmp.dll
C:\WINDOWS\system32\_004643_.tmp.dll
C:\WINDOWS\system32\_004644_.tmp.dll
C:\WINDOWS\system32\_004645_.tmp.dll
C:\WINDOWS\system32\_004646_.tmp.dll
C:\WINDOWS\system32\_004647_.tmp.dll
C:\WINDOWS\system32\_004648_.tmp.dll
C:\WINDOWS\system32\_004649_.tmp.dll
C:\WINDOWS\system32\_004650_.tmp.dll
C:\WINDOWS\system32\_004651_.tmp.dll
C:\WINDOWS\system32\_004652_.tmp.dll
C:\WINDOWS\system32\_004653_.tmp.dll
C:\WINDOWS\system32\_004654_.tmp.dll
C:\WINDOWS\system32\_004657_.tmp.dll
C:\WINDOWS\system32\_004658_.tmp.dll
C:\WINDOWS\system32\_004659_.tmp.dll
C:\WINDOWS\system32\_004661_.tmp.dll
C:\WINDOWS\system32\_004662_.tmp.dll
C:\WINDOWS\system32\_004663_.tmp.dll
C:\WINDOWS\system32\_004664_.tmp.dll
C:\WINDOWS\system32\_004665_.tmp.dll
C:\WINDOWS\system32\_004667_.tmp.dll
C:\WINDOWS\system32\_004668_.tmp.dll
C:\WINDOWS\system32\_004669_.tmp.dll
C:\WINDOWS\system32\_004670_.tmp.dll
C:\WINDOWS\system32\_004671_.tmp.dll
C:\WINDOWS\system32\_004673_.tmp.dll
C:\WINDOWS\system32\_004674_.tmp.dll
C:\WINDOWS\system32\_004675_.tmp.dll
C:\WINDOWS\system32\_004676_.tmp.dll
C:\WINDOWS\system32\_004678_.tmp.dll
C:\WINDOWS\system32\_004680_.tmp.dll
C:\WINDOWS\system32\_004681_.tmp.dll
C:\WINDOWS\system32\_004682_.tmp.dll
C:\WINDOWS\system32\_004683_.tmp.dll
C:\WINDOWS\system32\_004684_.tmp.dll
C:\WINDOWS\system32\_004685_.tmp.dll
C:\WINDOWS\system32\_004686_.tmp.dll
C:\WINDOWS\system32\_004689_.tmp.dll
C:\WINDOWS\system32\_004690_.tmp.dll
C:\WINDOWS\system32\_004691_.tmp.dll
C:\WINDOWS\system32\_004692_.tmp.dll
C:\WINDOWS\system32\_004693_.tmp.dll
C:\WINDOWS\system32\_004694_.tmp.dll
C:\WINDOWS\system32\_004697_.tmp.dll
C:\WINDOWS\system32\_004698_.tmp.dll
C:\WINDOWS\system32\_004700_.tmp.dll
C:\WINDOWS\system32\_004702_.tmp.dll
C:\WINDOWS\system32\_004703_.tmp.dll
C:\WINDOWS\system32\_004708_.tmp.dll
C:\WINDOWS\system32\_004710_.tmp.dll
C:\WINDOWS\system32\_004713_.tmp.dll
C:\WINDOWS\system32\_004717_.tmp.dll
C:\WINDOWS\system32\_004718_.tmp.dll
C:\WINDOWS\system32\_004722_.tmp.dll
C:\WINDOWS\system32\_004723_.tmp.dll
C:\WINDOWS\system32\_004724_.tmp.dll
C:\WINDOWS\system32\_004725_.tmp.dll
C:\WINDOWS\system32\_004730_.tmp.dll
C:\WINDOWS\system32\_004732_.tmp.dll
C:\WINDOWS\system32\comsa32.sys
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-08-03 to 2008-09-03 )))))))))))))))))))))))))))))))
.

