Here are the combofix and hijackthis logs:
ComboFix
ComboFix 08-02-23 - Owner 2008-02-23 16:48:23.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.66 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.
The following files were disabled during the run:C:\WINDOWS\system32\sockspy.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\aewlkqwm.ini
C:\WINDOWS\system32\akxqfopj.dllbox
C:\WINDOWS\system32\atlvbhfe.ini
C:\WINDOWS\system32\ayhxyytw.ini
C:\WINDOWS\system32\blrtvxwg.ini
C:\WINDOWS\system32\bltdpdiv.ini
C:\WINDOWS\system32\bncfconm.ini
C:\WINDOWS\system32\bqlivexy.ini
C:\WINDOWS\system32\brktbahu.ini
C:\WINDOWS\system32\bvwqrqfm.ini
C:\WINDOWS\system32\cayubcrn.ini
C:\WINDOWS\system32\corehqdw.ini
C:\WINDOWS\system32\corkweko.ini
C:\WINDOWS\system32\cvbrxpec.ini
C:\WINDOWS\system32\dbloxyyw.ini
C:\WINDOWS\system32\dbqmxcvj.ini
C:\WINDOWS\system32\ddwgiqlw.ini
C:\WINDOWS\system32\dfaugwca.ini
C:\WINDOWS\system32\dnkvxmoi.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\drubjaat.ini
C:\WINDOWS\system32\dsfhusiu.ini
C:\WINDOWS\system32\dstcmwyj.ini
C:\WINDOWS\system32\ecdmmdyx.ini
C:\WINDOWS\system32\epobsiwp.ini
C:\WINDOWS\system32\etuccjqw.ini
C:\WINDOWS\system32\ewvgfdhv.ini
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\fbcknysx.dllbox
C:\WINDOWS\system32\fcqnenhb.ini
C:\WINDOWS\system32\fpkfnkvr.ini
C:\WINDOWS\system32\fuvhuouc.ini
C:\WINDOWS\system32\fwewllcw.ini
C:\WINDOWS\system32\gddflbso.ini
C:\WINDOWS\system32\gjllm.bak1
C:\WINDOWS\system32\gjllm.bak2
C:\WINDOWS\system32\gjllm.ini
C:\WINDOWS\system32\gjllm.ini2
C:\WINDOWS\system32\gjllm.tmp
C:\WINDOWS\system32\glsebwyp.dllbox
C:\WINDOWS\system32\gojikowd.ini
C:\WINDOWS\system32\govqshwj.ini
C:\WINDOWS\system32\gqbnhogm.ini
C:\WINDOWS\system32\gtxgilyy.ini
C:\WINDOWS\system32\gvwrgblx.ini
C:\WINDOWS\system32\hawaidan.ini
C:\WINDOWS\system32\hjydhmvp.ini
C:\WINDOWS\system32\hmfnskcq.ini
C:\WINDOWS\system32\hoswpqql.ini
C:\WINDOWS\system32\hrgtqrvs.ini
C:\WINDOWS\system32\hxrgkomp.ini
C:\WINDOWS\system32\iayacoil.ini
C:\WINDOWS\system32\imdosnpk.ini
C:\WINDOWS\system32\imyheeps.ini
C:\WINDOWS\system32\jawioeiv.ini
C:\WINDOWS\system32\jcddyysa.ini
C:\WINDOWS\system32\jeqqaxll.ini
C:\WINDOWS\system32\jgbrrfxi.ini
C:\WINDOWS\system32\jgdnyrvo.ini
C:\WINDOWS\system32\jsalynio.ini
C:\WINDOWS\system32\jsvpbmus.ini
C:\WINDOWS\system32\jxjluibs.ini
C:\WINDOWS\system32\kdqqgtos.ini
C:\WINDOWS\system32\kmllm.bak1
C:\WINDOWS\system32\kmllm.ini
C:\WINDOWS\system32\krqpgvjh.ini
C:\WINDOWS\system32\lalctsyy.ini
C:\WINDOWS\system32\ldowyobr.ini
C:\WINDOWS\system32\lilffcun.ini
C:\WINDOWS\system32\lklxcjqf.ini
C:\WINDOWS\system32\lncpnmvx.ini
C:\WINDOWS\system32\lnfbalvv.ini
C:\WINDOWS\system32\lqciigvf.ini
C:\WINDOWS\system32\lrbjfvdo.ini
C:\WINDOWS\system32\ltrfopbx.ini
C:\WINDOWS\system32\luiwthrm.ini
C:\WINDOWS\system32\luwedbbu.ini
C:\WINDOWS\system32\mayiihkc.ini
C:\WINDOWS\system32\mjaorpum.ini
C:\WINDOWS\system32\nfefvrtn.ini
C:\WINDOWS\system32\njlmllbu.ini
C:\WINDOWS\system32\nnflyjnu.ini
C:\WINDOWS\system32\npbobdne.ini
C:\WINDOWS\system32\oiuhfdeg.ini
C:\WINDOWS\system32\omgtejkc.ini
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\poxuumaq.ini
C:\WINDOWS\system32\pqlcmuvb.ini
C:\WINDOWS\system32\pqwxiety.ini
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\pxiwuwix.ini
C:\WINDOWS\system32\pymjsxug.ini
C:\WINDOWS\system32\qbkbatwu.ini
C:\WINDOWS\system32\qcgxfwxj.ini
C:\WINDOWS\system32\qcujkoxb.ini
C:\WINDOWS\system32\qhlvegol.ini
C:\WINDOWS\system32\qhuqnjpp.ini
C:\WINDOWS\system32\qmrjdofo.ini
C:\WINDOWS\system32\rcunakev.ini
C:\WINDOWS\system32\rcvhyohs.ini
C:\WINDOWS\system32\roltpfrr.ini
C:\WINDOWS\system32\rqgsybya.ini
C:\WINDOWS\system32\rrartmkc.ini
C:\WINDOWS\system32\rtaerujq.ini
C:\WINDOWS\system32\rtmfbxvm.ini
