ComboFix 07-08-26.3 - "Owner" 2007-08-28 8:41:58.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.842 [GMT -5:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\cookies.ini C:\WINDOWS\system32\fhhkj.bak1 C:\WINDOWS\system32\fhhkj.bak2 C:\WINDOWS\system32\fhhkj.ini C:\WINDOWS\system32\fhhkj.ini2 C:\WINDOWS\system32\gjjlm.bak1 C:\WINDOWS\system32\gjjlm.bak2 C:\WINDOWS\system32\gjjlm.ini C:\WINDOWS\system32\gjjlm.ini2 C:\WINDOWS\system32\gjjlm.tmp C:\WINDOWS\system32\jjllm.bak1 C:\WINDOWS\system32\jjllm.bak2 C:\WINDOWS\system32\jjllm.ini2 C:\WINDOWS\system32\jjllm.tmp C:\WINDOWS\system32\rqstv.bak1 C:\WINDOWS\system32\rqstv.bak2 C:\WINDOWS\system32\rqstv.ini C:\WINDOWS\system32\rqstv.ini2 C:\WINDOWS\system32\rqstv.tmp C:\WINDOWS\system32\stutv.bak1 C:\WINDOWS\system32\stutv.bak2 C:\WINDOWS\system32\stutv.ini C:\WINDOWS\system32\stutv.ini2 C:\WINDOWS\system32\weaskxgc.dll D:\Autorun.inf ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_DOMAINSERVICE -------\LEGACY_JFJ37 ((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-28 ))))))))))))))))))))))))))))))) 2007-08-28 08:40 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-28 08:17 d-------- C:\WINDOWS\ERUNT 2007-08-27 19:52 d-------- C:\Program Files\Lavasoft 2007-08-27 19:52 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-27 19:36 d-------- C:\DOCUME~1\OWNER~1.BAS\APPLIC~1\Uniblue 2007-08-27 10:46 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2007-08-27 10:19 d-------- C:\Program Files\Common Files\Merge Modules 2007-08-26 07:35 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2007-08-26 07:31 d-------- C:\Program Files\AdVantage 2007-08-26 07:29 d-------- C:\Program Files\DAEMON Tools 2007-08-25 18:05 d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-08-25 16:09 6,473 --ahs---- C:\WINDOWS\system32\opqss.bak1 2007-08-25 15:08 d-------- C:\DOCUME~1\OWNER~1.BAS\APPLIC~1\Thunderbird 2007-08-25 14:47 6,473 --ahs---- C:\WINDOWS\system32\dcbeg.bak1 2007-08-25 13:42 176,128 --a------ C:\WINDOWS\system32\drivers\Jfj37.sys 2007-08-25 13:32 6,473 --ahs---- C:\WINDOWS\system32\pqtss.bak1 2007-08-25 13:23 d-------- C:\Program Files\YCUBED 2007-08-25 10:21 87,608 --a------ C:\DOCUME~1\OWNER~1.BAS\APPLIC~1\inst.exe 2007-08-25 10:21 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-08-25 10:21 47,360 --a------ C:\DOCUME~1\OWNER~1.BAS\APPLIC~1\pcouffin.sys 2007-08-25 10:21 d-------- C:\DOCUME~1\OWNER~1.BAS\APPLIC~1\Vso 2007-08-25 10:21 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\1Click DVD Copy Pro 2007-08-25 10:20 d-------- C:\Program Files\Common Files\Download Manager 2007-08-25 08:48 d-------- C:\DOCUME~1\OWNER~1.BAS\APPLIC~1\SampleView 2007-08-24 18:19 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll 2007-08-24 17:59 d-------- C:\TypeRecorder 2007-08-24 17:59 d-------- C:\Program Files\TypeAgent 2007-08-22 22:24 d-------- C:\DOCUME~1\OWNER~1.BAS\APPLIC~1\WinRAR 2007-08-22 22:11 d-------- C:\Program Files\Blender Foundation 2007-08-22 22:11 d-------- C:\DOCUME~1\OWNER~1.BAS\APPLIC~1\Blender Foundation 2007-08-22 22:04 d-------- C:\zCEP_Uninstaller 2007-08-22 22:04 d-------- C:\TSData 2007-08-22 22:03 d-------- C:\Program Files\SimPE 2007-08-22 13:42 d-------- C:\Program Files\StarshipTycoonDemo 2007-08-22 13:16 d-------- C:\DOCUME~1\OWNER~1.BAS\APPLIC~1\SiteAdvisor 2007-08-19 10:59 967 --a------ C:\WINDOWS\ScUnin.pif 2007-08-19 10:59 94,208 --a------ C:\WINDOWS\ScUnin.exe 2007-08-19 10:59 12,620 --a------ C:\WINDOWS\scunin.dat 2007-08-19 10:58 d-------- C:\Program Files\Starcraft 2007-08-19 10:25 d-------- C:\Program Files\Starcraft Shareware(ED) 2007-08-18 23:20 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet 2007-08-18 23:06 d-------- C:\Program Files\Bonjour 2007-08-18 22:53 d-------- C:\Program Files\Common Files\Macrovision Shared 2007-08-18 