2008-12-28 21:31 . 2008-12-28 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-09-03 22:13 . 2008-08-20 19:20 19,968 ---h----- C:\Documents and Settings\Frank\mtgvpjq.exe
2008-09-03 16:13 . 2008-09-03 16:13 <DIR> d-------- C:\Program Files\LucasArts
2008-09-03 15:58 . 2008-09-03 15:58 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-03 13:46 . 2008-09-03 13:46 3,286,067 --a------ C:\3 Doctors 011.JPG
2008-09-03 13:46 . 2008-09-03 13:46 3,269,408 --a------ C:\3 Doctors 010.JPG
2008-09-03 11:45 . 2008-09-03 11:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-03 10:47 . 2008-09-03 10:45 131,485 --a------ C:\penny-lancaster-bikini-09a.jpg
2008-09-03 10:46 . 2008-09-03 10:45 128,460 --a------ C:\penny-lancaster-bikini-08.jpg
2008-09-03 10:45 . 2008-09-03 10:45 131,485 --a------ C:\penny-lancaster-bikini-09.jpg
2008-09-03 10:24 . 2008-09-03 10:22 74,544 --a------ C:\tom and pete.jpg
2008-09-03 09:51 . 2008-09-03 09:51 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\HP
2008-09-03 09:49 . 2008-09-03 09:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-09-03 09:46 . 2008-09-03 23:43 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\HPAppData
2008-09-03 09:46 . 2008-09-03 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-09-03 09:46 . 2007-10-30 03:25 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-09-03 09:46 . 2007-10-30 03:25 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-09-03 09:45 . 2007-10-30 03:25 372,736 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-09-03 09:45 . 2007-10-30 03:25 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-09-03 09:45 . 2007-11-08 08:52 271,704 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-09-03 09:45 . 2007-10-20 18:25 117,760 --a------ C:\WINDOWS\system32\hpzll5mu.dll
2008-09-03 09:45 . 2007-10-30 03:25 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-09-03 09:44 . 2007-10-30 03:11 729,088 -ra------ C:\WINDOWS\system32\hpowiax7.dll
2008-09-03 09:44 . 2007-10-30 03:11 581,632 -ra------ C:\WINDOWS\system32\hpotscl6.dll
2008-09-03 09:44 . 2007-10-30 03:11 303,104 -ra------ C:\WINDOWS\system32\hpovst15.dll
2008-09-03 09:44 . 2008-04-14 00:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-09-03 09:44 . 2008-04-14 00:15 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-09-03 09:37 . 2008-09-03 09:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-09-03 09:37 . 2008-09-03 09:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-09-03 09:36 . 2008-09-03 09:36 <DIR> d-------- C:\Program Files\Common Files\HP
2008-09-03 09:36 . 2008-09-03 09:36 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-09-03 09:34 . 2008-09-03 09:47 <DIR> d-------- C:\Program Files\HP
2008-09-03 09:30 . 2008-09-03 09:50 160,497 --a------ C:\WINDOWS\hpoins27.dat
2008-09-03 09:30 . 2007-12-12 18:04 932 --------- C:\WINDOWS\hpomdl27.dat
2008-09-01 14:09 . 2008-09-01 14:09 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\TomTom
2008-09-01 14:08 . 2008-09-01 14:08 <DIR> d-------- C:\Program Files\TomTom DesktopSuite
2008-09-01 10:48 . 2008-09-01 10:47 29,944 --a------ C:\n753822666_1581492_2742.jpg
2008-09-01 10:48 . 2008-09-01 10:48 8,587 --a------ C:\n753822666_1680901_9450.jpg
2008-08-31 23:43 . 2008-09-01 00:38 27,782,600 --a------ C:\setupeng.exe
2008-08-31 17:03 . 2008-09-02 00:15 30,528 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000002-00000000-0000000A-00001102-00000004-10021102}.rfx
2008-08-31 17:03 . 2008-09-02 00:15 11,564 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000A-00001102-00000004-10021102}.rfx
2008-08-31 17:02 . 2008-09-03 23:44 4,958,588 --a------ C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000004-10021102}.BAK
2008-08-31 17:01 . 2008-08-31 17:01 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-31 16:48 . 2008-08-31 16:48 <DIR> d-------- C:\WINDOWS\system32\Defaults
2008-08-31 16:46 . 2008-09-03 23:44 4,958,588 --a------ C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000004-10021102}.CDF
2008-08-31 16:45 . 2008-08-31 16:45 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\Creative
2008-08-31 15:34 . 2008-08-31 15:34 <DIR> d-------- C:\RegSeeker
2008-08-31 14:23 . 2008-08-31 14:23 <DIR> d-------- C:\Program Files\GoFTP
2008-08-31 14:23 . 2007-01-24 10:27 946,176 --a------ C:\WINDOWS\system32\wodFtpDLXG.OCX
2008-08-31 10:29 . 2008-08-31 10:29 <DIR> d-------- C:\Program Files\Windows Defender
2008-08-30 23:55 . 2008-08-30 23:55 820,890 --a------ C:\1.bmp
2008-08-30 23:55 . 2008-08-30 23:55 47,468 --a------ C:\n506845473_506774_9848.jpg
2008-08-30 18:20 . 2008-08-30 18:29 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\Mp3tag
2008-08-30 16:59 . 2008-08-30 17:02 820,086,788 --a------ C:\TP4.mpg
2008-08-30 16:41 . 2008-08-30 16:45 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\Winamp
2008-08-30 16:26 . 2008-08-30 16:26 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\vlc
2008-08-30 14:54 . 2008-09-01 15:49 <DIR> d-------- C:\Program Files\ADF Opus
2008-08-30 14:47 . 2008-08-30 15:00 <DIR> d-------- C:\0
2008-08-30 14:22 . 2008-08-30 14:22 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\ScummVM
2008-08-30 11:12 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-08-30 11:12 . 2006-05-20 17:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-08-30 11:12 . 2006-05-11 20:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-08-30 11:12 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-08-30 11:05 . 2008-08-30 11:05 <DIR> d-------- C:\Documents and Settings\Frank\WINDOWS
2008-08-30 10:55 . 2008-07-04 08:25 495,616 --a------ C:\WINDOWS\system\lame_enc.dll
2008-08-30 10:55 . 2008-07-04 08:25 495,616 --a------ C:\WINDOWS\lame_enc.dll
2008-08-30 10:22 . 2008-08-30 10:39 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\LimeWire
2008-08-30 00:38 . 2008-08-30 11:12 <DIR> d-------- C:\Program Files\VSO
2008-08-29 23:01 . 2008-08-29 23:01 <DIR> d-------- C:\SIM.CITY.4.D.V1.1.610.0.PLUS2TRN.XOWNAGE
2008-08-29 22:39 . 2008-08-29 22:39 <DIR> d-------- C:\Program Files\FireTrust
2008-08-29 22:38 . 2008-08-29 22:38 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\LEAPS
2008-08-29 21:23 . 2008-08-29 21:23 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\TuneUp Software
2008-08-29 21:12 . 2008-08-29 21:12 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\Syntrillium
2008-08-29 21:12 . 2008-08-29 21:18 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\Ahead
2008-08-29 21:10 . 2008-08-29 21:10 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\DivX
2008-08-29 20:52 . 2008-08-30 16:50 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\Vso
2008-08-29 20:51 . 2008-08-30 10:10 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\Pegasys Inc
2008-08-29 17:39 . 2008-08-29 17:39 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\Apple Computer
2008-08-29 17:31 . 2008-09-03 23:43 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\MailWasherPro
