combofix and HJT attached

Find Member's Posts Yesterday, 01:14 PM Post #1

Member

Group: Member
Posts: 25
Joined: 4-December 05
From: Reno, Nv.
Member No.: 144,273
Operating System:
windows xp

combofix log

"Owner" - 2007-07-16 12:42:02 - ComboFix 07-07-13.8 - Service Pack 2 NTFS

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Corp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Corp\WinAntiVirus 2004\AV.log
C:\DOCUME~1\LOCALS~1\APPLIC~1\WinAntiVirus Corp
C:\DOCUME~1\LOCALS~1\APPLIC~1\WinAntiVirus Corp\WinAntiVirus 2004\VGScheduler.dat
C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\#SharedObjects\RT456T53\www.broadcaster.com
C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\#SharedObjects\RT456T53\www.broadcaster.com\played_list.sol
C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\#SharedObjects\RT456T53\www.broadcaster.com\video_queue.sol
C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\Owner\APPLIC~1\WinAntiVirus Corp
C:\DOCUME~1\Owner\APPLIC~1\WinAntiVirus Corp\info.htm
C:\lswmv.ini
C:\Program Files\Common Files\uninstall information
C:\WINDOWS\DOWNLO~1.\Temp
C:\WINDOWS\system32\mbols~1
C:\WINDOWS\system32\mbols~1\netdde.exe
C:\WINDOWS\system32\picsvr
C:\WINDOWS\system32\wintsu.exe

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_IPRIP

((((((((((((((((((((((((( Files Created from 2007-06-16 to 2007-07-16 )))))))))))))))))))))))))))))))

