ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Owner" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Documents and Settings\Owner\Application Data\Install.dat C:\Program Files\secure32.html C:\WINDOWS\system32\kernels8.exe C:\WINDOWS\system32\maxd641.exe ((((((((((((((((((((((((((((((( Files Created from 2006-10-12 to 2006-11-12 )))))))))))))))))))))))))))))))))) 2006-11-11 20:15 5,707 C:\Documents and Settings\Owner\oroXpfT.exe 2006-11-10 22:07 5,707 --a------ C:\Documents and Settings\Owner\Pr6N2fk.exe 2006-11-09 17:23 5,707 --a------ C:\Documents and Settings\Owner\IUP8bOr.exe 2006-11-08 19:34 5,707 --a------ C:\Documents and Settings\Owner\o4dswuF.exe 2006-11-08 16:56 5,707 --a------ C:\Documents and Settings\Owner\EHbL0an.exe 2006-11-06 23:16 5,707 --a------ C:\Documents and Settings\Owner\mME38lB.exe 2006-11-06 22:59 8,006 --a------ C:\WINDOWS\comdlj32.dll 2006-11-06 22:59 34,914 -rahs---- C:\WINDOWS\system32\spoolsvv.exe 2006-11-06 22:57 5,707 --a------ C:\Documents and Settings\Owner\kUa83Uw.exe 2006-11-06 16:34 78,488 --a------ C:\WINDOWS\system32\XMD5.dll 2006-11-06 15:34 5,707 --a------ C:\Documents and Settings\Owner\r7Wv5dh.exe 2006-11-06 15:18 5,707 --a------ C:\Documents and Settings\Owner\R3ruLU1.exe 2006-11-04 16:41 16,457 --a------ C:\WINDOWS\system32\taskdir~.exe 2006-11-04 16:40 4,608 --a------ C:\WINDOWS\system32\adir.dll 2006-11-04 15:11 5,707 --a------ C:\Documents and Settings\Owner\pHgA8Xh.exe 2006-11-04 13:11 5,707 --a------ C:\Documents and Settings\Owner\D3ve67b.exe 2006-11-04 12:51 5,707 --a------ C:\WINDOWS\system32\iRs10Wp.exe 2006-11-04 12:22 5,707 --a------ C:\Documents and Settings\Owner\H3BNrcu.exe 2006-11-04 08:24 5,707 --a------ C:\Documents and Settings\Owner\O2U4hHn.exe 2006-11-03 22:00 5,707 --a------ C:\Documents and Settings\Owner\d622P52.exe 2006-11-03 21:34 5,707 --a------ C:\Documents and Settings\Owner\t1785KL.exe 2006-11-03 21:00 5,707 --a------ C:\Documents and Settings\Owner\rD5oK5d.exe 2006-11-03 20:53 5,707 --a------ C:\Documents and Settings\Owner\Mo4CnBP.exe 2006-11-03 20:17 5,707 --a------ C:\Documents and Settings\Owner\r1s0HTi.exe 2006-11-03 17:41 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys 2006-11-03 17:41 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys 2006-11-03 17:41 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys 2006-11-03 17:41 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys 2006-11-03 17:41 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys 2006-11-03 17:41 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys 2006-11-02 23:25 5,707 --a------ C:\WINDOWS\system32\T2knGkA.exe 2006-11-02 23:22 5,707 --a------ C:\Documents and Settings\Owner\pP8rqcC.exe 2006-11-02 23:06 23,040 --a------ C:\WINDOWS\sp_m2_v105_22.exe 2006-11-02 22:59 5,707 --a------ C:\Documents and Settings\Owner\lpgQj13.exe 2006-11-02 21:44 5,707 --a------ C:\Documents and Settings\Owner\xM2Sjk5.exe 2006-11-02 21:23 5,707 --a------ C:\WINDOWS\system32\testtestt.exe 2006-11-02 20:47 5,707 --a------ C:\WINDOWS\system32\o60rwp7.exe 2006-11-02 20:06 5,707 --a------ C:\Documents and Settings\Owner\nw3a30P.exe 2006-11-02 19:43 108,032 --a------ C:\WINDOWS\system32\loaded.exe 2006-11-02 19:42 5,707 --a------ C:\WINDOWS\system32\X7jE1jv.exe 2006-11-02 19:42 5,707 --a------ C:\WINDOWS\system32\c3lGQop.exe 2006-11-02 19:36 5,707 --a------ C:\Documents and Settings\Owner\EG17kh3.exe 2006-11-02 19:26 5,707 --a------ C:\Documents and Settings\Owner\tveq7X8.exe 2006-11-02 19:20 5,707 --a------ C:\WINDOWS\system32\G2lNa5F.exe 2006-11-02 18:58 60,489 --a------ C:\WINDOWS\system32\image1.gif.exe 2006-11-02 18:58 6,293 --a------ C:\WINDOWS\system32\wmstream32.dll 2006-11-02 18:58 57,417 --a------ C:\WINDOWS\system32\ss.exe.exe 2006-11-02 18:58 50,014 --a------ C:\WINDOWS\system32\adirss.exe 2006-11-02 18:58 5,707 --a------ C:\WINDOWS\system32\c5KnoKQ.exe 2006-11-02 18:58 5,705 --a------ C:\WINDOWS\system32\se.exe.exe 2006-11-02 18:58 26,112 --a------ C:\WINDOWS\system32\rpcc.dll 2006-11-02 18:58 16,457 --a------ C:\WINDOWS\system32\w.exe.exe 2006-11-02 18:58 15,947 ---h----- C:\WINDOWS\system32\wservice.