2008-08-29 17:08 . 2008-09-03 18:52 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\Azureus
2008-08-29 16:53 . 2008-08-30 22:21 <DIR> d-------- C:\Documents and Settings\Frank\Contacts
2008-08-29 16:29 . 2008-09-03 22:13 <DIR> d-------- C:\Documents and Settings\Frank
2008-08-26 06:18 . 2008-08-26 06:18 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-08-24 21:56 . 2008-08-24 21:56 <DIR> d-------- C:\1
2008-08-24 19:10 . 2008-08-24 19:10 57,979 --a------ C:\1.jpg
2008-08-22 22:37 . 2008-05-01 15:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-22 22:35 . 2008-04-11 20:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-21 00:06 . 2008-08-21 00:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM
2008-08-20 10:38 . 2008-08-29 16:13 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-08-13 23:34 . 2008-08-13 23:35 <DIR> d-------- C:\Program Files\3D Starstrike
2008-08-13 10:50 . 2008-08-13 10:50 <DIR> d-------- C:\Program Files\Maxis
2008-08-12 13:44 . 2008-08-12 13:44 <DIR> d-------- C:\WINDOWS\nview
2008-08-12 13:44 . 2008-05-16 14:01 446,464 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-08-12 13:44 . 2008-09-03 23:36 186,097 --a------ C:\WINDOWS\system32\nvapps.xml
2008-08-12 13:44 . 2008-05-16 14:01 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-08-12 13:43 . 2008-05-16 11:48 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-08-12 13:12 . 2008-08-12 13:12 <DIR> d-------- C:\gen cheat
2008-08-12 13:10 . 2008-08-12 13:10 <DIR> d-------- C:\Documents and Settings\All Users\temp
2008-08-12 13:10 . 2008-08-12 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Gamespot
2008-08-12 12:26 . 2008-08-12 12:26 <DIR> d-------- C:\Program Files\EA Games
2008-08-12 12:09 . 2008-08-12 12:09 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-10 13:28 . 2008-08-10 13:28 268 --ah----- C:\sqmdata00.sqm
2008-08-10 13:28 . 2008-08-10 13:28 244 --ah----- C:\sqmnoopt00.sqm
2008-08-10 13:28 . 2008-08-10 13:28 172 --ah----- C:\sqmnoopt01.sqm
2008-08-10 13:28 . 2008-08-10 13:28 160 --ah----- C:\sqmdata01.sqm
2008-08-10 13:28 . 2008-08-10 13:28 136 --ah----- C:\sqmnoopt02.sqm
2008-08-10 13:28 . 2008-08-10 13:28 136 --ah----- C:\sqmdata02.sqm
2008-08-07 22:38 . 2008-08-07 22:39 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Poser Pro
2008-08-07 22:19 . 2008-08-07 22:19 <DIR> d-------- C:\Program Files\Smith Micro
2008-08-07 15:06 . 2008-08-07 20:11 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Glory of the Roman Empire
2008-08-07 14:51 . 2008-08-07 14:51 165,376 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-08-07 14:51 . 2008-08-07 14:51 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-08-07 09:57 . 2008-08-07 10:15 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-08-07 09:57 . 2008-08-07 10:15 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-08-07 09:57 . 2008-08-07 10:15 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-08-06 15:21 . 2008-08-06 15:21 <DIR> d-------- C:\Sierra
2008-08-06 15:21 . 2008-08-31 21:23 25 --a------ C:\WINDOWS\SIERRA.INI
2008-08-03 13:58 . 2008-08-03 14:00 <DIR> d-------- C:\Program Files\PowerISO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 15:28 --------- d-----w C:\Program Files\DVDIdle Pro
2008-09-03 22:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-03 22:32 --------- d-----w C:\Program Files\DAP
2008-09-03 17:52 50,755,616 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-03 14:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-03 14:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-01 23:15 580,916 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-31 23:39 --------- d-----w C:\Program Files\Google
2008-08-31 23:31 --------- d-----w C:\Program Files\SimpleCenter
2008-08-31 23:27 --------- d-----w C:\Program Files\quick3D Pro
2008-08-31 23:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\proDAD
2008-08-31 20:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-31 15:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-31 15:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-08-31 15:45 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-08-31 15:45 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-08-31 15:41 --------- d-----w C:\Program Files\Apple Software Update
2008-08-31 13:53 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-08-30 14:45 --------- d-----w C:\Program Files\MagicISO
2008-08-30 14:45 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-08-30 09:22 --------- d-----w C:\Program Files\LimeWire
2008-08-30 00:21 --------- d-----w C:\Program Files\The Rosetta Stone
2008-08-29 20:18 --------- d-----w C:\Documents and Settings\Owner\Application Data\MailWasherPro
2008-08-29 15:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-24 11:23 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso
2008-08-23 08:56 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-23 08:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-22 21:47 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-20 17:09 --------- d-----w C:\Program Files\Mp3tag
2008-08-15 12:31 --------- d-----w C:\Program Files\THQ
2008-08-12 12:10 5,919 ----a-w C:\Program Files\install.log
2008-08-10 21:53 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-06 22:03 7,109,673 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-08-01 13:43 --------- d-----w C:\Program Files\iPod
2008-07-30 08:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\dvdcss
2008-07-28 12:25 37,704 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-07-21 08:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-20 14:11 --------- d-----w C:\Program Files\Oolite
2008-07-19 14:55 --------- d-----w C:\Program Files\The Bitmap Brothers
2008-07-18 18:34 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-18 11:29 --------- d-----w C:\Program Files\Electronic Arts
2008-07-15 16:53 2,675,712 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-07-14 16:17 --------- d-----w C:\Program Files\Windows Live
2008-07-14 15:42 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-07-10 12:20 2,646,528 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-07-09 13:52 --------- d-----w C:\Program Files\Java
2008-07-09 08:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-07-09 08:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-07-07 23:05 2,642,944 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-07-07 22:18 729,088 ----a-w C:\WINDOWS\system32\dalek.scr
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 13:24 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-07 13:24 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-07 13:24 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-07 09:37 189,464 ----a-w C:\WINDOWS\system32\drivers\haP17v2k.sys
2008-07-07 09:37 15,896 ----a-w C:\WINDOWS\system32\drivers\pfmodnt.sys
2008-07-07 09:36 797,720 ----a-w C:\WINDOWS\system32\drivers\ha10kx2k.sys
2008-07-07 09:36 162,840 ----a-w C:\WINDOWS\system32\drivers\haP16v2k.sys