16:52 d-------- C:\Program Files\Ideal File Sorter 2007-08-18 16:52 d-------- C:\DOCUME~1\OWNER~1.BAS\APPLIC~1\Ideal File Sorter 2007-08-18 15:17 d-------- C:\Program Files\Ideal Music Sorter 2007-08-18 15:17 d-------- C:\DOCUME~1\OWNER~1.BAS\APPLIC~1\Ideal Mp3 Music Sorter 2007-08-05 18:29 d-------- C:\Program Files\ReplAll 2007-08-02 15:02 d-------- C:\DOCUME~1\OWNER~1.BAS\APPLIC~1\gtk-2.0 2007-08-02 15:02 d-------- C:\DOCUME~1\OWNER~1.BAS\.thumbnails 2007-08-02 14:59 d-------- C:\DOCUME~1\OWNER~1.BAS\.gimp-2.2 2007-08-02 12:24 d-------- C:\Program Files\GIMP-2.0 2007-08-02 12:23 d-------- C:\Program Files\Common Files\GTK 2007-08-02 07:59 364,544 --a------ C:\WINDOWS\system32\cdg.dll 2007-08-02 07:59 348,160 --a------ C:\WINDOWS\system32\cdga.dll 2007-08-02 07:59 14,909 --a------ C:\WINDOWS\system32\A_reg.reg 2007-08-01 21:52 d-------- C:\Program Files\Codec Pack - All In 1 2007-08-01 14:17 d-------- C:\Program Files\Paint Shop Pro 2007-07-30 12:24 32,768 --a------ C:\WINDOWS\system32\FrogASPI.DLL (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-27 19:47 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-08-27 19:47 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec 2007-08-27 11:30 --------- d-------- C:\DOCUME~1\OWNER~1.BAS\APPLIC~1\Azureus 2007-08-27 10:21 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help 2007-08-27 10:19 --------- d-------- C:\Program Files\Microsoft Visual Studio 8 2007-08-26 08:07 --------- d-------- C:\Program Files\EA Games 2007-08-25 20:07 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-08-25 15:07 --------- d-------- C:\Program Files\Mozilla Thunderbird 2007-08-25 10:19 --------- d-------- C:\Program Files\DAP 2007-08-21 23:34 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint 2007-08-19 11:19 --------- d-------- C:\DOCUME~1\OWNER~1.BAS\APPLIC~1\LimeWire 2007-08-19 03:01 --------- d-------- C:\Program Files\Magic MP3 Tagger 2007-08-17 19:44 --------- d-------- C:\Program Files\LimeWire 2007-08-17 11:55 --------- d-------- C:\Program Files\America Online 9.0 2007-08-17 11:55 --------- d-------- C:\DOCUME~1\OWNER~1.BAS\APPLIC~1\AOL 2007-08-17 11:55 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL 2007-08-16 23:23 --------- d-------- C:\DOCUME~1\Zach\APPLIC~1\Apple Computer 2007-08-08 19:19 --------- d-------- C:\DOCUME~1\Zach\APPLIC~1\Chessmaster Challenge 2007-08-06 23:47 --------- d-------- C:\Program Files\Game_Maker7 2007-08-06 22:48 --------- d-------- C:\Program Files\Game_Maker6 2007-08-06 18:31 --------- d-------- C:\Program Files\Mp3 My Mp3 2.0 2007-08-06 11:57 --------- d-------- C:\Program Files\iTunes 2007-08-06 11:56 --------- d-------- C:\Program Files\iPod 2007-08-04 07:20 --------- d-------- C:\DOCUME~1\OWNER~1.BAS\APPLIC~1\IBP 2007-08-02 21:45 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-02 07:59 --------- d-------- C:\Program Files\Cucusoft 2007-08-02 01:19 --------- d-------- C:\Program Files\SwiftSwitch 2007-08-01 21:51 737280 --a------ C:\WINDOWS\iun6002.exe 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-27 08:45 --------- d-------- C:\Program Files\Alwil Software 2007-07-27 00:52 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-07-25 22:03 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip 2007-07-25 22:02 --------- d-------- C:\Program Files\Shockwave.com 2007-07-24 08:10 --------- d-------- C:\DOCUME~1\OWNER~1.BAS\APPLIC~1\Apple Computer 2007-07-23 09:05 1793584 --ahs---- C:\WINDOWS\system32\mlkkj.bak2 2007-07-22 22:45 --------- d-------- C:\Program Files\ReflexiveArcade 2007-07-22 18:46 6488 --ahs---- C:\WINDOWS\system32\mlkkj.bak1 2007-07-22 18:39 6729 --ahs---- C:\WINDOWS\system32\rrqss.ini2 2007-07-22 10:52 6488 --ahs---- C:\WINDOWS\system32\rrqss.bak1 2007-07-22 09:18 6489 --ahs---- C:\WINDOWS\system32\nmllm.bak1 2007-07-22 08:14 6489 --ahs---- C:\WINDOWS\system32\prutv.bak1 2007-07-21 23:04 6488 --ahs---- C:\WINDOWS\system32\wyadd.bak1 2007-07-21 21:55 6488 --ahs---- C:\WINDOWS\system32\svvwa.bak1 2007-07-21 17:41 6488 --ahs---- C:\WINDOWS\system32\rrutv.bak1 2007-07-21 15:54 6488 --ahs---- C:\WINDOWS\system32\wvvwa.bak1 2007-07-21 13:41 6488 --ahs---- C:\WINDOWS\system32\llkkj.bak1 2007-07-21 11:59 6488 --ahs---- C:\WINDOWS\system32\ttstv.bak1 2007-07-21 08:46 --------- d-------- C:\DOCUME~1\OWNER~1.BAS\APPLIC~1\uTorrent 2007-07-21 08:30 6489 --ahs---- C:\WINDOWS\system32\ihhkj.bak1 2007-07-21 08:25 168960 --a------ C:\WINDOWS\system32\drivers\Sosf51.sys 2007-07-17 10:39 --------- d-------- C:\DOCUME~1\Zach\APPLIC~1\Screaming Bee 2007-07-17 10:39 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Screaming Bee 2007-07-17 10:38 --------- d-------- C:\Program Files\Screaming Bee 2007-07-15 23:00 355 --a------ C:\mobile.exe 2007-07-15 20:33 --------- d-------- C:\Program Files\QuickTime 2007-07-15 20:28 --------- d-------- C:\Program Files\Apple Software Update 2007-07-13 19:24 400 --a------ C:\ziton.exe 2007-07-09 20:08 --------- d-------- C:\DOCUME~1\Zach\APPLIC~1\SpinTop 2007-07-08 19:08 --------- d-------- C:\Program Files\Common Files\Apple 2007-07-08 19:08 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple 2007-07-08 19:00 --------- d-------- C:\Program Files\Hasbro Interactive 2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-25 22:30 86016 --a------ C:\WINDOWS\system32\WNASPINT.DLL 2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-14 23:36 10 --a------ C:\WINDOWS\system32\wfxhelp22.dll 2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe 2007-05-31 01:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-05-31 01:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-05-31 01:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-05-31 01:44 740442 --a------ C:\WINDOWS\system32\DivX.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03A108AB-AE3B-464F-A26F-EEAC22224575}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08A2D2DD-CDD4-4264-8F01-FCDE3A451A5A}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1BA11907-8168-4BB5-84D0-45C8128F9222}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FC62C2A-A9B2-44DC-A717-58E7F74ACABE}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D57DC08-A1D3-43C6-B105-71D4F1B3D628}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A0AD691-3C6A-40C9-B47C-CB5921320CBD}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B3F8A93-933C-4DDA-B24C-AEB0697C132A}] C:\WINDOWS\system32\iifefdb.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC35F8FA-F237-4027-B1F8-0B30C24315F8}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBC0B6CB-CF1D-4EFF-9E19-D3D3973B0544}] C:\WINDOWS\system32\mlljj.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DEEEDA41-1F35-41E1-B683-33B62C2807E4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F92CE281-68D9-4B5F-8839-FC1CB00B9381}] C:\WINDOWS\system32\mlljj.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56] "readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 20:44] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 10:32] "nwiz"="nwiz.exe" [2005-09-18 10:32 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 10:32] "CHotkey"="zHotkey.exe" [2004-12-08 19:57 C:\WINDOWS\zHotkey.exe] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 19:07 C:\WINDOWS\system32\HdAShCut.exe] "Reminder"="%WINDIR%\Creator\Remind_XP.exe" [] "Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [] "RTHDCPL"="RTHDCPL.EXE" [2005-09-14 13:38 C:\WINDOWS\RTHDCPL.EXE] "D-Link AirPlus Xtreme G"="C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe" [2003-11-04 17:00] "ANIWZCSService"="C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 16:12] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44] "DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2007-08-24 18:19] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-27 10:49] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00] "NoAds"="C:\Program Files\NoAds\NoAds.exe" [2006-12-03 12:02] "NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2007-05-08 17:25] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-08-22 21:15] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Power2GoExpress"=NA "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" C:\DOCUME~1\OWNER~1.BAS\STARTM~1\Programs\Startup\ Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 12:57:16] C:\DOCUME~1\Zach\STARTM~1\Programs\Startup\ Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 12:57:16] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{8B3F8A93-933C-4DDA-B24C-AEB0697C132A}"= C:\WINDOWS\system32\iifefdb.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayw] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifefdb] iifefdb.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhf] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhi] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkklkl] jkkklkl.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkklm] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjg] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljj] C:\WINDOWS\system32\mlljj.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnlifg] opnlifg.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvwwv] tuvvwwv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsqr] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuts] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winexy32] winexy32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyxyx] xxyyxyx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk] backup=C:\WINDOWS\pss\Extender Resource Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TMMonitor.lnk] backup=C:\WINDOWS\pss\TMMonitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage] "C:\Program Files\AdVantage\AdVantage.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\1&1] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\1&1\1&1 EasyLogin] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe] "1&1 EasyLogin" HIDE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] C:\Program Files\Common Files\AOL\1147376554\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TM Control] C:\WINDOWS\system32\TMController.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AOL TopSpeedMonitor"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 "AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.EXE" -b [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe R2 CdaD10BA;CdaD10BA;\??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys R3 AV88BASE;Cx2388x Base Driver;C:\WINDOWS\system32\drivers\av88base.sys R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys S2 AppMSVC;Application Mobile Service;"C:\WINDOWS\system32\mui\apisvc.exe" S3 DrvFltIp;DrvFltIp;\??\C:\Program Files\MRBDG\DrvFltIp.sys S3 EraserUtilDrvI3;EraserUtilDrvI3;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI3.sys S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PCTINDIS5.SYS S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe -k QWAVE S3 QWAVEDRV;QWAVE driver;C:\WINDOWS\system32\DRIVERS\qwavedrv.sys S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] QWAVE QWAVE Contents of the 'Scheduled Tasks' folder 2007-08-20 16:48:42 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2006-07-20 01:20:57 C:\WINDOWS\Tasks\ISP signup reminder 2.job - C:\WINDOWS\system32\OOBE\oobebaln.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-28 08:45:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-28 8:48:21 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-28 08:48 --- E O F ---