2007-07-16 12:41 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-16 12:09 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-16 09:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2007-07-16 06:48 <DIR> d-------- C:\Program Files\FNC Ticker
2007-07-15 14:43 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-07-15 14:43 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-07-15 14:43 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-07-15 14:43 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-07-10 20:10 <DIR> d-------- C:\Program Files\LimeWire
2007-07-02 21:28 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-02 21:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-06-26 10:08 <DIR> d-------- C:\Program Files\MyWebSearch
2007-06-26 10:08 <DIR> d-------- C:\Program Files\FunWebProducts
2007-06-18 13:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MAGIX
2007-06-18 13:37 94,208 --a------ C:\WINDOWS\system32\DLLCPY32.dll
2007-06-18 13:37 65,536 --a------ C:\WINDOWS\system32\DLLPTL32.dll
2007-06-18 13:37 61,440 --a------ C:\WINDOWS\system32\DLLCDF32.dll
2007-06-18 13:37 57,344 --a------ C:\WINDOWS\system32\DLLTPO32.dll
2007-06-18 13:37 53,248 --a------ C:\WINDOWS\system32\DLLPRJ32.dll
2007-06-18 13:37 53,248 --a------ C:\WINDOWS\system32\DLLIO32.dll
2007-06-18 13:37 49,152 --a------ C:\WINDOWS\system32\mgxasio2.dll
2007-06-18 13:37 49,152 --a------ C:\WINDOWS\system32\DLLPRF32.dll
2007-06-18 13:37 487,424 --a------ C:\WINDOWS\system32\DLLAV32.dll
2007-06-18 13:37 45,056 --a------ C:\WINDOWS\system32\DLLIMG32.dll
2007-06-18 13:37 430,080 --a------ C:\WINDOWS\system32\MXRestore.exe
2007-06-18 13:37 40,960 --a------ C:\WINDOWS\system32\DLLRD32.dll
2007-06-18 13:37 36,864 --a------ C:\WINDOWS\system32\DLLPNT32.dll
2007-06-18 13:37 32,768 --a------ C:\WINDOWS\system32\STRING32.dll
2007-06-18 13:37 32,768 --a------ C:\WINDOWS\system32\DLLMSC32.dll
2007-06-18 13:37 32,768 --a------ C:\WINDOWS\system32\DLLISO32.dll
2007-06-18 13:37 32,768 --a------ C:\WINDOWS\system32\DLLDIR32.dll
2007-06-18 13:37 24,576 --a------ C:\WINDOWS\system32\TTIC32.dll
2007-06-18 13:37 24,576 --a------ C:\WINDOWS\system32\TTI32.dll
2007-06-18 13:37 24,576 --a------ C:\WINDOWS\system32\DLLIX.dll
2007-06-18 13:37 188,416 --a------ C:\WINDOWS\system32\DLLRES32.dll
2007-06-18 13:37 163,840 --a------ C:\WINDOWS\system32\DLLDEV32.dll
2007-06-18 13:37 151,552 --a------ C:\WINDOWS\system32\DLLDRV32.dll
2007-06-18 13:37 114,688 --a------ C:\WINDOWS\system32\DLLCDA32.dll
2007-06-18 13:36 120,200 --a------ C:\WINDOWS\system32\DLLDEV32i.dll
2007-06-18 13:36 <DIR> d-------- C:\Program Files\MAGIX
2007-06-18 13:35 667,648 --a------ C:\WINDOWS\system32\mgxoschk.dll
2007-06-18 13:35 <DIR> d-------- C:\WINDOWS\system32\MAGIX
2007-06-16 19:02 <DIR> d-------- C:\Program Files\Nova Development
2007-06-16 19:00 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Lexmark Imaging Studio
2007-06-16 18:49 <DIR> d-------- C:\Program Files\Lx_cats
2007-06-16 18:48 40,960 --a------ C:\WINDOWS\system32\lxdcvs.dll
2007-06-16 18:48 344,064 --a------ C:\WINDOWS\system32\lxdccoin.dll
2007-06-16 18:38 <DIR> d-------- C:\Program Files\Lexmark 1300 Series
2007-06-16 18:37 999,424 --a------ C:\WINDOWS\system32\lxdcusb1.dll
2007-06-16 18:37 983,107 --a------ C:\WINDOWS\system32\lxdcgf.dll
2007-06-16 18:37 94,208 --a------ C:\WINDOWS\system32\lxdcpplc.dll
2007-06-16 18:37 86,016 --a------ C:\WINDOWS\system32\lxdccub.dll
2007-06-16 18:37 77,906 --a------ C:\WINDOWS\system32\lxdccfg.dll
2007-06-16 18:37 77,824 --a------ C:\WINDOWS\system32\lxdccu.dll
2007-06-16 18:37 696,320 --a------ C:\WINDOWS\system32\lxdchbn3.dll
2007-06-16 18:37 684,032 --a------ C:\WINDOWS\system32\lxdccomc.dll
2007-06-16 18:37 643,072 --a------ C:\WINDOWS\system32\lxdcpmui.dll
2007-06-16 18:37 585,728 --a------ C:\WINDOWS\system32\lxdclmpm.dll
2007-06-16 18:37 537,520 --a------ C:\WINDOWS\system32\lxdccoms.exe
2007-06-16 18:37 507,904 --a------ C:\WINDOWS\system32\lxdcutil.dll
2007-06-16 18:37 425,984 --a------ C:\WINDOWS\system32\lxdccomm.dll
2007-06-16 18:37 413,696 --a------ C:\WINDOWS\system32\lxdcinpa.dll
2007-06-16 18:37 397,312 --a------ C:\WINDOWS\system32\lxdciesc.dll
2007-06-16 18:37 385,968 --a------ C:\WINDOWS\system32\lxdcih.exe
2007-06-16 18:37 36,864 --a------ C:\WINDOWS\system32\lxdccur.dll
2007-06-16 18:37 323,584 --a------ C:\WINDOWS\system32\LXDChcp.dll
2007-06-16 18:37 278,528 --a------ C:\WINDOWS\system32\LXDCinst.dll
2007-06-16 18:37 208,896 --a------ C:\WINDOWS\system32\lxdcgrd.dll
2007-06-16 18:37 200,704 --a------ C:\WINDOWS\system32\lxdcinsb.dll
2007-06-16 18:37 176,128 --a------ C:\WINDOWS\system32\lxdcins.dll
2007-06-16 18:37 163,840 --a------ C:\WINDOWS\system32\lxdcprox.dll
2007-06-16 18:37 143,360 --a------ C:\WINDOWS\system32\lxdcjswr.dll
2007-06-16 18:37 106,496 --a------ C:\WINDOWS\system32\lxdcinsr.dll
2007-06-16 18:37 1,232,896 --a------ C:\WINDOWS\system32\lxdcserv.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-11 04:04:11 -------- d-----w C:\Program Files\Viewpoint
2007-07-06 14:19:14 -------- d-----w C:\Program Files\The Weather Channel FW
2007-07-05 03:30:05 -------- d-----w C:\Program Files\MSN Messenger
2007-07-04 22:16:20 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
2007-07-03 17:46:31 -------- d-----w C:\Program Files\Desktop Snow for Windows
2007-07-03 05:30:08 -------- d-----w C:\Program Files\iTunes
2007-07-03 05:29:47 -------- d-----w C:\Program Files\iPod
2007-06-19 20:06:39 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Ulead Systems
2007-06-18 22:17:31 -------- d-----w C:\Program Files\Hewlett-Packard
2007-06-18 22:16:16 -------- d-----w C:\Program Files\HP
2007-06-18 16:43:23 -------- d-----w C:\Program Files\Flash2X
2007-06-17 03:01:58 -------- d-----w C:\Program Files\Web Publish
2007-06-15 02:52:16 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Move Networks
2007-06-11 17:23:01 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\SecondLife
2007-06-11 16:57:16 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-11 16:56:26 -------- d-----w C:\Program Files\AWS
2007-06-11 16:55:33 -------- d-----w C:\Program Files\Real
2007-06-01 16:09:05 -------- d-----w C:\Program Files\MGTEK
2007-06-01 16:09:05 -------- d-----w C:\Program Files\Common Files\MGTEK
2007-05-30 05:32:53 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-05-16 18:50:44 -------- d-----w C:\Program Files\bobyte