2008-07-07 09:35 92,696 ----a-w C:\WINDOWS\system32\drivers\emupia2k.sys
2008-07-07 09:34 157,208 ----a-w C:\WINDOWS\system32\drivers\ctsfm2k.sys
2008-07-07 09:33 14,360 ----a-w C:\WINDOWS\system32\drivers\ctprxy2k.sys
2008-07-07 09:33 127,512 ----a-w C:\WINDOWS\system32\drivers\ctoss2k.sys
2008-07-07 09:32 18,840 ----a-w C:\WINDOWS\system32\drivers\ctgame.sys
2008-07-07 09:32 1,395,992 ----a-w C:\WINDOWS\system32\drivers\CTMMFILT.SYS
2008-07-07 09:31 532,376 ----a-w C:\WINDOWS\system32\drivers\ctaud2k.sys
2008-07-07 09:31 347,080 ----a-w C:\WINDOWS\system32\drivers\ctdvda2k.sys
2008-07-07 09:29 511,000 ----a-w C:\WINDOWS\system32\drivers\ctac32k.sys
2008-07-07 09:29 1,366,424 ----a-w C:\WINDOWS\system32\drivers\CT0531FL.SYS
2008-07-07 07:40 56,108 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-07-06 07:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-07-05 17:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype
2008-07-05 17:05 --------- d-----w C:\Documents and Settings\Owner\Application Data\skypePM
2008-07-04 17:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\Creative
2008-07-04 16:52 --------- d-----w C:\Program Files\Creative
2008-07-04 16:28 --------- d-----w C:\Documents and Settings\Owner\Application Data\muvee Technologies
2008-07-04 12:51 --------- d-----w C:\Program Files\muvee Technologies
2008-07-04 12:51 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-07-04 12:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-07-04 07:25 495,616 ----a-w C:\WINDOWS\system32\lame_enc.dll
2008-07-03 20:46 --------- d-----w C:\Program Files\Common Files\Skype
2008-07-03 20:37 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-06-29 16:04 2,575,872 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-06-27 16:27 86,016 ----a-w C:\WINDOWS\system32\ctcoinst.dll
2008-06-27 16:27 43,520 ----a-w C:\WINDOWS\system32\CTBurst.dll
2008-06-27 16:27 181,248 ----a-w C:\WINDOWS\system32\ctdvinst.dll
2008-06-27 16:27 11,776 ----a-w C:\WINDOWS\system32\inres.dll
2008-06-27 16:27 11,776 ----a-w C:\WINDOWS\INRES.DLL
2008-06-27 16:25 38,400 ----a-w C:\WINDOWS\system32\readreg.exe
2008-06-27 16:25 37,888 ----a-w C:\WINDOWS\system32\psconv.exe
2008-06-27 16:25 11,776 ----a-w C:\WINDOWS\system32\ac3api.dll
2008-06-27 16:08 196,096 ----a-w C:\WINDOWS\system32\ctemupia.dll
2008-06-27 16:05 49,152 ----a-w C:\WINDOWS\system32\ctdproxy.dll
2008-06-27 16:05 46,592 ----a-w C:\WINDOWS\system32\ctasio.dll
2008-06-27 16:05 176,128 ----a-w C:\WINDOWS\system32\ct_oal.dll
2008-06-27 16:04 69,632 ----a-w C:\WINDOWS\system32\ctosuser.dll
2008-06-27 16:04 6,144 ----a-w C:\WINDOWS\system32\sfman32.dll
2008-06-27 16:04 125,952 ----a-w C:\WINDOWS\system32\sfms32.dll
2008-06-27 16:03 64,512 ----a-w C:\WINDOWS\system32\piaproxy.dll
2008-06-27 16:03 13,312 ----a-w C:\WINDOWS\system32\regplib.exe
2008-06-27 15:59 5,120 ----a-w C:\WINDOWS\system32\enlocstr.exe
2008-05-15 16:39 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-05-15 16:39 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-05-15 16:39 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051520080516\index.dat
2008-05-15 16:39 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-29 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-05 188416]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-03 116040]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]
"CTHelper"="CTHELPER.EXE" [2008-06-27 C:\WINDOWS\system32\CtHelper.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"msacm.l3codec"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^BOINC Manager.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\BOINC Manager.lnk
backup=C:\WINDOWS\pss\BOINC Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 23:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 20:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 20:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-09-14 21:09 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2006-11-10 17:19 1051648 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-16 14:01 13529088 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 14:01 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 15:54 21718312 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2008-08-18 18:41 1832272 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-12-29 16:37 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-20 13:06 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-05-06 09:42 202088 C:\Program Files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2008-06-27 17:24 19456 C:\WINDOWS\system32\CtHelper.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"V0270Mon.exe"=C:\WINDOWS\V0270Mon.exe
"nwiz"=nwiz.exe /install
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 COMMONFX.SYS;COMMONFX.SYS;C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
R3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys [2008-07-07 18840]
R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
R3 SaiHFF0C;SaiHFF0C;C:\WINDOWS\system32\DRIVERS\SaiHFF0C.sys [2004-06-11 56576]
R3 SaiUFF0C;SaiUFF0C;C:\WINDOWS\system32\DRIVERS\SaiUFF0C.sys [2004-06-11 19584]
R3 VF0270Dev;Live! Cam Optia;C:\WINDOWS\system32\DRIVERS\V0270Dev.sys [2006-10-16 225632]
R3 VF0270Vfx;VF0270 Video FX;C:\WINDOWS\system32\DRIVERS\V0270VFx.sys [2006-06-19 6912]
S3 COMMONFX;COMMONFX;C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 CTAUDFX;CTAUDFX;C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX;C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTSBLFX;CTSBLFX;C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-07 307968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C51550E6-BEE1-DC64-9DC1-1168E64FFA74}]
C:\WINDOWS\system32\Windowsupdates\Windupdate.exe s
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{93994DE8-8239-4655-B1D1-5F4E91300429} - (no file)
MSConfigStartUp-AVFX Engine - C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
MSConfigStartUp-Creative Detector - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
MSConfigStartUp-Creative MediaSource Go - C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
MSConfigStartUp-DVD43 - C:\PROGRA~1\DVDIDL~1\DVDIdlePro.exe
MSConfigStartUp-gygkc - C:\WINDOWS\system32\gygkc.exe
MSConfigStartUp-Orb - C:\Program Files\Winamp Remote\bin\OrbTray.exe
MSConfigStartUp-Sccs - C:\Documents and Settings\Frank\sccs.exe
MSConfigStartUp-sclauncher - C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
MSConfigStartUp-Somefox - C:\DOCUME~1\Frank\LOCALS~1\Temp\a.exe
MSConfigStartUp-SweetIM - C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
MSConfigStartUp-tunebite - C:\Program Files\tunebite\tunebite.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\yphofpre.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npff_gdm.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-03 23:54:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-03 23:57:34
ComboFix-quarantined-files.txt 2008-09-03 22:57:26