C:\WINDOWS\system32\ruqxanrw.ini
C:\WINDOWS\system32\rysvuwhc.ini
C:\WINDOWS\system32\slueuwqk.ini
C:\WINDOWS\system32\sucspsjg.ini
C:\WINDOWS\system32\thjfmdgr.ini
C:\WINDOWS\system32\tqcwotww.dllbox
C:\WINDOWS\system32\trgmdsow.ini
C:\WINDOWS\system32\tukygbhy.ini
C:\WINDOWS\system32\twcmumhy.ini
C:\WINDOWS\system32\twoqynnd.ini
C:\WINDOWS\system32\uahsxbhe.ini
C:\WINDOWS\system32\umsjenyf.ini
C:\WINDOWS\system32\uvhnmyfr.ini
C:\WINDOWS\system32\vbiwtuit.ini
C:\WINDOWS\system32\vjcchdmv.ini
C:\WINDOWS\system32\vvndxdkh.ini
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wfrqzufd.dllbox
C:\WINDOWS\system32\wfsgvfrr.ini
C:\WINDOWS\system32\wggswjjh.ini
C:\WINDOWS\system32\whddreen.ini
C:\WINDOWS\system32\wjyueudt.ini
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\wphgknma.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NPF
-------\NPF
((((((((((((((((((((((((( Files Created from 2008-01-24 to 2008-02-24 )))))))))))))))))))))))))))))))
.
2008-02-21 17:29 . 2008-02-21 17:29 <DIR> d-------- C:\Program Files\Winamp Remote
2008-02-21 17:29 . 2008-02-21 17:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-02-18 08:55 . 2008-02-18 08:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-16 05:19 . 2008-02-16 05:24 568 --a------ C:\WINDOWS\wininit.ini
2008-02-15 23:26 . 2008-02-19 10:20 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-02-15 23:25 . 2008-02-15 23:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-15 23:24 . 2008-02-15 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-15 23:24 . 2008-02-19 10:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-15 23:19 . 2008-02-17 16:47 <DIR> d-------- C:\Program Files\a-squared Free
2008-02-15 19:20 . 2008-02-23 17:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-15 19:20 . 2008-02-15 19:20 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-14 20:59 . 2008-02-17 01:01 <DIR> d-------- C:\VundoFix Backups
2008-02-14 17:16 . 2008-02-14 20:58 1,242,540 --ahs---- C:\WINDOWS\system32\wxyeebgx.ini
2008-02-14 15:56 . 2008-02-14 16:42 1,242,300 --ahs---- C:\WINDOWS\system32\ygncvhxn.ini
2008-02-14 14:35 . 2008-02-15 22:18 <DIR> d-------- C:\Program Files\xInsIDE
2008-02-14 14:35 . 2008-02-15 22:18 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-02-13 06:59 . 2008-02-13 06:59 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SlipStream
2008-02-13 06:02 . 2008-02-14 14:40 1,180,456 --ahs---- C:\WINDOWS\system32\wuyufkmh.ini
2008-02-12 10:29 . 2008-02-12 13:32 1,223,562 --ahs---- C:\WINDOWS\system32\xnpdjiqk.ini
2008-02-08 23:25 . 2008-02-08 23:26 <DIR> d-------- C:\Program Files\FreeMPC
2008-02-06 12:45 . 2008-02-06 16:51 1,201,688 --ahs---- C:\WINDOWS\system32\yemevsim.ini
2008-02-04 08:16 . 2008-02-04 11:08 1,192,838 --ahs---- C:\WINDOWS\system32\wwcybcbo.ini
2008-02-03 09:49 . 2008-02-03 09:49 1,188,672 --ahs---- C:\WINDOWS\system32\xgqtilbg.ini
2008-02-01 18:47 . 2008-02-02 00:38 414 --ahs---- C:\WINDOWS\system32\phnnvfei.ini
2008-02-01 14:41 . 2008-02-01 18:45 1,188,492 --ahs---- C:\WINDOWS\system32\xemrkwxr.ini
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-30 22:02 . 2008-01-30 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-29 18:29 . 2008-01-29 18:29 1,167,005 --ahs---- C:\WINDOWS\system32\wxifbmoh.ini
2008-01-29 09:27 . 2008-01-29 10:18 1,167,417 --ahs---- C:\WINDOWS\system32\yxljynjb.ini
2008-01-28 11:00 . 2008-01-28 11:00 1,155,539 --ahs---- C:\WINDOWS\system32\xkxanqqo.ini
2008-01-26 21:20 . 2008-01-26 21:20 <DIR> d-------- C:\WINDOWS\system32\7173777A7E777E8
2008-01-26 16:10 . 2008-01-26 15:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\T?sks
2008-01-26 16:05 . 2008-01-26 15:52 <DIR> d-------- C:\WINDOWS\system32\çasks