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 06:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 06:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 06:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 06:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 06:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 06:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 06:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 06:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 06:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 06:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-03 04:13:10 54,312 ----a-w C:\DOCUME~1\Owner\APPLIC~1\GDIPFONTCACHEV1.DAT
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\2adsrch.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\2bdsrch.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\2cdsrch.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\2ddsrch.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\2edsrch.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\2fdsrch.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\2gdsrch.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\2hdsrch.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\2idsrch.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\2kdsrch.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\2ldsrch.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\2mdsrch.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\2pdsrch.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\2qdsrch.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\2rdsrch.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\2sdsrch.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\2tdsrch.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\2wdsrch.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\2xdsrch.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\2ydsrch.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\2zdsrch.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\6ao4svc.cpy.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\6ao4svc.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\6fo4svc.cpy.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\6go4svc.cpy.dll
2004-05-01 11:47:49 316,776 --sha-r C:\WINDOWS\system32\6ho4svc.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\6jo4svc.cpy.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\6lo4svc.dll
2004-05-01 11:47:49 316,776 --sha-r C:\WINDOWS\system32\6mo4svc.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\6no4svc.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\6oo4svc.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\6po4svc.cpy.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\6po4svc.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\6qo4svc.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\6so4svc.cpy.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\6vo4svc.cpy.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\6wo4svc.cpy.dll
2004-05-01 11:47:49 316,776 --sha-r C:\WINDOWS\system32\6wo4svc.dll
2004-05-06 01:27:27 316,776 --sha-r C:\WINDOWS\system32\6yo4svc.cpy.dll
2004-05-01 11:47:49 316,776 --sha-r C:\WINDOWS\system32\abctres.dll
2004-05-01 11:47:49 316,776 --sha-r C:\WINDOWS\system32\adledit.dll
2004-05-01 11:47:49 316,776 --sh--r C:\WINDOWS\system32\ajctres.dll
2004-05-01 11:47:49 316,776 --sha-r C:\WINDOWS\system32\aktxprxy.dll
2004-05-01 11:47:49 316,776 --sha-r C:\WINDOWS\system32\arctres.dll
2004-05-06 01:27:27 316,776 --sh--r C:\WINDOWS\system32\axctres.dll
2004-05-01 11:47:49 316,776 --sha-r C:\WINDOWS\system32\azaamon.dll
2005-05-15 15:04:35 475 --sh--w C:\WINDOWS\system32\fdmhbr.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-10-26 10:28 440384 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}]
2002-07-17 17:00 163906 --a------ C:\Program Files\Microsoft Money\System\mnyside.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
C:\Program Files\RXToolBar\sfcont.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-10-31 15:29 198136 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2007-06-25 01:11]
"Windows LSASS Service"="C:\Program Files\Common Files\Microsoft Shared\DAO\svchost.exe" [2006-09-08 16:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll --a------ 2006-06-15 11:09 11496 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll --a------ 2003-02-21 02:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EaglesDirect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EaglesDirect.lnk
backup=C:\WINDOWS\pss\EaglesDirect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Broadband Networking.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk
backup=C:\WINDOWS\pss\Microsoft Broadband Networking.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Winter Fun Wallpaper Changer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Winter Fun Wallpaper Changer.lnk
backup=C:\WINDOWS\pss\Winter Fun Wallpaper Changer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^AdDestroyer.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AdDestroyer.lnk
backup=C:\WINDOWS\pss\AdDestroyer.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Monitor.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Monitor.lnk
backup=C:\WINDOWS\pss\Monitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PhotoWorks Acquire.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PhotoWorks Acquire.lnk
backup=C:\WINDOWS\pss\PhotoWorks Acquire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PhotoWorks Upload Scheduler.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PhotoWorks Upload Scheduler.lnk
backup=C:\WINDOWS\pss\PhotoWorks Upload Scheduler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Scheduler.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Scheduler.lnk
backup=C:\WINDOWS\pss\Scheduler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Virtual Bouncer.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Virtual Bouncer.lnk
backup=C:\WINDOWS\pss\Virtual Bouncer.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdRoarUpdate]
C:\WINDOWS\ARUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_CC]
C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Belt]
C:\WINDOWS\Belt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blubster]
C:\Program Files\Blubster\Blubster.exe SILENT

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
C:\Program Files\BullsEye Network\bin\bargains.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CheckRes]
C:\Program Files\MyBackDrop\ActivDesk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
"C:\Program Files\Common Files\CMEII\CMESys.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\com.codeode.cactusspamfilter]
"C:\Program Files\Cactus Spam Filter 2.13\cactusspamfilter.exe" -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskAd Service]
C:\Program Files\DeskAd Service\DeskAdServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
"C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eqpchdpkizpt]
C:\WINDOWS\System32\cpoepnkf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESPN360]
C:\Program Files\ESPN360\bin\espn360.exe -nogui

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
C:\WINDOWS\System32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSCBoss]
C:\Program Files\FSCBoss\FSCBoss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Update 3400C]
C:\sj652\hpupdate.exe 3400C

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Imqytlg]
C:\Program Files\Dfbllyk\Onkvb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\Kazaa\Kazaa.exe /SYSTRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lhwwuzzl]
C:\WINDOWS\System32\cpoepnkf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
"C:\Program Files\LogMeIn\LogMeInSystray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdcamon]
"C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdcmon.exe]
"C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MegaPanel]
C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\mnyexpr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
"C:\Program Files\MSN Apps\Updater1.02.3000.1001\en-us\msnappau.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetMeter]
C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NielsenOnline]
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\omxtvap]
C:\WINDOWS\grfysta.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSProxy]
C:\WINDOWS\system32\ossproxy.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoExplosionCalCheck]
C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]
"C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
"C:\Windows\Creator\Remind_XP.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3TRAY2]
S3tray2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAHAgent]
C:\WINDOWS\System32\SahAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Begone]
c:\freescan\freescan.exe -FastScan

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware remover]
C:\WINDOWS\Remove_spyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STOPzilla]
"C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TB_setup]
C:\DOCUME~1\Owner\LOCALS~1\Temp\tb_setup.exe /dcheck

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
"C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Media]
C:\Program Files\TV Media\Tvm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater]
C:\Program Files\Common files\updater\wupdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTPreset]
VTPreset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\Program Files\AWS\WeatherBug\Weather.exe 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]
"C:\Program Files\webHancer\Programs\whSurvey.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates]
javaw -cp "C:\Program Files\WebRebates\System\Code" Main lp: "C:\Program Files\WebRebates"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\websearch]
javaw -cp "C:\Program Files\websearch\System\Code" Main lp: "C:\Program Files\websearch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]
C:\WINDOWS\wupdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
C:\Program Files\Common Files\WinTools\WToolsA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xnveif]
C:\WINDOWS\system32\??mbols\netdde.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YCentral]
C:\Program Files\Yahoo!\YCentral\YahooCentral.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"STOPzilla Local Service"=2 (0x2)
"TrkWks"=2 (0x2)
"PACSPTISVR"=3 (0x3)
"omniserv"=2 (0x2)
"MSDTC"=3 (0x3)
"p2psvc"=3 (0x3)
"p2pimsvc"=3 (0x3)
"p2pgasvc"=3 (0x3)
"iPodService"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

Contents of the 'Scheduled Tasks' folder
2007-07-12 21:32:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2006-12-28 14:26:52 C:\WINDOWS\tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-16 12:50:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-16 12:52:57 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-16 12:52

--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:04 PM, on 7/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\DAO\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = WAYNE CHRISTIAN
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Windows LSASS Service] C:\Program Files\Common Files\Microsoft Shared\DAO\svchost.exe
O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {0645D7F3-C20E-4E0B-A545-557527497C0B} (NMInstall Control) - http://a14.g.akamai....GAPANEL_USA.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {2B55B5F0-9D95-48CF-96A1-FEAF74CEC150} (portLoader Class) - http://a248.g.akamai...g2/download.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.web...wsaxcontrol.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral....bs/pmupd806.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvi...iveXClient1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://renowayne.spa...ad/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yim...ctl_0_0_0_1.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1131636443781
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/c..._12_1,0,2,5.exe
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai....GAPANEL_USA.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.c...yer5.2AxWin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab53083.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup150.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by106fd.bay10...ex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://wwemail.suppo...ts/SysQuery.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O24 - Desktop Component 0: (no name) - http://www.philadelp...ges/fanzone/40-[th].jpg
O24 - Desktop Component 1: (no name) - http://g.myspace.com.../32546904_m.jpg
O24 - Desktop Component 2: (no name) - http://a712.g.akamai...40902232_xl.jpg
O24 - Desktop Component 3: (no name) - http://www.nightmare...er_1024x768.jpg
O24 - Desktop Component 4: (no name) - file:///C:/Documents%20and%20Settings/Owner/My%20Documents/Christmas%20Music%20Free%20Download%20Song%20Files%20-%20Traditional%20Songs_files/MarbleBG.jpg

--
End of file - 13202 bytes

This post has been edited by wayne christian: Yesterday, 02:05 PM
Full Edit
Quick Edit

wayne christian

View Member Profile
Add as Friend
Send Message
Find Member's Topics
Find Member's Posts Yesterday, 01:35 PM Post #2

Member

Group: Member
Posts: 25
Joined: 4-December 05
From: Reno, Nv.
Member No.: 144,273
Operating System:
windows xp

Web pages are taking forever to open, and thats when they do. Most of the time I get the "can't find serveer" message. I know some thing is slowing this process down, but I don't know EXACTLY what it is., I was hoping by posting my HJT log someone could help me remove the cause, or causes.
Thank for your help.
Wayne Reno Nv USA
Full Edit
Quick Edit

« Next Oldest · Malware Removal - HiJackThis™ Logs Go Here · Next Newest »

1 User(s) are browsing this forum (0 Guests and 0 Anonymous Users)
1 Members: wayne christian

Fast Reply

Enable email notification of replies | Enable Smilies | Enable Signature

Forum Home Search Help Community |-- Site Orientation and FAQ |-- Introductions |-- How-To Guides and Tutorials Security |-- Malware Removal - HiJackThis™ Logs Go Here |-- Malware Removal Guides and Tutorials Operating Systems |-- Windows Vista™ |---- Windows Vista Media Center |-- Windows XP™, 2000, 2003, NT |-- Windows 98™, 95, ME |-- All Other Operating Systems Hardware |-- Hardware, Components and Peripherals |-- System Building and Upgrading |-- Networking Software |-- Office |-- Web Browsers and Email |-- Games |---- Console Games |-- Applications Development |-- Web Development |---- W3C University |---- SEO and Marketing |---- Review My Site |-- Software Development |-- Digital Images |-- Digital Video and Audio Discussion |-- Random Discussion |-- Tech Discussion |-- Serious Discussion |-- Jokes and Forum Games Geeks to Go Discussion |-- Geeks to Go Feedback |-- News and Announcements |-- The Waiting Room |-- Recycle Bin |---- Software Updates |------ Security Updates |---- Lavasoft Support (Ad-aware)

Similar Topics

Similar Topics

Similar Topics

Topic Title Replies Topic Starter Views Last Action
Computer Has Become Very Slow. 1 jyl71 1,002 7th November 2003 - 10:59 AM
Last post by: admin
Slow Computer 3 loleta 848 10th May 2006 - 08:15 PM
Last post by: Anton1382
Computer Runs Extremely Slow 9 Shane23 1,436 8th August 2006 - 06:35 PM
Last post by: darealdeal21
Kinda fast computer Very slow load times 2 PimpMasta_McNasty 474 6th February 2004 - 11:00 AM
Last post by: PimpMasta_McNasty
Computer Running Extremely Slow 1 ferndoodle 1,065 10th February 2004 - 08:14 PM
Last post by: ferndoodle

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

How-To Guides and Tutorials Forum
Malware Removal Guides and Tutorials
Malware Removal - HiJackThis Logs Go Here
Windows Vista
Windows XP, 2000, 2003, NT
Windows 95, 98, ME
All Other Operating Systems
Hardware, Components and Peripherals
System Building and Upgrading
Networking
Office
Web Browsers and Email
Games
Console Games
Applications
Web Development
Software Development
Graphics Design
Video and Audio Editing
Random Discussion
Tech Discussion
Serious Discussion
Jokes and Forum Games Geeks to Go (NEW) English Spanish French Lo-Fi Version Time is now: 17th July 2007 - 09:26 AM
Invision Power Board skin developed by Transverse Styles

Powered By IP.Board © 2007 IPS, Inc. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.

© 2003-2007 Geeks To Go, Inc. | All Rights Reserved | g2gseo | -> Link to Us!

combofix and HJT attached - Geeks to Go Forums

combofix and HJT attached

#1 wayne christian

#2 Crustyoldbloke

Share this topic:

Related Topics: