ComboFix 08-01-23.1C - Kenneth 2008-01-27 18:59:07.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.647 [GMT -5:00]
Running from: C:\Documents and Settings\Kenneth\Desktop\ComboFix(2).exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.
2008-01-27 18:31 . 2008-01-27 18:31 <DIR> d-------- C:\Program Files\uTorrent
2008-01-27 18:14 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-01-27 16:41 . 2008-01-27 17:12 <DIR> d-------- C:\VundoFix Backups
2008-01-27 15:34 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-27 14:03 . 2008-01-27 14:03 338,432 --a------ C:\WINDOWS\system32\RCX351.tmp
2008-01-27 08:57 . 2008-01-27 08:57 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-01-27 08:56 . 2008-01-27 09:02 <DIR> d-------- C:\Program Files\The Cleaner Free
2008-01-27 07:33 . 2008-01-27 07:34 <DIR> d-------- C:\Program Files\XoftSpySE
2008-01-27 06:25 . 2008-01-27 06:25 1,994 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-27 06:24 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-27 06:24 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-27 06:24 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-27 06:24 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-27 06:24 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-27 06:24 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-26 14:16 . 2008-01-26 14:16 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-01-24 19:38 . 2008-01-24 19:40 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-01-24 15:19 . 2008-01-24 15:22 <DIR> d-------- C:\Program Files\MP3 WAV WMA Converter
2008-01-21 14:30 . 2007-09-27 12:08 692,224 --a------ C:\WINDOWS\system32\ijjiSetup.exe
2008-01-21 14:30 . 2007-06-21 18:59 58,776 --a------ C:\WINDOWS\system32\ijjiPlugin2.dll
2008-01-20 01:52 . 2008-01-22 10:45 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-20 01:52 . 2008-01-20 01:52 96 --a------ C:\index.ini
2008-01-20 01:51 . 2008-01-20 01:53 <DIR> d-------- C:\Program Files\a-squared HiJackFree
2008-01-20 01:14 . 2008-01-20 01:14 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-20 00:21 . 2008-01-27 18:54 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 2
2008-01-20 00:10 . 2008-01-20 00:10 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-01-20 00:09 . 2008-01-20 00:09 268 --ah----- C:\sqmdata01.sqm
2008-01-20 00:09 . 2008-01-20 00:09 244 --ah----- C:\sqmnoopt01.sqm
2008-01-20 00:07 . 2008-01-20 00:10 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-01-19 23:49 . 2008-01-19 23:49 2,014 -rah----- C:\WINDOWS\system32\drivers\hosts
2008-01-19 23:48 . 2008-01-19 23:49 <DIR> d-------- C:\Program Files\RogueRemover PRO
2008-01-19 23:47 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-19 23:41 . 2008-01-19 23:44 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-01-19 21:57 . 2008-01-19 23:18 174,592 --a------ C:\WINDOWS\system32\LEXPPS .EXE
2008-01-19 20:56 . 2008-01-19 21:03 338,432 --a------ C:\WINDOWS\system32\mlljg.exe
2008-01-19 20:41 . 2008-01-19 20:41 <DIR> d-------- C:\WINDOWS\system32\nGpxx01
2008-01-19 20:41 . 2008-01-27 07:21 <DIR> d-------- C:\Temp
2008-01-18 10:35 . 2008-01-27 16:09 <DIR> d-------- C:\Program Files\iTunes
2008-01-18 10:35 . 2008-01-18 10:35 <DIR> d-------- C:\Program Files\iPod
2008-01-18 10:34 . 2008-01-18 10:34 <DIR> d-------- C:\Program Files\Bonjour
2008-01-18 10:33 . 2008-01-27 16:09 <DIR> d-------- C:\Program Files\QuickTime
2008-01-17 16:31 . 2008-01-17 16:43 <DIR> d-------- C:\Program Files\Crimson Editor
2008-01-17 07:04 . 2008-01-18 10:11 <DIR> d-------- C:\Program Files\MP3 Rocket
2008-01-16 17:38 . 2008-01-17 18:00 <DIR> d-------- C:\World of Warcraft