2008-01-26 16:05 . 2007-07-11 09:42 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2008-01-26 16:04 . 2008-01-26 16:04 <DIR> d-------- C:\Program Files\Common Files\A?pPatch
2008-01-26 16:03 . 2008-01-26 15:47 <DIR> d-------- C:\WINDOWS\system32\A?pPatch
2008-01-26 16:02 . 2008-01-26 16:02 <DIR> d-------- C:\Program Files\Common Files\M?crosoft
2008-01-26 16:00 . 2004-03-31 23:58 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-01-26 15:58 . 2008-01-26 15:51 <DIR> d-------- C:\Program Files\M?crosoft
2008-01-26 15:58 . 2008-01-26 15:48 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\M?crosoft.NET
2008-01-26 15:57 . 2008-01-26 15:57 <DIR> d-------- C:\WINDOWS\system32\?ymantec
2008-01-26 15:57 . 2008-01-26 16:04 <DIR> d-------- C:\Program Files\Common Files\A?pPatch
2008-01-26 15:57 . 2008-01-26 15:51 <DIR> d-------- C:\Program Files\M?crosoft.NET
2008-01-26 15:55 . 2007-12-04 20:58 <DIR> d---s---- C:\WINDOWS\Tasks
2008-01-26 15:55 . 2008-01-26 15:55 <DIR> d-------- C:\Program Files\Common Files\T?sks
2008-01-26 15:55 . 2008-01-26 15:50 <DIR> d-------- C:\Program Files\Common Files\?icrosoft
2008-01-26 15:55 . 2007-04-21 20:56 <DIR> d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-01-26 15:55 . 2008-01-26 15:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\çasks
2008-01-26 15:54 . 2008-01-26 15:49 <DIR> d-------- C:\WINDOWS\system32\M?crosoft.NET
2008-01-26 15:54 . 2004-03-31 23:58 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-01-26 15:54 . 2008-01-26 15:50 <DIR> d-------- C:\WINDOWS\àdobe
2008-01-26 15:54 . 2008-01-26 15:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\çasks
2008-01-26 15:54 . 2007-04-21 20:56 <DIR> d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-01-26 15:53 . 2008-01-26 15:51 <DIR> d-------- C:\WINDOWS\çasks
2008-01-26 15:53 . 2008-02-15 23:22 <DIR> d-------- C:\WINDOWS\system
2008-01-26 15:53 . 2008-01-26 15:53 <DIR> d-------- C:\Program Files\àppPatch
2008-01-26 15:53 . 2008-01-26 15:53 <DIR> d-------- C:\Program Files\Common Files\?ymbols
2008-01-26 15:53 . 2008-01-26 15:53 <DIR> d-------- C:\Program Files\Common Files\?ssembly
2008-01-26 15:53 . 2008-01-26 15:49 <DIR> d-------- C:\Program Files\Common Files\àppPatch
2008-01-26 15:53 . 2008-01-26 15:53 <DIR> d-------- C:\Program Files\?racle
2008-01-26 15:53 . 2008-01-26 15:49 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\àppPatch
2008-01-26 15:53 . 2008-01-26 15:47 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\s?mbols
2008-01-26 15:52 . 2008-01-26 15:52 <DIR> d-------- C:\WINDOWS\system32\çasks
2008-01-26 15:52 . 2008-01-26 15:52 <DIR> d-------- C:\WINDOWS\system32\a?sembly
2008-01-26 15:52 . 2008-01-26 15:52 <DIR> d-------- C:\WINDOWS\system32\?ssembly
2008-01-26 15:52 . 2008-01-26 15:51 <DIR> d-------- C:\WINDOWS\system32\s?curity
2008-01-26 15:52 . 2008-01-26 15:52 <DIR> d-------- C:\WINDOWS\S?mantec
2008-01-26 15:52 . 2008-01-21 19:20 <DIR> dr--s---- C:\WINDOWS\Fonts
2008-01-26 15:52 . 2007-12-04 20:58 <DIR> d---s---- C:\WINDOWS\Tasks
2008-01-26 15:52 . 2007-03-23 21:07 <DIR> d-------- C:\WINDOWS\AppPatch
2008-01-26 15:52 . 2005-02-06 16:26 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-26 15:52 . 2008-01-26 15:52 <DIR> d-------- C:\Program Files\?icrosoft.NET
2008-01-26 15:52 . 2008-01-26 15:52 <DIR> d-------- C:\Program Files\?ecurity
2008-01-26 15:51 . 2008-01-26 15:51 <DIR> d-------- C:\WINDOWS\çasks
2008-01-26 15:51 . 2008-01-26 15:51 <DIR> d-------- C:\WINDOWS\system32\àdobe
2008-01-26 15:51 . 2008-01-26 15:51 <DIR> d-------- C:\WINDOWS\system32\s?curity
2008-01-26 15:51 . 2008-01-26 15:46 <DIR> d-------- C:\WINDOWS\system32\àppPatch
2008-01-26 15:51 . 2008-01-26 15:46 <DIR> d-------- C:\WINDOWS\system32\S?mantec
2008-01-26 15:51 . 2007-07-11 09:42 <DIR> dr--s---- C:\WINDOWS\assembly
2008-01-26 15:51 . 2008-02-23 17:06 <DIR> d-------- C:\WINDOWS\system32
