ComboFix 07-10-11.1 - A....Erica 2007-10-10 18:50:08.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.147 [GMT -4:00] Running from: C:\Documents and Settings\A....Erica\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\check_LSA7.txt C:\Documents and Settings\A....Erica\Application Data\DOBE~1 C:\Documents and Settings\A....Erica\Application Data\install.dat C:\Documents and Settings\A....Erica\Application Data\install.dat C:\Documents and Settings\A....Erica\Application Data\macromedia\Flash Player\#SharedObjects\GGPW9WRT\www.broadcaster.com C:\Documents and Settings\A....Erica\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Documents and Settings\A....Erica\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\Documents and Settings\A....Erica\Application Data\WinAntiSpyware 2007 Free C:\Documents and Settings\A....Erica\Application Data\WinAntiSpyware 2007 Free\DownloadUWAS7.url C:\Documents and Settings\A....Erica\Application Data\WinAntiSpyware 2007 Free\DownloadUWAS7.url C:\Documents and Settings\A....Erica\Application Data\WinAntiSpyware 2007 C:\Documents and Settings\A....Erica\Application Data\WinAntiSpyware 2007\Logs\update.log C:\Documents and Settings\A....Erica\Application Data\WinAntiSpyware 2007\Logs\update.log C:\Documents and Settings\A....Erica\Application Data\YMANTE~1 C:\Documents and Settings\A....Erica\My Documents\SEMBLY~1 C:\Documents and Settings\A....Erica\Start Menu\Programs\Outerinfo C:\Documents and Settings\A....Erica\Start Menu\Programs\Outerinfo\Terms.lnk C:\Documents and Settings\A....Erica\Start Menu\Programs\Outerinfo\Uninstall.lnk C:\Documents and Settings\All Users\Application Data.\salesmonitor C:\Documents and Settings\All Users\Application Data.\winantispyware 2007 C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\ProductCode C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode C:\Program Files\Common Files\fnts~1 C:\Program Files\Common Files\fnts~1\F?nts\ C:\Program Files\ComPlus Applications\lavu.dll C:\Program Files\ComPlus Applications\lavu198.dll C:\Program Files\ComPlus Applications\lavu706.dll C:\Program Files\ComPlus Applications\profsy.html C:\tempc2 C:\tempc2\tmpFF.log C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\temp\brr C:\temp\brr\tmpZTF.log C:\Temp\fse C:\Temp\fse\tmpZTF.log C:\WINDOWS\cookies.ini C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N99M2908NetInstaller.exe C:\WINDOWS\mantec~1 C:\WINDOWS\system32\A1 C:\WINDOWS\system32\A1\kq22011.exe C:\WINDOWS\system32\ajfmdkdt.dll C:\WINDOWS\SYSTEM32\alndlgjj.ini C:\WINDOWS\system32\amiejtya.exe C:\WINDOWS\system32\awtsr.exe C:\WINDOWS\SYSTEM32\awvtt.dll C:\WINDOWS\system32\b02FdUe C:\WINDOWS\system32\B1 C:\WINDOWS\system32\bfiuyxwd.exe C:\WINDOWS\system32\bioedvbb.exe C:\WINDOWS\system32\biydqspv.exe C:\WINDOWS\system32\bjinoubo.exe C:\WINDOWS\system32\bmqbpfph.exe C:\WINDOWS\system32\bprmajvv.dll C:\WINDOWS\SYSTEM32\bvktpebh.ini C:\WINDOWS\system32\bwooqciq.exe C:\WINDOWS\SYSTEM32\byjypaww.ini C:\WINDOWS\system32\cfphofsk.dll C:\WINDOWS\system32\chjrraef.exe C:\WINDOWS\system32\configs C:\WINDOWS\system32\cqeudxmn.exe C:\WINDOWS\system32\dcpiexqw.exe C:\WINDOWS\system32\defecjhp.exe C:\WINDOWS\system32\dloofkav.exe C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\dwbpytab.exe C:\WINDOWS\system32\dxekkiak.exe C:\WINDOWS\system32\dxywqjlt.dll C:\WINDOWS\system32\dyypuovx.exe C:\WINDOWS\system32\edwtdmex.exe C:\WINDOWS\system32\elomcixd.exe C:\WINDOWS\SYSTEM32\encidfoo.ini C:\WINDOWS\system32\eqydyqtd.exe C:\WINDOWS\system32\erbuwweq.exe C:\WINDOWS\system32\ERSMEM.dll C:\WINDOWS\SYSTEM32\esoususr.ini C:\WINDOWS\system32\euadbfxa.exe C:\WINDOWS\SYSTEM32\evoepect.ini C:\WINDOWS\system32\f02WtR C:\WINDOWS\system32\f02WtR\f02WtR1065.exe C:\WINDOWS\system32\fgvldtct.exe C:\WINDOWS\system32\fomqylnp.exe C:\WINDOWS\system32\fpnmcpco.exe C:\WINDOWS\system32\frihuiaq.exe C:\WINDOWS\system32\fsktgfow.exe C:\WINDOWS\system32\fuowyvbe.exe C:\WINDOWS\system32\fyyvjotx.dll C:\WINDOWS\system32\gbwaebqu.exe C:\WINDOWS\system32\gdeammat.exe C:\WINDOWS\system32\geolgffg.exe C:\WINDOWS\system32\gfcshabo.exe C:\WINDOWS\system32\gheffgmk.exe C:\WINDOWS\system32\gqfmkrkv.exe C:\WINDOWS\system32\gssibuxs.exe C:\WINDOWS\system32\hbeptkvb.dll C:\WINDOWS\system32\HELOST.dll C:\WINDOWS\system32\hjjjftbm.exe C:\WINDOWS\system32\hldnslac.exe C:\WINDOWS\system32\hlpobugk.dll C:\WINDOWS\system32\hnvutqyv.exe C:\WINDOWS\system32\homakcmd.exe C:\WINDOWS\system32\hrsyckwu.exe C:\WINDOWS\system32\icclicdf.exe C:\WINDOWS\system32\icplvgxu.dll C:\WINDOWS\system32\ilexqofo.exe C:\WINDOWS\system32\ilyllgjs.exe C:\WINDOWS\system32\imjsxaju.exe C:\WINDOWS\system32\inkhsdmk.dll C:\WINDOWS\system32\itdmbcwy.exe C:\WINDOWS\system32\ituffjdt.exe C:\WINDOWS\system32\ityfqtfv.exe C:\WINDOWS\system32\iwefjhrx.dll C:\WINDOWS\system32\iyarsbbq.exe C:\WINDOWS\system32\jjgldnla.dll C:\WINDOWS\system32\jjpjgejf.exe C:\WINDOWS\system32\kdbwgixv.exe C:\WINDOWS\system32\kdrlwcfk.exe C:\WINDOWS\system32\kexigccd.exe C:\WINDOWS\system32\kkhyshuc.exe C:\WINDOWS\SYSTEM32\kmdshkni.ini C:\WINDOWS\system32\koaajoxd.exe C:\WINDOWS\system32\lleqcmrg.exe C:\WINDOWS\system32\lllirvmq.exe C:\WINDOWS\system32\lordjkjb.exe C:\WINDOWS\system32\lqaeqqhh.exe C:\WINDOWS\system32\ltanaulv.exe C:\WINDOWS\system32\lusggadi.exe C:\WINDOWS\system32\lveihfhd.exe C:\WINDOWS\system32\lxkdgjdf.exe C:\WINDOWS\system32\mdqybung.exe C:\WINDOWS\system32\mdrxfbab.exe C:\WINDOWS\system32\mhkdvmdk.exe C:\WINDOWS\system32\msewvmwe.exe C:\WINDOWS\system32\mtmdfmcs.exe C:\WINDOWS\system32\nbfspmst.exe C:\WINDOWS\system32\neswccne.exe C:\WINDOWS\system32\niqiivmc.exe C:\WINDOWS\system32\nobftuyg.exe C:\WINDOWS\system32\nppuyysh.exe C:\WINDOWS\system32\nrvjpggl.exe C:\WINDOWS\system32\ofuksaxo.exe C:\WINDOWS\system32\ohmtaydx.dll C:\WINDOWS\system32\ohwguast.exe C:\WINDOWS\system32\ombstepm.exe C:\WINDOWS\system32\oofdicne.dll C:\WINDOWS\system32\osqyoesw.exe C:\WINDOWS\system32\oujowhfb.dll C:\WINDOWS\system32\oybwsexs.exe C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pdwpnihn.dll C:\WINDOWS\system32\pevbnlon.exe C:\WINDOWS\system32\pkefkjan.exe C:\WINDOWS\SYSTEM32\pnlpewpx.ini