2008-01-16 17:27 . 2008-01-16 17:27 <DIR> d-------- C:\ijji
2008-01-16 12:02 . 2008-01-16 12:02 <DIR> d-------- C:\Program Files\Webroot
2008-01-16 12:02 . 2008-01-16 12:02 <DIR> d-------- C:\Program Files\AskSBar
2008-01-16 12:02 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-01-16 12:02 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-01-16 12:02 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-01-16 12:02 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-01-16 12:02 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-01-16 12:01 . 2008-01-16 12:30 164 --a------ C:\install.dat
2008-01-16 11:48 . 2008-01-16 11:48 268 --ah----- C:\sqmdata02.sqm
2008-01-16 11:48 . 2008-01-16 11:48 244 --ah----- C:\sqmnoopt02.sqm
2008-01-15 21:53 . 2008-01-15 21:53 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-01-12 22:39 . 2005-08-11 15:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-01-10 19:29 . 2008-01-10 19:29 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-10 17:08 . 2008-01-10 17:08 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-01-10 17:00 . 2008-01-10 17:00 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-04 22:04 . 2008-01-04 22:12 <DIR> d-------- C:\Program Files\RegCure
2008-01-04 20:14 . 2008-01-04 20:14 <DIR> d-------- C:\Program Files\Radeon Omega Drivers
2008-01-04 19:25 . 2008-01-04 19:25 <DIR> d-------- C:\Program Files\ATI Technologies
2008-01-04 19:04 . 2008-01-04 19:25 <DIR> d-------- C:\WINDOWS\uninstall\DirectX Buster
2008-01-04 19:04 . 2008-01-04 19:04 <DIR> d-------- C:\WINDOWS\uninstall
2008-01-04 19:04 . 2008-01-04 19:25 <DIR> d-------- C:\Program Files\DirectX Buster
2008-01-04 18:32 . 2008-01-04 19:25 <DIR> d-------- C:\ATI(2)
2008-01-04 18:26 . 2008-01-04 19:25 <DIR> d-------- C:\Program Files\Driver Cleaner Pro
2008-01-04 16:54 . 2008-01-04 19:31 <DIR> d-------- C:\Program Files\Microsoft DirectX SDK (November 2007)
2008-01-04 16:00 . 2007-08-22 21:06 352,256 --a------ C:\WINDOWS\system32\ATIDEMGX(2).dll
2008-01-03 15:59 . 2008-01-03 15:59 <DIR> d-------- C:\Program Files\BillP Studios
2008-01-02 16:42 . 2005-07-24 22:56 1,237,863 --a------ C:\WINDOWS\system32\ms98.cab
2008-01-02 16:42 . 2004-12-14 13:56 3,561 --a------ C:\WINDOWS\system32\HPMICE.PCX
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 23:31 --------- d-----w C:\Program Files\FlashGet
2008-01-27 21:09 --------- d-----w C:\Program Files\MSN Messenger
2008-01-27 21:09 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-01-27 21:09 --------- d-----w C:\Program Files\Dealio
2008-01-27 21:09 --------- d-----w C:\Program Files\AIM6
2008-01-27 19:30 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-27 19:30 107,832 -c--a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-26 18:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-25 22:51 --------- d-----w C:\Program Files\Xfire
2008-01-24 20:32 --------- d-----w C:\Program Files\WarRock
2008-01-20 06:58 --------- d-----w C:\Program Files\iMesh Applications
2008-01-20 06:45 --------- d-----w C:\Program Files\Lexmark 4200 Series
2008-01-20 05:08 --------- d-----w C:\Program Files\Real
2008-01-20 03:05 499,200 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe.tmp
2008-01-19 23:56 --------- d-----w C:\Program Files\DivX
2008-01-18 15:08 --------- d-----w C:\Program Files\Java
2008-01-16 22:41 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-01-13 03:39 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-05 01:14 472,576 ----a-w C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
2008-01-04 00:51 --------- d-----w C:\Program Files\Yahoo!