2008-01-26 15:51 . 2008-01-26 15:51 <DIR> d-------- C:\Program Files\s?mbols
2008-01-26 15:51 . 2008-01-26 15:51 <DIR> d-------- C:\Program Files\M?crosoft.NET
2008-01-26 15:51 . 2008-01-26 15:51 <DIR> d-------- C:\Program Files\M?crosoft
2008-01-26 15:51 . 2008-01-26 15:51 <DIR> d-------- C:\Program Files\Common Files\çasks
2008-01-26 15:51 . 2008-01-26 15:51 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET
2008-01-26 15:51 . 2008-01-26 15:50 <DIR> d-------- C:\Program Files\Common Files\S?mantec
2008-01-26 15:51 . 2008-01-26 15:48 <DIR> d-------- C:\Program Files\a?sembly
2008-01-26 15:51 . 2008-01-26 15:51 <DIR> d-------- C:\Program Files\M?crosoft
2008-01-26 15:51 . 2007-04-21 20:56 <DIR> d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-01-26 15:50 . 2008-01-26 15:50 <DIR> d-------- C:\WINDOWS\àppPatch
2008-01-26 15:50 . 2008-01-26 15:50 <DIR> d-------- C:\WINDOWS\àdobe
2008-01-26 15:50 . 2008-01-26 15:50 <DIR> d-------- C:\WINDOWS\system32\T?sks
2008-01-26 15:50 . 2008-01-26 15:50 <DIR> d-------- C:\WINDOWS\system32\?racle
2008-01-26 15:50 . 2008-01-26 15:46 <DIR> d-------- C:\WINDOWS\system32\?icrosoft.NET
2008-01-26 15:50 . 2004-03-31 23:58 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-01-26 15:50 . 2007-03-23 21:07 <DIR> d-------- C:\WINDOWS\AppPatch
2008-01-26 15:50 . 2008-01-26 15:49 <DIR> d-------- C:\WINDOWS\?icrosoft
2008-01-26 15:50 . 2008-02-15 23:22 <DIR> d-------- C:\WINDOWS\system
2008-01-26 15:50 . 2007-07-11 09:42 <DIR> d-------- C:\WINDOWS\Microsoft.NET
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 00:08 --------- d-----w C:\Program Files\Greetings Workshop
2008-02-22 13:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2008-02-22 00:37 --------- d-----w C:\Program Files\Winamp
2008-02-20 19:22 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-18 15:40 --------- d-----w C:\Program Files\themexp
2008-02-18 15:40 --------- d-----w C:\Program Files\Safe-Share
2008-02-18 15:40 --------- d-----r C:\Program Files\Programs
2008-02-16 06:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-16 05:59 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-14 23:47 --------- d-----w C:\Documents and Settings\Michael\Application Data\StumbleUpon
2008-02-14 21:35 --------- d-----w C:\Program Files\Common Files\wiuq
2008-02-12 18:31 --------- d-----w C:\Program Files\GetRight
2008-02-10 03:29 --------- d-----w C:\Program Files\QuickTime
2008-01-31 05:02 --------- d-----w C:\Program Files\Lavasoft
2008-01-31 05:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-30 05:22 --------- d-----w C:\Documents and Settings\Owner\Application Data\Winamp
2008-01-26 23:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\??sks
2008-01-26 22:58 --------- d-----w C:\Program Files\??crosoft
2008-01-26 22:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\??crosoft.NET
2008-01-26 22:57 10 ----a-w C:\Program Files\.autoreg
2008-01-26 22:57 --------- d-----w C:\Program Files\Common Files\??pPatch
2008-01-26 22:57 --------- d-----w C:\Program Files\??crosoft.NET
2008-01-26 22:55 --------- d-----w C:\Program Files\Common Files\?icrosoft
2008-01-26 22:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\?icrosoft
2008-01-26 22:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\?asks
2008-01-26 22:54 --------- d-----w C:\Documents and Settings\Owner\Application Data\?asks
2008-01-26 22:54 --------- d-----w C:\Documents and Settings\Owner\Application Data\??crosoft
2008-01-26 22:53 --------- d-----w C:\Program Files\Common Files\?ymbols
2008-01-26 22:53 --------- d-----w C:\Program Files\Common Files\?ssembly
2008-01-26 22:53 --------- d-----w C:\Program Files\Common Files\?ppPatch
2008-01-26 22:53 --------- d-----w C:\Program Files\?racle