C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\pulvhdjq.exe C:\WINDOWS\system32\qaasspme.exe C:\WINDOWS\system32\qgog.dll C:\WINDOWS\system32\qiihsfel.dll C:\WINDOWS\system32\qikvyvmn.exe C:\WINDOWS\system32\qjsovwtt.exe C:\WINDOWS\system32\qlstupnf.exe C:\WINDOWS\system32\qmnqgwvc.exe C:\WINDOWS\system32\qptidnai.exe C:\WINDOWS\system32\rcxorvnm.exe C:\WINDOWS\system32\rlrhlktb.exe C:\WINDOWS\system32\rlvsamer.exe C:\WINDOWS\system32\rsusuose.dll C:\WINDOWS\system32\rsvngdyl.exe C:\WINDOWS\SYSTEM32\sbthmoxs.ini C:\WINDOWS\system32\skpvxkkw.exe C:\WINDOWS\system32\smante~1 C:\WINDOWS\system32\smante~1\m?config.exe C:\WINDOWS\system32\sopxmyjf.exe C:\WINDOWS\system32\spavrbrq.exe C:\WINDOWS\system32\sxomhtbs.dll C:\WINDOWS\system32\tacwfssa.exe C:\WINDOWS\system32\tbcfofeu.exe C:\WINDOWS\system32\tcepeove.dll C:\WINDOWS\system32\tdiqcrqv.exe C:\WINDOWS\SYSTEM32\tdkdmfja.ini C:\WINDOWS\system32\tfnxfohd.exe C:\WINDOWS\system32\tfpwjofs.exe C:\WINDOWS\SYSTEM32\tljqwyxd.ini C:\WINDOWS\system32\tplxwyon.exe C:\WINDOWS\system32\trpagrmv.exe C:\WINDOWS\SYSTEM32\ttvwa.bak1 C:\WINDOWS\SYSTEM32\ttvwa.bak1 C:\WINDOWS\SYSTEM32\ttvwa.bak1 C:\WINDOWS\SYSTEM32\ttvwa.bak2 C:\WINDOWS\SYSTEM32\ttvwa.bak2 C:\WINDOWS\SYSTEM32\ttvwa.bak2 C:\WINDOWS\SYSTEM32\ttvwa.ini C:\WINDOWS\SYSTEM32\ttvwa.ini C:\WINDOWS\SYSTEM32\ttvwa.ini C:\WINDOWS\SYSTEM32\ttvwa.ini2 C:\WINDOWS\SYSTEM32\ttvwa.ini2 C:\WINDOWS\SYSTEM32\ttvwa.ini2 C:\WINDOWS\SYSTEM32\ttvwa.tmp C:\WINDOWS\SYSTEM32\ttvwa.tmp C:\WINDOWS\SYSTEM32\ttvwa.tmp C:\WINDOWS\system32\txcymkrq.exe C:\WINDOWS\system32\txygxnwm.exe C:\WINDOWS\system32\uevwogkm.exe C:\WINDOWS\system32\upfktasc.exe C:\WINDOWS\system32\upwyrxta.exe C:\WINDOWS\system32\vbycqtbi.exe C:\WINDOWS\system32\vbyiwcom.exe C:\WINDOWS\system32\vgexduis.exe C:\WINDOWS\system32\vtutu.exe C:\WINDOWS\SYSTEM32\vvjamrpb.ini C:\WINDOWS\system32\wchplmmk.exe C:\WINDOWS\system32\win C:\WINDOWS\system32\win\w7q.exe C:\WINDOWS\system32\wnsapisv32.exe C:\WINDOWS\system32\wnsapisv32.exe C:\WINDOWS\system32\wpcap.dll C:\WINDOWS\system32\wphimldd.exe C:\WINDOWS\system32\wwapyjyb.dll C:\WINDOWS\system32\wwifhkgk.exe C:\WINDOWS\system32\X1 C:\WINDOWS\system32\X11 C:\WINDOWS\system32\X11\z553.exe C:\WINDOWS\system32\X3 C:\WINDOWS\system32\X3\wr731.exe C:\WINDOWS\system32\X7 C:\WINDOWS\system32\xbxihues.exe C:\WINDOWS\system32\xducucmm.exe C:\WINDOWS\SYSTEM32\xdyatmho.ini C:\WINDOWS\system32\xemiaqqh.exe C:\WINDOWS\system32\xgxorcos.dll C:\WINDOWS\system32\xjhmwwiy.exe C:\WINDOWS\system32\xmkqgnff.exe C:\WINDOWS\system32\xnowriyk.exe C:\WINDOWS\system32\xpweplnp.dll C:\WINDOWS\SYSTEM32\xrhjfewi.ini C:\WINDOWS\SYSTEM32\xtojvyyf.ini C:\WINDOWS\system32\xxujowes.exe C:\WINDOWS\system32\yafxtulh.exe C:\WINDOWS\system32\ydpwlvcs.exe C:\WINDOWS\system32\yjhepglk.exe C:\WINDOWS\system32\yrvxlpks.exe C:\WINDOWS\system32\yvdfailx.exe C:\WINDOWS\system32\yxvemqkd.exe C:\WINDOWS\tk58.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_FOPN -------\LEGACY_IPRIP -------\LEGACY_NPF -------\NPF ((((((((((((((((((((((((( Files Created from 2007-09-11 to 2007-10-11 ))))))))))))))))))))))))))))))) . 2007-10-10 07:13 d-------- C:\Documents and Settings\A....Erica\Application Data\acccore 2007-10-10 07:09 d-------- C:\Program Files\AIM6 2007-09-27 17:07 4,096 -rahs---- C:\WINDOWS\SYSTEM32\runouce.exe 2007-09-27 17:05 64,052 --a------ C:\WINDOWS\SYSTEM32\p2pex.zip.exe 2007-09-27 15:43 d-------- C:\Documents and Settings\Guest\Application Data\U3 2007-09-27 15:43 21,504 --a------ C:\WINDOWS\SYSTEM32\hidserv.dll 2007-09-27 15:43 21,504 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hidserv.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-11 23:19 --------- d-----w C:\Program Files\Plaxo 2007-10-10 14:14 --------- d-----w C:\Program Files\WellCraftedSimplyStickies 2007-10-10 11:27 --------- d-----w C:\Program Files\Modem Helper 2007-10-10 11:27 --------- d-----w C:\Program Files\Microsoft Works 2007-10-10 11:27 --------- d-----w C:\Program Files\Microsoft Streets and Trips 2007-10-10 11:26 --------- d-----w C:\Program Files\FileZilla 2007-10-10 11:11 --------- d-----w C:\Program Files\Viewpoint 2007-10-09 04:56 364 ----a-w C:\Documents and Settings\Guest\Application Data\wklnhst.dat 2007-10-08 09:49 23,804 ----a-w C:\Documents and Settings\A....Erica\Application Data\wklnhst.dat 2007-09-27 21:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall 2007-09-27 21:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2007-09-24 18:07 --------- d--h--r C:\Documents and Settings\All Users\Application Data\yahoo! 2007-09-16 00:27 --------- d-----w C:\Program Files\Lx_cats 2007-09-01 16:58 --------- d-----w C:\Documents and Settings\Guest\Application Data\CyberLink 2007-09-01 01:27 --------- d-----w C:\Documents and Settings\Guest\Application Data\acccore 2007-09-01 00:30 --------- d-----w C:\Documents and Settings\Guest\Application Data\MySpace 2007-08-26 11:29 81,288 ----a-w C:\Documents and Settings\A....Erica\Application Data\GDIPFONTCACHEV1.DAT 2007-08-23 07:22 --------- d-----w C:\Program Files\Common Files\AOL 2007-08-23 07:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2007-08-23 07:18 --------- d-----w C:\Program Files\AOL 9.0 2007-08-23 07:18 --------- d-----w C:\Documents and Settings\A....Erica\Application Data\AOL 2007-08-22 09:24 --------- d-----w C:\Documents and Settings\Guest\Application Data\Aim 2007-08-22 02:25 --------- d-----w C:\Documents and Settings\Guest\Application Data\FaxCtr 2007-08-21 23:06 --------- d-----w C:\Documents and Settings\Guest\Application Data\Viewpoint 2007-08-17 07:30 --------- d-----w C:\Documents and Settings\A....Erica\Application Data\Move Networks 2007-08-16 01:30 --------- d-----w C:\Program Files\Flock 2007-08-16 01:27 --------- d-----w C:\Documents and Settings\A....Erica\Application Data\Flock 2007-08-15 20:32 --------- d-----w C:\Program Files\AIM 2007-08-15 20:32 --------- d-----w C:\Documents and Settings\A....Erica\Application Data\Aim 2007-08-15 20:31 --------- d-----w C:\Program Files\AOD 2007-08-11 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2006-09-03 15:57:29 56 --sh--r C:\WINDOWS\SYSTEM32\68F38ACA7E.sys 2006-04-05 02:18:13 671,834 --sha-w C:\WINDOWS\SYSTEM32\hjjlm.bak1 2006-04-06 02:19:09 677,775 --sha-w C:\WINDOWS\SYSTEM32\hjjlm.bak2 2006-04-06 08:32:07 677,396 --sha-w C:\WINDOWS\SYSTEM32\hjjlm.ini2 2006-09-03 15:57:30 3,350 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E60C74E-D613-4C5B-AA8D-F83815A5EB47}] C:\WINDOWS\system32\ddayx.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e6f777a9-80e9-4063-bac7-f6e4ed2fe572}] C:\WINDOWS\system32\kvstlguv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{eb321af4-c7fc-4e35-8ba9-7e00e076f5c1}] C:\WINDOWS\system32\DESCOM.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 09:46] "Runonce"="C:\WINDOWS\system32\runouce.exe" [2007-10-10 10:14] "MSKAGENTEXE"="C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe" [2005-09-26 10:26] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-04-26 19:43] "HostManager"="C:\Program Files\Common Files\AOL\1129708031\ee\AOLSoftware.exe" [2006-09-25 20:52] "{9C-CB-B2-2E-ZN}"="c:\windows\system32\lldsrngk.exe" [] "horydy"="C:\Program Files\MSN\horydy22011.exe" [2007-08-07 16:30] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09] "MSKAGENTEXE"="c:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe" [2005-09-26 10:26] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00] "PlaxoUpdate"="C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe" [2006-11-16 13:42] "Sen"="C:\PROGRA~1\COMMON~1\FNTS~1\msdtc.exe" [] "Iiigdit"="C:\WINDOWS\SYSTEM32\S?mantec\m?config.exe" [] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-09-29 16:22] "AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35] C:\Documents and Settings\A....Erica\Start Menu\Programs\Startup\ Stickies.lnk - C:\Program Files\stickies\stickies.exe [2006-03-29 21:03:55] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bdryamys] bdryamys.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayx] C:\WINDOWS\system32\ddayx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbxya] ddcbxya.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk backup=C:\WINDOWS\pss\Personal Coach.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] C:\WINDOWS\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] C:\Program Files\Common Files\AOL\1129708031\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE] C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "Viewpoint Manager Service"=2 (0x2) "SPTISRV"=3 (0x3) "PACSPTISVR"=3 (0x3) "NetSvc"=3 (0x3) "MskService"=2 (0x2) "MpfService"=2 (0x2) "mcupdmgr.exe"=3 (0x3) "McTskshd.exe"=2 (0x2) "McShield"=2 (0x2) "McDetect.exe"=2 (0x2) "lxce_device"=3 (0x3) "iPod Service"=3 (0x3) "IDriverT"=3 (0x3) "gusvc"=3 (0x3) "DSBrokerService"=3 (0x3) "dlbt_device"=3 (0x3) "AOL TopSpeedMonitor"=2 (0x2) "AOL ACS"=2 (0x2) R3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc . Contents of the 'Scheduled Tasks' folder "2007-09-24 18:21:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2007-10-11 19:18:21 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Runonce = C:\WINDOWS\system32\runouce.exe?^??????????????q???????????????????q????????????