ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Owner\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-10-13 to 2006-11-13 )))))))))))))))))))))))))))))))))) 2006-11-12 22:22 8,006 --a------ C:\WINDOWS\comdlj32.dll 2006-11-06 22:59 34,914 -rahs---- C:\WINDOWS\system32\spoolsvv.exe 2006-11-06 16:34 78,488 --a------ C:\WINDOWS\system32\XMD5.dll 2006-11-04 16:40 4,608 --a------ C:\WINDOWS\system32\adir.dll 2006-11-03 17:41 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys 2006-11-03 17:41 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys 2006-11-03 17:41 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys 2006-11-03 17:41 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys 2006-11-03 17:41 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys 2006-11-03 17:41 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys 2006-11-02 18:58 6,293 --a------ C:\WINDOWS\system32\wmstream32.dll 2006-11-02 18:58 50,014 --a------ C:\WINDOWS\system32\adirss.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-12 21:40 -------- d-------- C:\Program Files\ewido anti-malware 2006-11-12 20:25 -------- d-------- C:\Program Files\Robot Arena 2006-11-12 20:25 -------- d-------- C:\Program Files\RegistryFix 2006-11-12 20:24 -------- d-------- C:\Program Files\RecordNow 2006-11-12 20:21 -------- d-------- C:\Program Files\QuickTime 2006-11-12 20:21 -------- d-------- C:\Program Files\QuickenFC 2006-11-12 20:17 -------- d-------- C:\Program Files\PhoTags Express 2006-11-12 20:15 -------- d-------- C:\Program Files\PCFriendly 2006-11-12 20:15 -------- d-------- C:\Program Files\PC-Doctor for Windows XP 2006-11-12 20:01 -------- d-------- C:\Program Files\Messenger 2006-11-12 20:01 -------- d-------- C:\Program Files\Maxis 2006-11-12 20:00 -------- d-------- C:\Program Files\MalwareBot 2006-11-12 19:55 -------- d-------- C:\Program Files\Knowledge Adventure 2006-11-12 19:54 -------- d-------- C:\Program Files\Kazaa Lite K++ 2006-11-12 19:52 -------- d-------- C:\Program Files\IrfanView 2006-11-12 19:45 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-11-12 19:31 -------- d----c--- C:\Program Files\HPSelect 2006-11-12 19:25 -------- d-------- C:\Program Files\HP Instant Support 2006-11-12 19:24 -------- d-------- C:\Program Files\hp deskjet 3820 series 2006-11-12 19:18 -------- d-------- C:\Program Files\Hewlett-Packard 2006-11-12 19:05 -------- d-------- C:\Program Files\Eusing Free Registry Cleaner 2006-11-12 18:55 -------- d-------- C:\Program Files\CleanUp! 2006-11-12 18:54 -------- d-------- C:\Program Files\AltoMP3 Maker 2006-11-12 18:00 -------- d-------- C:\Documents and Settings\Owner\Application Data\Yahoo! 2006-11-04 17:29 -------- d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft 2006-11-04 13:20 -------- d-------- C:\Program Files\Lavasoft 2006-11-03 19:09 -------- d-------- C:\Program Files\Internet Explorer 2006-11-03 17:42 -------- d-------- C:\Documents and Settings\Owner\Application Data\AVG7 2006-11-03 17:41 -------- d-------- C:\Program Files\Grisoft 2006-11-03 17:40 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft 2006-11-02 19:41 -------- d-------- C:\Program Files\Web Publish 2006-09-12 13:46 95232 --a------ C:\WINDOWS\system32\dkifmcg.dll 2006-09-12 13:46 73216 --a------ C:\WINDOWS\system32\bzubmum.dll 2006-08-03 20:43 0 --a------ C:\Program Files\rdluac.exe 2006-08-01 19:53 0 --a------ C:\Program Files\pxbmjnmx.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet" "Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R" "UpdateService"="C:\\WINDOWS\\System32\\wservice.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe" "StorageGuard"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r" "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE" "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe" "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe" "PS2"="C:\\WINDOWS\\system32\\ps2.exe" "checktime"="c:\\program files\\HPSelect\\Frontend\\ct.exe" "HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe" "SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe" "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe" "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe" "Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe" "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe" "SsAAD.exe"="C:\\DOCUME~1\\Owner\\Desktop\\JON'SG~1\\SsAAD.exe" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" "UpdateService"="C:\\WINDOWS\\System32\\wservice.exe" "adir"="C:\\WINDOWS\\System32\\adirss.exe" "spoolsvv"="C:\\WINDOWS\\System32\\spoolsvv.exe" "MalwareBot"="C:\\Program Files\\MalwareBot\\MalwareBot.exe -boot" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,90,01,00,00,00,00,00,00,90,01,00,00,36,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] "Source"="http://www.mugglenet.com/countdown/gof-countdown.php?o=nov18" "SubscribedURL"="http://www.mugglenet.com/countdown/desktop/gof-countdown-nov18.cdf" "FriendlyName"="MuggleNet's Goblet of Fire Movie Countdown (November 18)" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,66,01,00,00,e1,00,00,00,a4,02,00,00,77,00,00,00,ea,\ 03,00,00,00,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:01,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,6a,02,00,00,e1,00,00,00,a0,01,00,00,77,00,\ 00,00,01,00,00,00 "RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:000000ff "_NoDriveTypeAutoRun"=dword:00000000 "NoActiveDesktop"=dword:00000000 "ClassicShell"=dword:00000000 "ForceActiveDesktopOn"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"=dword:00000001 "AllowUnhashedWebView"=dword:00000001 "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "DCOM Server"="" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rpcc HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wmstream32 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\{66D67EBB-4B96-45FC-9495-A2B814EFAB3B}_YOUR-US67PI6LUV_Owner.job Completion time: 06-11-13 17:07:37.32 C:\ComboFix.txt ... 06-11-13 17:07 C:\ComboFix2.txt ... 06-11-12 12:53 C:\ComboFix3.txt ... 06-11-12 12:32