Pre-Run: 74,512,314,368 bytes free
Post-Run: 74,473,881,600 bytes free

520



Thanks
Frank Xerri
Back to top
greyknight17



Joined: Feb 03, 2003
Posts: 5058

Location: Brooklyn, NY
PostPosted: Thu Sep 04, 2008 9:59 pm    Post subject: [Login to view extended thread Info.]
For the following, unless you know what they are for, delete them all:

C:\3 Doctors 011.JPG
C:\3 Doctors 010.JPG
C:\Program Files\Trend Micro
C:\penny-lancaster-bikini-09a.jpg
C:\penny-lancaster-bikini-08.jpg
C:\penny-lancaster-bikini-09.jpg
C:\tom and pete.jpg
C:\n753822666_1581492_2742.jpg
C:\n753822666_1680901_9450.jpg
C:\1.bmp
C:\n506845473_506774_9848.jpg
C:\TP4.mpg
C:\1.jpg
C:\1 - unless you know what's this folder for, delete it.
C:\0 - this one may be a strange character....remove it. It was created on August 30, 2008. That should help you out.

Let me know either way...acknowledge whether you recognize those files or not.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:
Quote:
File::
C:\Documents and Settings\Frank\mtgvpjq.exe
Folder::
C:\WINDOWS\system32\Windowsupdates\
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C51550E6-BEE1-DC64-9DC1-1168E64FFA74}]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

How is it running so far?
Back to top
AIM Address Yahoo Messenger
fxgopher



Joined: Sep 03, 2008
Posts: 6
PostPosted: Fri Sep 05, 2008 4:13 am    Post subject: [Login to view extended thread Info.]
It's getting there, my computer is starting to work properly again.

I've run Combofix this morning, and here are the results, if you need me to run hijack this as well, let me know

Thanks ever so much for all your help
Frank


ComboFix 08-09-04.08 - Frank 2008-09-05 9:05:27.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.779 [GMT 1:00]
Running from: C:\Documents and Settings\Frank\Desktop\New Folder (2)\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Frank\Cookies\frank@cubics[2].txt

.
((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 )))))))))))))))))))))))))))))))
.