2008-01-03 21:47 --------- d-----w C:\Program Files\MultiRes
2007-12-13 21:45 --------- d-----w C:\Program Files\BearShare Applications
2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-05 03:05 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-05 02:56 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-05 02:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-05 02:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-05 02:53 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-05 02:48 9,535,488 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-05 02:19 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-05 02:19 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-05 02:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-05 02:16 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-05 02:14 180,224 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-28 22:45 --------- d-----w C:\Program Files\Viewpoint
2007-11-28 22:44 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-28 22:08 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-11-26 14:55 230,481 ----a-w C:\WINDOWS\Piolet_Toolbar_Uninstaller_6093.exe
2007-11-21 08:02 98,304 -c--a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-19 21:37 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2007-10-29 22:43 1,287,680 -c--a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 10:04 350,720 ----a-w C:\WINDOWS\system32\SET5.tmp
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-07-26 01:01 3,580 ----a-w C:\Program Files\INSTALL.LOG
2001-09-28 21:00 164,864 -c--a-w C:\Program Files\UNWISE.EXE
.
[code]
----a-w 1,816,208 2008-01-22 10:48:43 C:\Program Files\a-squared Anti-Malware\a2guard .exe
----a-w 2,007,088 2008-01-27 20:09:59 C:\Program Files\FlashGet\FlashGet .exe
----a-w 57,344 2008-01-20 06:45:32 C:\Program Files\Lexmark 4200 Series\lxbmbmgr .exe
----a-w 1,694,208 2008-01-20 02:59:06 C:\Program Files\Messenger\msmsgs .exe
----a-w 304,632 2008-01-20 03:04:38 C:\Program Files\Verizon\Verizon Internet Security Suite\Rps .exe
----a-w 13,816 2008-01-20 04:19:07 C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR .exe
----a-w 5,367,664 2008-01-27 12:08:02 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
----a-w 174,592 2008-01-20 04:18:49 C:\WINDOWS\system32\LEXPPS .EXE
[/code]
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-01-16 12:02 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}]
C:\Program Files\ISM\BndDrive7.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDDF3383-EC5F-49DF-A8B6-CEC2D8F6164C}]
2007-11-26 09:55 798720 --a--c--- C:\Program Files\Piolet Toolbar\v3.2.0.0\Piolet_Toolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF986924-D69B-8812-E820-FF8A30F02EE1}]
C:\WINDOWS\system32\ohsdvi.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-01-16 12:02 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46C4-B683-905236F6F655}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}
{C75C8E7E-5059-4469-AC11-D7544B260382}
{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
[HKEY_CLASSES_ROOT\clsid\{c75c8e7e-5059-4469-ac11-d7544b260382}]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{C75C8E7E-5059-4469-AC11-D7544B260382}"= C:\Program Files\Piolet Toolbar\v3.2.0.0\Piolet_Toolbar.dll [2007-11-26 09:55 798720]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-01-16 12:02 267592]
[HKEY_CLASSES_ROOT\clsid\{c75c8e7e-5059-4469-ac11-d7544b260382}]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"Eijdrkcz"="C:\Documents and Settings\Kenneth\Application Data\?dobe\explorer.exe" [ ]
"WebCamRT.exe"="" []
"ISMModule7"="C:\Program Files\ISM\ISMModule7.exe" [ ]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [ ]
"Shsi"="C:\DOCUME~1\Kenneth\MYDOCU~1\WNSXS~1\msdtc.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" []
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 33280 C:\WINDOWS\system32\rundll32.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" [ ]
"Flashget"="C:\Program Files\FlashGet\FlashGet .exe" [ ]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [ ]
C:\Documents and Settings\Cindy\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-12-03 16:35:53 147456]
C:\Documents and Settings\rob\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-12-03 16:35:53 147456]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnopq]
pmnnopq.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Kenneth^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Kenneth\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Kenneth^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\Kenneth\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Kenneth^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Kenneth\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActiveSpeed]
C:\Program Files\Ascentive\ActiveSpeed\AS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
C:\Program Files\AGEIA Technologies\TrayIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
--a------ 2006-02-21 20:05 344064 C:\WINDOWS\system32\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
C:\Program Files\Dealio\DealioAU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmsrs.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e3391b63.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer4_in_1]
C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\FlashGet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IFStub]
C:\WINDOWS\Temp\Adware\InstaFinderK_inst .exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\install]
C:\WINDOWS\WINDOWS\install.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Security Suite]
C:\Program Files\Verizon\Internet Security Suite\Freedom.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\irssyncd]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ityj]
C:\Program Files\??sks\chkntfs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\Kazaa\kazaa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 4200 Series]
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
--a------ 2008-01-19 21:03 338432 C:\WINDOWS\system32\mlljg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MicroSys-CheckAjour]
C:\Program Files\Micro-Sys Software\Ajour\ChkAjour.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NexonPlug]
C:\Nexon\NexonPlug\NexonPlug.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 12:22 86016 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAS_Check]
C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize2 Reminder]
C:\Program Files\PCPitstop\Optimize2\Reminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]
C:\Program Files\Ascentive\Performance Center\ApcMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pop06ap]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask .exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean]
C:\Program Files\RegClean\RegClean.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\tsitra11.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6_Check]
C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shsi]
C:\PROGRA~1\COMMON~1\WNSXS~1\ati2evxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon Internet Security Suite]
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
C:\Program Files\Zune\ZuneLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"RP_FWS"=2 (0x2)
"RPSUpdaterR"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"dvpapi"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ATI Smart"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"LexBceS"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 02:55]
R2 MAudioMicroService;M-Audio Micro Installer;C:\Program Files\M-Audio\M-Audio Micro\MAUSBMRInst.exe [2007-08-13 09:35]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S3 geebers12;geebers12;C:\Documents and Settings\Kenneth\Desktop\blorbslayerengine\nvid888.sys []
S3 Intels51;Intel(R) 536EP V.92 Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2002-05-10 08:31]
S3 MAUSBML;Service for M-Audio Micro (WDM);C:\WINDOWS\system32\DRIVERS\mausbmr.sys [2007-04-27 09:38]
S3 MS1000;MS1000;C:\WINDOWS\system32\DRIVERS\MS1000.sys [2008-01-27 08:57]
S3 oflpydin;oflpydin;C:\DOCUME~1\Kenneth\LOCALS~1\Temp\oflpydin.sys []
S3 Radialpoint Security Services;Verizon Internet Security Suite;C:\WINDOWS\system32\dllhost.exe [2004-08-03 23:56]
S3 XDva028;XDva028;C:\WINDOWS\system32\XDva028.sys []
S3 XDva030;XDva030;C:\WINDOWS\system32\XDva030.sys []
S3 XDva058;XDva058;C:\WINDOWS\system32\XDva058.sys []
S3 XDva062;XDva062;C:\WINDOWS\system32\XDva062.sys []
S3 XDva068;XDva068;C:\WINDOWS\system32\XDva068.sys []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 22:40:52 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-27 20:10:22 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert .ex
- C:\Program Files\AdwareAlert
"2008-01-17 01:56:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-27 23:19:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-25 08:30:01 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
- C:\Program Files\RegClean
"2008-01-27 22:15:05 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-24 09:10:51 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-16 17:02:29 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- A:\
"2008-01-27 22:14:59 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-01-27 12:33:16 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 19:03:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-27 19:04:22
ComboFix-quarantined-files.txt 2008-01-28 00:04:06
ComboFix2.txt 2008-01-27 22:13:09
ComboFix3.txt 2008-01-27 21:34:00
.
2007-12-11 12:42:14 --- E O F ---