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-12 12:23 -------- d-------- C:\Program Files\Mozilla Firefox 2006-11-11 20:23 -------- d-------- C:\Program Files\Spot the Diff' 2 2006-11-11 20:23 -------- d-------- C:\Program Files\Sierra On-Line 2006-11-11 20:23 -------- d-------- C:\Program Files\PokerStars 2006-11-11 20:22 -------- d-------- C:\Program Files\PhoTags Express 2006-11-11 20:22 -------- d-------- C:\Program Files\PCFriendly 2006-11-11 20:22 -------- d-------- C:\Program Files\PC-Doctor for Windows XP 2006-11-11 20:21 -------- d----c--- C:\Program Files\HPSelect 2006-11-11 20:21 -------- d-------- C:\Program Files\MalwareBot 2006-11-11 20:21 -------- d-------- C:\Program Files\Knowledge Adventure 2006-11-11 20:21 -------- d-------- C:\Program Files\Kazaa Lite K++ 2006-11-11 20:21 -------- d-------- C:\Program Files\IrfanView 2006-11-11 20:20 -------- d-------- C:\Program Files\HP Instant Support 2006-11-11 20:20 -------- d-------- C:\Program Files\hp deskjet 3820 series 2006-11-11 20:20 -------- d-------- C:\Program Files\ewido anti-malware 2006-11-11 20:20 -------- d-------- C:\Program Files\Eusing Free Registry Cleaner 2006-11-11 20:20 -------- d-------- C:\Program Files\CleanUp! 2006-11-11 20:20 -------- d-------- C:\Program Files\AltoMP3 Maker 2006-11-08 16:56 -------- d-------- C:\Documents and Settings\Owner\Application Data\Yahoo! 2006-11-04 17:29 -------- d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft 2006-11-04 15:24 -------- d-------- C:\Program Files\RegistryFix 2006-11-04 13:20 -------- d-------- C:\Program Files\Lavasoft 2006-11-03 21:46 -------- d-------- C:\Program Files\Robot Arena 2006-11-03 21:46 -------- d-------- C:\Program Files\RecordNow 2006-11-03 21:46 -------- d-------- C:\Program Files\QuickTime 2006-11-03 21:46 -------- d-------- C:\Program Files\QuickenFC 2006-11-03 21:45 -------- d-------- C:\Program Files\Messenger 2006-11-03 21:45 -------- d-------- C:\Program Files\Maxis 2006-11-03 19:09 -------- d-------- C:\Program Files\Internet Explorer 2006-11-03 17:42 -------- d-------- C:\Documents and Settings\Owner\Application Data\AVG7 2006-11-03 17:41 -------- d-------- C:\Program Files\Grisoft 2006-11-03 17:40 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft 2006-11-02 19:41 -------- d-------- C:\Program Files\Web Publish 2006-09-12 13:46 95232 --a------ C:\WINDOWS\system32\dkifmcg.dll 2006-09-12 13:46 73216 --a------ C:\WINDOWS\system32\bzubmum.dll 2006-08-03 20:43 0 --a------ C:\Program Files\rdluac.exe 2006-08-01 19:53 0 --a------ C:\Program Files\pxbmjnmx.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet" "Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R" "UpdateService"="C:\\WINDOWS\\System32\\wservice.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe" "StorageGuard"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r" "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE" "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe" "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe" "PS2"="C:\\WINDOWS\\system32\\ps2.exe" "checktime"="c:\\program files\\HPSelect\\Frontend\\ct.exe" "HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe" "SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe" "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe" "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe" "Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe" "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe" "SsAAD.exe"="C:\\DOCUME~1\\Owner\\Desktop\\JON'SG~1\\SsAAD.exe" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" "UpdateService"="C:\\WINDOWS\\System32\\wservice.exe" "adir"="C:\\WINDOWS\\System32\\adirss.exe" "spoolsvv"="C:\\WINDOWS\\System32\\spoolsvv.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,36,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] "Source"="http://www.mugglenet.com/countdown/gof-countdown.php?o=nov18" "SubscribedURL"="http://www.mugglenet.com/countdown/desktop/gof-countdown-nov18.cdf" "FriendlyName"="MuggleNet's Goblet of Fire Movie Countdown (November 18)" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,66,01,00,00,e1,00,00,00,a4,02,00,00,77,00,00,00,ea,\ 03,00,00,00,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:01,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,6a,02,00,00,e1,00,00,00,a0,01,00,00,77,00,\ 00,00,01,00,00,00 "RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:000000ff "_NoDriveTypeAutoRun"=dword:00000000 "NoActiveDesktop"=dword:00000000 "ClassicShell"=dword:00000000 "ForceActiveDesktopOn"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"=dword:00000001 "AllowUnhashedWebView"=dword:00000001 "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "DCOM Server"="" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rpcc HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wmstream32 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\{66D67EBB-4B96-45FC-9495-A2B814EFAB3B}_YOUR-US67PI6LUV_Owner.job Completion time: 06-11-12 12:32:06.17 C:\ComboFix.txt ... 06-11-12 12:32