2008-01-26 22:53 --------- d-----w C:\Program Files\?ppPatch
2008-01-26 22:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\?ppPatch
2008-01-26 22:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\??mbols
2008-01-26 22:52 --------- d-----w C:\Program Files\Common Files\?dobe
2008-01-26 22:52 --------- d-----w C:\Program Files\?icrosoft.NET
2008-01-26 22:52 --------- d-----w C:\Program Files\?ecurity
2008-01-26 22:51 --------- d-----w C:\Program Files\Common Files\?icrosoft.NET
2008-01-26 22:51 --------- d-----w C:\Program Files\Common Files\?asks
2008-01-26 22:51 --------- d-----w C:\Program Files\Common Files\??mantec
2008-01-26 22:51 --------- d-----w C:\Program Files\??sembly
2008-01-26 22:51 --------- d-----w C:\Program Files\??crosoft
2008-01-26 22:51 --------- d-----w C:\Documents and Settings\Owner\Application Data\?icrosoft
2008-01-26 22:50 --------- d-----w C:\Program Files\Common Files\?ystem
2008-01-26 22:50 --------- d-----w C:\Program Files\Common Files\?icrosoft
2008-01-26 22:50 --------- d-----w C:\Program Files\Common Files\??stem32
2008-01-26 22:50 --------- d-----w C:\Program Files\Common Files\??sembly
2008-01-26 22:50 --------- d-----w C:\Program Files\?ystem32
2008-01-26 22:50 --------- d-----w C:\Program Files\??stem
2008-01-26 22:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\?icrosoft.NET
2008-01-26 22:48 --------- d-----w C:\Program Files\Common Files\?ymantec
2008-01-26 22:47 --------- d-----w C:\Program Files\Common Files\?ystem32
2008-01-26 22:46 --------- d-----w C:\Program Files\??sks
2008-01-26 22:46 --------- d-----w C:\Program Files\??pPatch
2008-01-26 22:46 --------- d-----w C:\Documents and Settings\Owner\Application Data\??sks
2008-01-26 22:46 --------- d-----w C:\Documents and Settings\Owner\Application Data\??pPatch
2008-01-26 22:46 --------- d-----w C:\Documents and Settings\Owner\Application Data\??crosoft
2008-01-21 06:05 --------- d-----w C:\Program Files\easetech
2008-01-21 05:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\foobar2000
2008-01-21 05:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-16 02:21 --------- d-----w C:\Program Files\iTunes
2008-01-16 02:21 --------- d-----w C:\Program Files\iPod
2008-01-15 20:58 --------- d-----w C:\Program Files\Album Player Locator
2008-01-11 04:13 --------- d-----w C:\Program Files\eMule
2008-01-05 20:32 --------- d-----w C:\Program Files\Burrrn
2008-01-05 00:54 --------- d-----w C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-01-03 20:09 --------- d-----w C:\Program Files\Monkey's Audio
2008-01-02 10:14 --------- d-----w C:\Documents and Settings\Michael\Application Data\Search Settings
2007-12-28 20:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\Search Settings
2007-12-28 20:29 --------- d-----w C:\Program Files\Dealio
2007-12-28 20:28 --------- d-----w C:\Program Files\Search Settings
2007-12-28 20:27 --------- d-----w C:\Program Files\Common Files\SWF Studio
2007-12-28 20:26 --------- d-----w C:\Program Files\Free Audio Pack
2007-12-28 20:03 --------- d-----w C:\Program Files\Medieval Software
2007-12-25 00:47 --------- d-----w C:\Program Files\SoundTaxi
2007-09-23 02:25 31 ----a-w C:\Documents and Settings\Michael\getfile.dat
2007-09-22 18:21 31 ----a-w C:\Documents and Settings\Owner\getfile.dat
2007-08-07 14:54 31 ----a-w C:\Documents and Settings\Maggie\getfile.dat
2007-07-16 20:14 94,208 ----a-w C:\Program Files\markup.ovl
2007-07-16 20:14 86,016 ----a-w C:\Program Files\topic.top
2007-07-16 20:14 1,351,680 ----a-w C:\Program Files\study.not
2007-07-06 05:26 81,920 ----a-w C:\Program Files\Bookmarks.lst
2007-04-03 10:12 16,240,640 ------w C:\Program Files\tsk.cmt
2007-03-24 07:55 6,639 ----a-w C:\Documents and Settings\Owner\Application Data\unins000.dat
2007-03-24 07:54 682,266 ----a-w C:\Documents and Settings\Owner\Application Data\unins000.exe
2007-01-01 15:09 4,956,160 ----a-w C:\Program Files\e-Sword.exe
2006-12-30 20:59 204,800 ----a-w C:\Program Files\robertson.har
2006-12-27 03:09 65,863 ----a-w C:\Program Files\Readme.pdf
2006-12-21 20:01 19,096 ----a-w C:\Program Files\License.pdf
2006-11-14 15:49 14,680,064 ----a-w C:\Program Files\kjv+.bbl
2006-08-13 08:56 88 ----a-w C:\Program Files\Twilight Zone.theme
2006-08-10 06:31 8,067 ----a-w C:\Documents and Settings\Owner\newpics.zip
2005-09-20 20:27 84 ----a-w C:\Documents and Settings\Owner\config.dat
2005-08-18 14:58 6,334,464 ------w C:\Program Files\asv.bbl
2005-02-08 17:19 237,568 ----a-w C:\Program Files\RichEdit.ocx
2004-12-20 15:25 14,602,240 ------w C:\Program Files\History of the Christian Church.top
2004-08-11 03:16 3,016,704 ------w C:\Program Files\abs.map
2004-07-07 21:57 8,591 ----a-w C:\Program Files\e-Sword.tip
2003-10-16 22:29 6,830,080 ------w C:\Program Files\mediterranean.map
2003-10-01 03:30 823,296 ------w C:\Program Files\classic.map
2007-08-12 01:47 6,421 --sha-w C:\WINDOWS\system32\cccdd.bak1
2007-08-13 17:10 1,713,671 --sha-w C:\WINDOWS\system32\cccdd.bak2
2007-08-13 17:13 1,713,862 --sha-w C:\WINDOWS\system32\cccdd.ini2
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 13:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dfe02be0-f2d6-4666-b58e-002163a87ff4}]
C:\WINDOWS\system32\ewenlmub.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2007-12-06 11:58 1198432 --a------ C:\Program Files\Search Settings\kb125\SearchSettings.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F20CEF7E-299E-43E2-ABC8-215DA75EC9FB}]
C:\WINDOWS\system32\mlljg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2B7677C-EC71-4A42-B51E-9ECBF79EFFC3}]
C:\WINDOWS\system32\mllmk.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{11359F4A-B191-42D7-905A-594F8CF0387B}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{E0E899AB-F487-11D5-8D29-0050BA6940E3}
{5093EB4C-3E93-40AB-9266-B607BA87BDC8}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{CBF6F119-EA59-4612-96C3-EFD538C88C0A}
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 13:06 1135968]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [ ]
"Skado"="" []
"Desktop Cycler Changer"="C:\Program Files\Desktop Cycler\Changer.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [2008-02-08 00:18 1429504]
"BackgroundSwitcher"="C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe" [2008-01-22 05:11 907152]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 13:02 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sunasDtServ"="C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe" [2005-03-18 14:04 843776]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2007-12-06 11:58 1069920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"40408b53"="C:\WINDOWS\system32\nadiawah.dll" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-16 11:34 579072]
"sunasServ"="C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe" [2005-03-18 12:40 430080]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 15:54 37376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-15 23:25 219136]
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-04-01 14:15:28 36864]
C:\Documents and Settings\Guest\Start Menu\Programs\Startup\
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-04-01 14:15:28 36864]
C:\Program Files\Programs\Startup\
DeskSweeper.lnk - C:\Program Files\DeskSweeper\DeskSweeper.exe [1999-03-09 236032]
Greetings Workshop Reminders.lnk - C:\Program Files\Greetings Workshop\GWREMIND.EXE [1996-06-25 40448]
Web Chrono Desktop.lnk - C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{D8D0D7C9-C4CA-4BE1-9CEC-384DCBB238DD}\WebChronoDesktop.exe [2005-10-23 10:21:40 3638]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-11-27 13:44:55 1073152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkhecd]
jkkhecd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljkkli]
mljkkli.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tqcwotww]
tqcwotww.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar]
c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
--a------ 2005-07-02 13:36 421888 C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent]
--a------ 2005-07-01 20:58 8192 C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent]
--a------ 2005-07-02 13:35 33280 C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2003-02-11 20:02 61440 C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2004-12-10 19:44 11776 C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunasDTServ]
--a------ 2005-03-18 14:04 843776 C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunasServ]
--a------ 2005-03-18 12:40 430080 C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USSShReg]
--a------ 1997-11-23 20:16 20992 C:\PROGRA~1\ULEADS~1\ULEADP~1\SSaver\Ussshreg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2004-01-16 04:33 49152 C:\WINDOWS\system32\VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampControlbandUpdate]
C:\Program Files\WinampControlBand\Update.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]
C:\Program Files\WildTangent\Apps\GameChannel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"XCOMM"=2 (0x2)
"VSSERV"=2 (0x2)
"iPod Service"=3 (0x3)
"bdss"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Winamp\\winamp.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Abacast\\Abaclient.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\WINDOWS\\system32\\ElectricSheep.scr"=
"C:\\Documents and Settings\\Michael\\My Documents\\My Documents\\michael's stuff\\games\\Video games\\BZflag\\BZFlag2.0.8\\bzflag.exe"=
"C:\\Documents and Settings\\Michael\\My Documents\\My Documents\\michael's stuff\\games\\Video games\\BZflag\\BZFlag2.0.8\\bzfs.exe"=
"C:\\Documents and Settings\\Michael\\My Documents\\Michael's folders\\BZFlag2.0.8\\bzflag.exe"=
"C:\\Documents and Settings\\Michael\\My Documents\\Michael's folders\\games\\Video games\\BZflag\\BZFlag2.0.8\\bzflag.exe"=
"C:\WINDOWS\system32\bsvruujl.exe"= C:\WINDOWS\system32\bsv
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Documents and Settings\\Michael\\My Documents\\Michael's folders\\BZflag\\BZFlag2.0.10\\bzflag.exe"=
"F:\\BZFlag2.0.8\\bzflag.exe"=
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\Michael\\My Documents\\Michael's folders\\BZflag\\BZFlag2.0.8\\bzflag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57225:TCP"= 57225:TCP:Pando P2P TCP Listening Port
"57225:UDP"= 57225:UDP:Pando P2P UDP Listening Port
"9020:TCP"= 9020:TCP:BZFLAG
R2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender8\filespy.sys [2005-08-09 19:31]
R3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2006-08-11 16:56]
S1 rxp;rxp;C:\WINDOWS\system32\drivers\rxp.sys []
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{daf6ba03-6a1b-11db-a929-00112f057540}]
\Shell\AutoRun\command - F:\SYS\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-02-13 02:01:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-17 16:59:02 C:\WINDOWS\Tasks\iRadio task 7.job"
- C:\PROGRA~1\3aLab\iRadio\iRadio.exe
"2008-02-22 16:00:00 C:\WINDOWS\Tasks\Kitchen.job"
- C:\WINDOWS\Kitchen.scr
"2008-02-22 22:12:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-23 17:09:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\sockspy.dll
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\sockspy.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-02-23 17:21:26 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-02-24 00:21:21
.
2008-02-14 22:06:28 --- E O F ---
HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:22:32 PM, on 2/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\kmd.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\DeskSweeper\DeskSweeper.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.isp.com/members/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
R3 - URLSearchHook: radiojazz Toolbar - {cbf6f119-ea59-4612-96c3-efd538c88c0a} - C:\Program Files\radiojazz\tbrad0.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_5_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: askBar BHO - {5A074B21-F830-49de-A31B-5BB9D7F6B407} - C:\Program Files\AskBar\bar\bin\askBar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: SafeIE Utility - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - C:\WINDOWS\system32\safeie.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\PROGRA~1\MASSDO~1\MDHELPER.DLL (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: radiojazz Toolbar - {cbf6f119-ea59-4612-96c3-efd538c88c0a} - C:\Program Files\radiojazz\tbrad0.dll
O2 - BHO: {4ff78a36-1200-e85b-6664-6d2f0eb20efd} - {dfe02be0-f2d6-4666-b58e-002163a87ff4} - C:\WINDOWS\system32\ewenlmub.dll (file missing)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O2 - BHO: (no name) - {F20CEF7E-299E-43E2-ABC8-215DA75EC9FB} - C:\WINDOWS\system32\mlljg.dll (file missing)
O2 - BHO: (no name) - {F2B7677C-EC71-4A42-B51E-9ECBF79EFFC3} - C:\WINDOWS\system32\mllmk.dll (file missing)
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_5_0.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: radiojazz Toolbar - {cbf6f119-ea59-4612-96c3-efd538c88c0a} - C:\Program Files\radiojazz\tbrad0.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [sunasDtServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [40408b53] rundll32.exe "C:\WINDOWS\system32\nadiawah.dll",b
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Desktop Cycler Changer] C:\Program Files\Desktop Cycler\Changer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [BackgroundSwitcher] C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: HP Organize.lnk = ? (User 'SYSTEM')
O4 - S-1-5-18 Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: HP Organize.lnk = ? (User 'Default user')
O4 - .DEFAULT Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe (User 'Default user')
O4 - .DEFAULT User Startup: HP Organize.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe (User 'Default user')
O4 - Startup: DeskSweeper.lnk = C:\Program Files\DeskSweeper\DeskSweeper.exe
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Web Chrono Desktop.lnk = ?
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &Download all by WellGet - C:\Program Files\WellGet\nxall.htm
O8 - Extra context menu item: &Save Image to Folder -
res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveimagestofolder.html
O8 - Extra context menu item: &Save Image to MyStuff -
res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveimages.html
O8 - Extra context menu item: &Save Link to Folder -
res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveltof.html
O8 - Extra context menu item: &Save Link to MyStuff -
res://C:\Program Files\AskBar\bar\bin\askBar.dll/savelink.html
O8 - Extra context menu item: &Save Page to Folder... -
res://C:\Program Files\AskBar\bar\bin\askBar.dll/savepagetofolder.html
O8 - Extra context menu item: &Save this Page to MyStuff -
res://C:\Program Files\AskBar\bar\bin\askBar.dll/savewebpage.html
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: + &Mass Downloader: download this file - C:\Program Files\Mass Downloader\Add_Url.htm
O8 - Extra context menu item: + Mass Downloader: download &All files - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Add to AD Black List - C:\MICHAE~1\other\browsers\AVANTB~1\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\MICHAE~1\other\browsers\AVANTB~1\AddAllToADBlackList.htm
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by &WellGet - C:\Program Files\WellGet\nxcatch.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: Download using LeechGet -
file://C:\Program Files\LeechGet 2006\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard -
file://C:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\MICHAE~1\other\browsers\AVANTB~1\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\MICHAE~1\other\browsers\AVANTB~1\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\MICHAE~1\other\browsers\AVANTB~1\OpenInNewBrowser.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Parse with LeechGet -
file://C:\Program Files\LeechGet 2006\\Parser.html
O8 - Extra context menu item: Search - C:\MICHAE~1\other\browsers\AVANTB~1\Search.htm
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: StumbleUpon: &Blog This -
res://StumbleUponIEBar.dll/blogimageO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\Program Files\Internet Radio\Radio.exe (file missing)
O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} - C:\Program Files\WellGet\WellGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe (file missing)
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.stumbleupon.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {11111111-1111-1111-1111-111191113457} -
file://c:\ied_s7.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) -
http://www.streamaudio.com/download/ccpm_0237.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {33331111-1111-1111-1111-611111193457} -
file://c:\wx.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} -
file://c:\wx.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
http://www.systemrequirementslab.com/sysreqlab2.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 3249008340O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} -
http://69.56.176.78/webplugin.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMe ... loader.cabO16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) -
http://h20270.www2.hp.com/ediags/gmn/in ... ction3.cabO16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) -
http://www.buzme.com/ActiveX/BMAXSetup.cabO16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} -
http://dictionary.reference.com/tools/t ... lexico.cabO16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) -
http://photos.msn.com/resources/neutral ... 10,0,910,0O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O20 - Winlogon Notify: jkkhecd - jkkhecd.dll (file missing)
O20 - Winlogon Notify: mljkkli - mljkkli.dll (file missing)
O20 - Winlogon Notify: tqcwotww - tqcwotww.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
--
End of file - 16084 bytes