2008-12-28 21:31 . 2008-12-28 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-09-04 17:37 . 2008-09-04 17:37 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\Windows Search
2008-09-04 14:11 . 2008-09-04 14:11 588 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-09-04 14:11 . 2008-09-04 14:11 588 --a------ C:\WINDOWS\system32\settings.sfm
2008-09-04 12:50 . 2008-09-04 12:50 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-04 12:50 . 2008-09-04 12:50 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_btprot_01005.Wdf
2008-09-04 12:46 . 2008-09-04 12:46 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\Windows Desktop Search
2008-09-04 12:45 . 2008-09-04 12:45 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-09-04 12:45 . 2008-09-04 12:45 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-09-04 12:44 . 2008-09-04 12:47 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-09-04 12:43 . 2008-03-07 18:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-09-04 12:43 . 2008-03-07 18:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-09-04 12:43 . 2008-03-07 18:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-09-04 12:31 . 2008-09-04 12:31 <DIR> d-------- C:\Program Files\Sierra
2008-09-04 11:23 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-04 11:22 . 2008-09-04 11:22 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-04 11:15 . 2008-09-05 09:01 4,958,588 --a------ C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000004-10021102}.BAK
2008-09-04 10:10 . 2008-09-04 10:10 <DIR> d-------- C:\Program Files\CCleaner
2008-09-04 01:09 . 2008-09-04 01:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-04 01:08 . 2008-09-05 00:24 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-04 01:08 . 2008-09-04 01:08 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\SUPERAntiSpyware.com
2008-09-03 16:13 . 2008-09-03 16:13 <DIR> d-------- C:\Program Files\LucasArts
2008-09-03 15:58 . 2008-09-03 15:58 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-03 11:45 . 2008-09-03 11:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-03 09:51 . 2008-09-03 09:51 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\HP
2008-09-03 09:49 . 2008-09-03 09:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-09-03 09:46 . 2008-09-05 09:00 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\HPAppData
2008-09-03 09:46 . 2008-09-03 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-09-03 09:46 . 2007-10-30 03:25 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-09-03 09:46 . 2007-10-30 03:25 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-09-03 09:45 . 2007-10-30 03:25 372,736 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-09-03 09:45 . 2007-10-30 03:25 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-09-03 09:45 . 2007-11-08 08:52 271,704 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-09-03 09:45 . 2007-10-20 18:25 117,760 --a------ C:\WINDOWS\system32\hpzll5mu.dll
2008-09-03 09:45 . 2007-10-30 03:25 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-09-03 09:44 . 2007-10-30 03:11 729,088 -ra------ C:\WINDOWS\system32\hpowiax7.dll
2008-09-03 09:44 . 2007-10-30 03:11 581,632 -ra------ C:\WINDOWS\system32\hpotscl6.dll
2008-09-03 09:44 . 2007-10-30 03:11 303,104 -ra------ C:\WINDOWS\system32\hpovst15.dll
2008-09-03 09:44 . 2008-04-14 00:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-09-03 09:44 . 2008-04-14 00:15 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-09-03 09:37 . 2008-09-03 09:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-09-03 09:37 . 2008-09-03 09:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-09-03 09:36 . 2008-09-03 09:36 <DIR> d-------- C:\Program Files\Common Files\HP
2008-09-03 09:36 . 2008-09-03 09:36 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-09-03 09:34 . 2008-09-03 09:47 <DIR> d-------- C:\Program Files\HP
2008-09-03 09:30 . 2008-09-03 09:50 160,497 --a------ C:\WINDOWS\hpoins27.dat
2008-09-03 09:30 . 2007-12-12 18:04 932 --------- C:\WINDOWS\hpomdl27.dat
2008-09-01 14:09 . 2008-09-01 14:09 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\TomTom
2008-09-01 14:08 . 2008-09-01 14:08 <DIR> d-------- C:\Program Files\TomTom DesktopSuite
2008-08-31 23:43 . 2008-09-01 00:38 27,782,600 --a------ C:\setupeng.exe
2008-08-31 17:03 . 2008-09-04 14:11 30,528 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000002-00000000-0000000A-00001102-00000004-10021102}.rfx
2008-08-31 17:03 . 2008-09-04 14:11 11,564 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000A-00001102-00000004-10021102}.rfx
2008-08-31 17:01 . 2008-08-31 17:01 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-31 16:48 . 2008-08-31 16:48 <DIR> d-------- C:\WINDOWS\system32\Defaults
2008-08-31 16:46 . 2008-09-05 09:01 4,958,588 --a------ C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000004-10021102}.CDF
2008-08-31 16:45 . 2008-08-31 16:45 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\Creative
2008-08-31 15:34 . 2008-08-31 15:34 <DIR> d-------- C:\RegSeeker
2008-08-31 14:23 . 2008-08-31 14:23 <DIR> d-------- C:\Program Files\GoFTP
2008-08-31 14:23 . 2007-01-24 10:27 946,176 --a------ C:\WINDOWS\system32\wodFtpDLXG.OCX
2008-08-31 10:29 . 2008-08-31 10:29 <DIR> d-------- C:\Program Files\Windows Defender
2008-08-30 18:20 . 2008-08-30 18:29 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\Mp3tag
2008-08-30 16:59 . 2008-08-30 17:02 820,086,788 --a------ C:\TP4.mpg
2008-08-30 16:41 . 2008-08-30 16:45 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\Winamp
2008-08-30 16:26 . 2008-08-30 16:26 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\vlc
2008-08-30 14:54 . 2008-09-01 15:49 <DIR> d-------- C:\Program Files\ADF Opus
2008-08-30 14:22 . 2008-08-30 14:22 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\ScummVM
2008-08-30 11:12 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-08-30 11:12 . 2006-05-20 17:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-08-30 11:12 . 2006-05-11 20:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-08-30 11:12 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-08-30 11:05 . 2008-08-30 11:05 <DIR> d-------- C:\Documents and Settings\Frank\WINDOWS
2008-08-30 10:55 . 2008-07-04 08:25 495,616 --a------ C:\WINDOWS\system\lame_enc.dll
2008-08-30 10:55 . 2008-07-04 08:25 495,616 --a------ C:\WINDOWS\lame_enc.dll
2008-08-30 10:22 . 2008-08-30 10:39 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\LimeWire
2008-08-30 00:38 . 2008-08-30 11:12 <DIR> d-------- C:\Program Files\VSO
2008-08-29 23:01 . 2008-08-29 23:01 <DIR> d-------- C:\SIM.CITY.4.D.V1.1.610.0.PLUS2TRN.XOWNAGE
2008-08-29 22:39 . 2008-08-29 22:39 <DIR> d-------- C:\Program Files\FireTrust
2008-08-29 22:38 . 2008-08-29 22:38 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\LEAPS
2008-08-29 21:23 . 2008-08-29 21:23 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\TuneUp Software
2008-08-29 21:12 . 2008-08-29 21:12 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\Syntrillium
2008-08-29 21:12 . 2008-08-29 21:18 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\Ahead
2008-08-29 21:10 . 2008-09-04 23:27 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\DivX
2008-08-29 20:52 . 2008-08-30 16:50 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\Vso
2008-08-29 20:51 . 2008-08-30 10:10 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\Pegasys Inc
2008-08-29 17:39 . 2008-08-29 17:39 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\Apple Computer
2008-08-29 17:31 . 2008-09-05 09:00 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\MailWasherPro
2008-08-29 17:08 . 2008-09-05 09:00 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\Azureus
2008-08-29 17:03 . 2008-07-22 15:45 1,214,526 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-29 17:03 . 2008-07-22 15:45 790,846 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-29 17:03 . 2008-07-22 15:45 9,696 -----c--- C:\WINDOWS\system32\dllcache\drvmain.sdb
2008-08-29 16:53 . 2008-08-30 22:21 <DIR> d-------- C:\Documents and Settings\Frank\Contacts
2008-08-29 16:29 . 2008-09-04 14:10 <DIR> d-------- C:\Documents and Settings\Frank
2008-08-26 06:18 . 2008-08-26 06:18 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-08-22 22:37 . 2008-05-01 15:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-22 22:35 . 2008-04-11 20:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-21 00:06 . 2008-08-21 00:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM
2008-08-20 10:38 . 2008-08-29 16:13 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-08-13 23:34 . 2008-08-13 23:35 <DIR> d-------- C:\Program Files\3D Starstrike
2008-08-13 10:50 . 2008-08-13 10:50 <DIR> d-------- C:\Program Files\Maxis
2008-08-12 13:44 . 2008-08-12 13:44 <DIR> d-------- C:\WINDOWS\nview
2008-08-12 13:44 . 2008-05-16 14:01 446,464 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-08-12 13:44 . 2008-09-05 00:22 186,097 --a------ C:\WINDOWS\system32\nvapps.xml
2008-08-12 13:44 . 2008-05-16 14:01 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-08-12 13:43 . 2008-05-16 11:48 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-08-12 13:12 . 2008-08-12 13:12 <DIR> d-------- C:\gen cheat
2008-08-12 13:10 . 2008-08-12 13:10 <DIR> d-------- C:\Documents and Settings\All Users\temp
2008-08-12 13:10 . 2008-08-12 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Gamespot
2008-08-12 12:26 . 2008-08-12 12:26 <DIR> d-------- C:\Program Files\EA Games
2008-08-12 12:09 . 2008-08-12 12:09 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-10 13:28 . 2008-08-10 13:28 268 --ah----- C:\sqmdata00.sqm
2008-08-10 13:28 . 2008-08-10 13:28 244 --ah----- C:\sqmnoopt00.sqm
2008-08-10 13:28 . 2008-08-10 13:28 172 --ah----- C:\sqmnoopt01.sqm
2008-08-10 13:28 . 2008-08-10 13:28 160 --ah----- C:\sqmdata01.sqm
2008-08-10 13:28 . 2008-08-10 13:28 136 --ah----- C:\sqmnoopt02.sqm
2008-08-10 13:28 . 2008-08-10 13:28 136 --ah----- C:\sqmdata02.sqm
2008-08-07 22:38 . 2008-08-07 22:39 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Poser Pro
2008-08-07 22:19 . 2008-08-07 22:19 <DIR> d-------- C:\Program Files\Smith Micro
2008-08-07 15:06 . 2008-08-07 20:11 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Glory of the Roman Empire
2008-08-07 14:51 . 2008-08-07 14:51 165,376 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-08-07 14:51 . 2008-08-07 14:51 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-08-07 09:57 . 2008-08-07 10:15 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-08-07 09:57 . 2008-08-07 10:15 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-08-07 09:57 . 2008-08-07 10:15 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-08-06 15:21 . 2008-08-06 15:21 <DIR> d-------- C:\Sierra
2008-08-06 15:21 . 2008-08-31 21:23 25 --a------ C:\WINDOWS\SIERRA.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 15:28 --------- d-----w C:\Program Files\DVDIdle Pro
2008-09-04 23:17 51,036,192 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-04 22:30 --------- d-----w C:\Program Files\DivX
2008-09-04 13:11 594,932 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-04 11:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-04 10:23 --------- d-----w C:\Program Files\Java
2008-09-04 09:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-04 08:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-04 00:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-03 23:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-09-03 23:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-09-03 23:05 8,321,439 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-09-03 22:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-03 22:32 --------- d-----w C:\Program Files\DAP
2008-08-31 23:39 --------- d-----w C:\Program Files\Google
2008-08-31 23:31 --------- d-----w C:\Program Files\SimpleCenter
2008-08-31 23:27 --------- d-----w C:\Program Files\quick3D Pro
2008-08-31 23:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\proDAD
2008-08-31 15:45 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-08-31 15:45 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-08-31 15:41 --------- d-----w C:\Program Files\Apple Software Update
2008-08-31 15:40 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-31 15:40 --------- d-----w C:\Program Files\Zak2
2008-08-31 15:40 --------- d-----w C:\Program Files\Yahoo!
2008-08-31 15:40 --------- d-----w C:\Program Files\Winamp
2008-08-31 15:40 --------- d-----w C:\Program Files\QuickTime
2008-08-31 15:40 --------- d-----w C:\Program Files\OfficeUpdate11
2008-08-31 15:40 --------- d-----w C:\Program Files\iTunes
2008-08-31 15:40 --------- d-----w C:\Program Files\ImgBurn
2008-08-31 15:40 --------- d-----w C:\Program Files\Error Repair Professional
2008-08-31 15:40 --------- d-----w C:\Program Files\DOSBox-0.72
2008-08-31 15:40 --------- d-----w C:\Program Files\coverXP
2008-08-31 15:40 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-08-31 13:53 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-08-30 14:45 --------- d-----w C:\Program Files\MagicISO
2008-08-30 14:45 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-08-30 09:22 --------- d-----w C:\Program Files\LimeWire
2008-08-30 00:21 --------- d-----w C:\Program Files\The Rosetta Stone
2008-08-29 20:18 --------- d-----w C:\Documents and Settings\Owner\Application Data\MailWasherPro
2008-08-29 15:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-24 11:23 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso
2008-08-23 08:56 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-22 21:47 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-20 17:09 --------- d-----w C:\Program Files\Mp3tag
2008-08-15 12:31 --------- d-----w C:\Program Files\THQ
2008-08-12 12:10 5,919 ----a-w C:\Program Files\install.log
2008-08-10 21:53 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-03 13:00 --------- d-----w C:\Program Files\PowerISO
2008-08-02 09:22 453,120 ----a-w C:\WINDOWS\system32\drivers\btprot.sys
2008-08-01 13:43 --------- d-----w C:\Program Files\iPod
2008-07-30 08:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\dvdcss
2008-07-30 08:04 23,808 ----a-w C:\WINDOWS\system32\drivers\btiausb.sys
2008-07-30 08:04 10,240 ----a-w C:\WINDOWS\system32\btiaci.dll
2008-07-30 08:04 1,419,232 ----a-w C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-07-28 12:25 37,704 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-21 08:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-20 14:11 --------- d-----w C:\Program Files\Oolite
2008-07-19 14:55 --------- d-----w C:\Program Files\The Bitmap Brothers
2008-07-18 18:34 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-18 11:29 --------- d-----w C:\Program Files\Electronic Arts
2008-07-14 16:17 --------- d-----w C:\Program Files\Windows Live
2008-07-14 15:42 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-07-09 08:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-07-09 08:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-07-07 22:18 729,088 ----a-w C:\WINDOWS\system32\dalek.scr
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 13:24 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-07 13:24 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-07 13:24 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-07 09:37 189,464 ----a-w C:\WINDOWS\system32\drivers\haP17v2k.sys
2008-07-07 09:37 15,896 ----a-w C:\WINDOWS\system32\drivers\pfmodnt.sys
2008-07-07 09:36 797,720 ----a-w C:\WINDOWS\system32\drivers\ha10kx2k.sys
2008-07-07 09:36 162,840 ----a-w C:\WINDOWS\system32\drivers\haP16v2k.sys
2008-07-07 09:35 92,696 ----a-w C:\WINDOWS\system32\drivers\emupia2k.sys
2008-07-07 09:34 157,208 ----a-w C:\WINDOWS\system32\drivers\ctsfm2k.sys
2008-07-07 09:33 14,360 ----a-w C:\WINDOWS\system32\drivers\ctprxy2k.sys
2008-07-07 09:33 127,512 ----a-w C:\WINDOWS\system32\drivers\ctoss2k.sys
2008-07-07 09:32 18,840 ----a-w C:\WINDOWS\system32\drivers\ctgame.sys
2008-07-07 09:32 1,395,992 ----a-w C:\WINDOWS\system32\drivers\CTMMFILT.SYS
2008-07-07 09:31 532,376 ----a-w C:\WINDOWS\system32\drivers\ctaud2k.sys
2008-07-07 09:31 347,080 ----a-w C:\WINDOWS\system32\drivers\ctdvda2k.sys
2008-07-07 09:29 511,000 ----a-w C:\WINDOWS\system32\drivers\ctac32k.sys
2008-07-07 09:29 1,366,424 ----a-w C:\WINDOWS\system32\drivers\CT0531FL.SYS
2008-07-07 07:40 56,108 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-07-06 07:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-07-05 17:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype
2008-07-05 17:05 --------- d-----w C:\Documents and Settings\Owner\Application Data\skypePM
2008-07-04 07:25 495,616 ----a-w C:\WINDOWS\system32\lame_enc.dll
2008-07-03 20:37 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-06-27 16:27 86,016 ----a-w C:\WINDOWS\system32\ctcoinst.dll
2008-06-27 16:27 43,520 ----a-w C:\WINDOWS\system32\CTBurst.dll
2008-06-27 16:27 181,248 ----a-w C:\WINDOWS\system32\ctdvinst.dll
2008-06-27 16:27 11,776 ----a-w C:\WINDOWS\system32\inres.dll
2008-06-27 16:27 11,776 ----a-w C:\WINDOWS\INRES.DLL
2008-06-27 16:25 38,400 ----a-w C:\WINDOWS\system32\readreg.exe
2008-05-15 16:39 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-05-15 16:39 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-05-15 16:39 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051520080516\index.dat
2008-05-15 16:39 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-05 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-05 188416]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-03 116040]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]
"CTHelper"="CTHELPER.EXE" [2008-06-27 C:\WINDOWS\system32\CtHelper.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"msacm.l3codec"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^BOINC Manager.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 20:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-16 14:01 13529088 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 14:01 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-05-06 09:42 202088 C:\Program Files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2008-06-27 17:24 19456 C:\WINDOWS\system32\CtHelper.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"V0270Mon.exe"=C:\WINDOWS\V0270Mon.exe
"nwiz"=nwiz.exe /install
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 COMMONFX.SYS;COMMONFX.SYS;C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
R3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys [2008-07-07 18840]
R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
R3 SaiHFF0C;SaiHFF0C;C:\WINDOWS\system32\DRIVERS\SaiHFF0C.sys [2004-06-11 56576]
R3 SaiUFF0C;SaiUFF0C;C:\WINDOWS\system32\DRIVERS\SaiUFF0C.sys [2004-06-11 19584]
R3 VF0270Dev;Live! Cam Optia;C:\WINDOWS\system32\DRIVERS\V0270Dev.sys [2006-10-16 225632]
R3 VF0270Vfx;VF0270 Video FX;C:\WINDOWS\system32\DRIVERS\V0270VFx.sys [2006-06-19 6912]
S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-07 96520]
S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-07 76040]
S3 BTIAUSB;Generic Bluetooth Device;C:\WINDOWS\system32\DRIVERS\btiausb.sys [2008-07-30 23808]
S3 BTPROT;Generic Bluetooth Filter;C:\WINDOWS\system32\DRIVERS\btprot.sys [2008-08-02 453120]
S3 COMMONFX;COMMONFX;C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 CTAUDFX;CTAUDFX;C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX;C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTSBLFX;CTSBLFX;C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-07 307968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\yphofpre.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npff_gdm.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-05 09:11:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...


C:\DOCUME~1\Frank\LOCALS~1\Temp\RGIBB.tmp

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-09-05 9:17:15
ComboFix-quarantined-files.txt 2008-09-05 08:17:09
ComboFix2.txt 2008-09-03 22:57:37

Pre-Run: 74,481,573,888 bytes free
Post-Run: 74,484,355,072 bytes free

391
Back to top
fxgopher



Joined: Sep 03, 2008
Posts: 6
PostPosted: Fri Sep 05, 2008 4:21 am    Post subject: [Login to view extended thread Info.]
Just in case, I thought I'd kill 2 birds with 1 stone.

Here's a hijack this log from this morning

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:34:15, on 05/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -