Combo Fix Report:
ComboFix 08-08-12.01 - ILOVEAIMEEFOREVER 2008-08-14 3:57:16.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.632 [GMT 10:00]
Running from: C:\Documents and Settings\ILOVEAIMEEFOREVER\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ILOVEAIMEEFOREVER\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\ILOVEAIMEEFOREVER\Application Data\temp.dll
C:\WINDOWS\17PHolmes1597.exe
C:\WINDOWS\BMcbd8c149.txt
C:\WINDOWS\BMcbd8c149.xml
C:\WINDOWS\edpw.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\2.exe
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\blphcn8qj0ene5.scr
C:\WINDOWS\system32\ddcBSJbc.dll
C:\WINDOWS\system32\fdjlugly.dll
C:\WINDOWS\system32\khfDvuRL.dll
C:\WINDOWS\system32\LRuvDfhk.ini
C:\WINDOWS\system32\LRuvDfhk.ini2
C:\WINDOWS\system32\phcn8qj0ene5.bmp
C:\WINDOWS\system32\qdaklmws.ini
C:\WINDOWS\system32\swmlkadq.dll
C:\WINDOWS\system32\uifhqbbx.dll
C:\WINDOWS\system32\uiupyo.dll
C:\WINDOWS\system32\vtUMgeBr.dll
C:\WINDOWS\system32\wfowoffd.dll
C:\WINDOWS\xml2u32h.dll
----- BITS: Possible infected sites -----
http://pornotube8.net.
((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
.
2008-08-14 03:24 . 2008-08-14 03:24 1,252 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-14 03:23 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-14 03:23 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-14 03:23 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-14 03:23 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-14 03:23 . 2008-08-11 18:07 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-14 03:23 . 2008-08-09 15:37 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-14 03:23 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-14 03:23 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-14 03:23 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-14 01:58 . 2008-08-14 01:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-14 01:23 . 2008-08-14 01:23 91,136 --a------ C:\WINDOWS\system32\bwwwqaex.dll.quaritine
2008-08-14 01:12 . 2008-08-13 19:02 286,720 --a------ C:\WINDOWS\wbqxfpgl.dll
2008-08-14 01:12 . 2008-08-13 19:02 155,648 --a------ C:\WINDOWS\vwsrfton.dll
2008-08-14 01:12 . 2008-08-14 01:12 130,048 --a------ C:\WINDOWS\system32\lphcn8qj0ene5.exe.quaritined
2008-08-14 01:12 . 2008-08-13 19:02 86,016 --a------ C:\WINDOWS\ateqoflr.exe
2008-08-13 18:42 . 2008-08-13 22:21 <DIR> d-------- C:\Program Files\Hunting Unlimited 2009
2008-08-13 17:27 . 2008-08-13 17:27 41,674 --a------ C:\logo.jpg
2008-08-13 13:15 . 2006-10-06 18:43 10,716 --a------ C:\website.sql
2008-08-13 10:29 . 2008-08-14 02:15 <DIR> d-------- C:\Program Files\RSS Submit
2008-08-13 10:26 . 2008-08-13 17:05 0 --a------ C:\index.php
2008-08-13 09:30 . 2008-08-13 09:31 418,790 --a------ C:\electric_wrdp1.sql
2008-08-13 09:01 . 2008-08-13 17:28 <DIR> d-------- C:\mp3
2008-08-12 23:54 . 2008-08-12 23:54 <DIR> d-------- C:\Program Files\Activision
2008-08-10 00:17 . 2008-08-10 00:17 <DIR> d-------- C:\Documents and Settings\ILOVEAIMEEFOREVER\Application Data\NCH Software
2008-08-10 00:16 . 2008-08-10 00:18 <DIR> d-------- C:\Program Files\NCH Software
2008-08-10 00:16 . 2008-08-10 00:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-08-09 23:57 . 2008-08-10 01:31 <DIR> d-------- C:\Program Files\particleIllusion_3
2008-08-09 22:46 . 2008-08-09 22:46 32,315 --a------ C:\Alan Hopwood.rtf
2008-08-09 22:44 . 2008-08-09 22:45 65,029,120 --a------ C:\backup.pst
2008-08-08 16:23 . 2008-08-08 16:26 <DIR> d-------- C:\Documents and Settings\ILOVEAIMEEFOREVER\Application Data\Torrent Episode Downloader
2008-08-08 16:18 . 2008-08-09 03:48 <DIR> d-------- C:\Program Files\Conduit
2008-08-07 13:00 . 2008-08-07 13:00 <DIR> d--h----- C:\lgfolder
2008-08-07 12:46 . 2008-08-07 12:46 <DIR> d-------- C:\Program Files\7-Zip
2008-07-25 20:46 . 2008-07-25 20:46 <DIR> d-------- C:\Program Files\Windows Live
2008-07-19 11:13 . 2008-07-19 11:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-19 06:58 . 2008-07-19 07:03 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-07-19 06:58 . 2008-08-02 14:28 <DIR> d-------- C:\Program Files\Starry Night Pro Plus 6
2008-07-19 06:56 . 2008-07-19 06:56 <DIR> d--h----- C:\Documents and Settings\ILOVEAIMEEFOREVER\InstallAnywhere
2008-07-19 02:17 . 2008-07-19 02:17 <DIR> d-------- C:\Program Files\Software Bisque
2008-07-14 21:59 . 2008-07-29 07:25 <DIR> d-------- C:\Program Files\Vstep
2008-07-14 09:07 . 2005-01-14 12:41 11,254 --a------ C:\WINDOWS\system32\locate.com
2008-07-14 05:35 . 2008-07-14 05:35 35,842 --a------ C:\WINDOWS\system32\J80JNES2.exe_
2008-07-14 01:46 . 2008-08-08 12:59 200 --a------ C:\WINDOWS\MPPAGER.INI
2008-07-14 01:28 . 2008-07-14 01:28 35,842 --a------ C:\WINDOWS\system32\J80JNES2.exe.[bleep]off
2008-07-13 20:15 . 2008-07-13 20:40 <DIR> d-------- C:\Program Files\SpaceShuttleMission2007
2008-07-13 11:46 . 2008-06-13 23:10 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-07-13 11:46 . 2008-06-13 23:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-13 08:04 . 2008-07-13 08:04 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-13 06:58 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-13 06:58 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-13 17:03 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-13 16:58 --------- d-----w C:\Program Files\Common Files\DAZ
2008-08-13 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-08-13 16:20 --------- d-----w C:\Program Files\Common Files\Kodak
2008-08-13 15:27 --------- d-----w C:\Program Files\Google
2008-08-13 15:05 --------- d-----w C:\Program Files\FlashGet
2008-08-13 12:05 --------- d-----w C:\Documents and Settings\ILOVEAIMEEFOREVER\Application Data\Thinstall
2008-08-12 15:57 --------- d-----w C:\Program Files\flasm
2008-08-12 14:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-09 13:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-09 12:50 --------- d-----w C:\Program Files\MSBuild
2008-08-09 11:20 --------- d-----w C:\Program Files\XoftSpySE
2008-08-04 00:06 317,732 ----a-w C:\ProxyList.zip
2008-08-03 23:11 --------- d-----w C:\Program Files\ProxyFinderEnterprise
2008-08-03 23:05 --------- d-----w C:\Documents and Settings\ILOVEAIMEEFOREVER\Application Data\UseNeXT
2008-07-17 10:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-13 15:14 --------- d-----w C:\Program Files\3GP Player
2008-07-01 12:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\SimCity Societies
2008-06-28 23:47 --------- d-----w C:\Program Files\UseNeXT
2008-06-27 22:16 --------- d-----w C:\Documents and Settings\ILOVEAIMEEFOREVER\Application Data\Ace
2008-06-26 07:58 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-23 06:21 --------- d-----w C:\Program Files\Sonalysts Combat Simulations
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 04:58 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-06-17 21:57 --------- d-----w C:\Program Files\skwas
2008-06-17 21:41 --------- d-----w C:\Program Files\SH3 Crush Depth V2
2008-06-16 16:29 --------- d-----w C:\Program Files\Puzzle Quest
2008-06-16 15:53 --------- d-----w C:\Program Files\OpenAL
2008-06-15 14:57 --------- d-----w C:\Program Files\Ubisoft
2008-06-13 21:18 --------- d-----w C:\Program Files\Mio Technology
2008-05-14 12:42 22,328 ----a-w C:\Documents and Settings\ILOVEAIMEEFOREVER\Application Data\PnkBstrK.sys
2008-02-25 15:24 88,576 ---ha-w C:\Documents and Settings\ILOVEAIMEEFOREVER\Application Data\rbap550.dll
2008-02-25 15:24 29,184 ---ha-w C:\Documents and Settings\ILOVEAIMEEFOREVER\Application Data\RBInternetEncodings550.dll
2007-12-17 08:23 1,136,640 ----a-w C:\Program Files\Common Files\ewutils2.dll
2007-11-22 13:39 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-20 09:31 8,524 ---ha-w C:\Program Files\tactile.tdb
2007-01-23 04:07 1,847,296 ----a-w C:\Program Files\mozilla firefox\plugins\Seadragon.dll
2007-12-04 01:34 2 --shatr C:\WINDOWS\winstart.bat
2007-12-04 05:16 8 --sh--r C:\WINDOWS\system32\F84C7AC620.sys
2007-12-04 05:20 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-04 05:43 810,016 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-04 05:43 55,584 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ABA69CF4-20FB-42CE-BB6D-B6171D64B8EC}"= "C:\WINDOWS\vwsrfton.dll" [2008-08-13 19:02 155648]
[HKEY_CLASSES_ROOT\clsid\{aba69cf4-20fb-42ce-bb6d-b6171d64b8ec}]
[HKEY_CLASSES_ROOT\vwsrfton.1]
[HKEY_CLASSES_ROOT\TypeLib\{A09DB1D7-43D1-48FA-A240-31FF37AFFBDC}]
[HKEY_CLASSES_ROOT\vwsrfton]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 22:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuEjectPC"= 0 (0x0)
"NoInternetIcon"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)
"NoRecycleFiles"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
[HKLM\~\startupfolder\C:^Documents and Settings^ILOVEAIMEEFOREVER^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^ILOVEAIMEEFOREVER^Start Menu^Programs^Startup^HDDlife.lnk]
backup=C:\WINDOWS\pss\HDDlife.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTDCH
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 22:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
--a------ 2007-08-24 03:18 437160 C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2007-09-01 05:01 1037736 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-02-26 18:53 65024 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"W32Time"=2 (0x2)
"UPS"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\IBP 9\\IBP.exe"=
"C:\\Program Files\\MindArk\\Entropia Universe\\ClientLoader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 13:22]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 20:27]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-20 00:35]
R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys [2008-01-11 12:13]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-20 00:37]
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S3 ddsxeiservice;ddsxeiservice;C:\Program Files\sXe Injected\ddsxei.sys []
S3 EWAVE;EWAVE;C:\WINDOWS\system32\drivers\ew.sys []
S3 FILESPY;FILESPY;C:\WINDOWS\system32\drivers\FILESPY.sys []
S3 NSTATION;NSTATION;C:\WINDOWS\system32\drivers\nstation.sys []
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys []
.
Contents of the 'Scheduled Tasks' folder
2008-08-12 C:\WINDOWS\Tasks\Pareto UNS.job
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe []
2008-08-13 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2007-07-14 01:43]
2007-07-16 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2007-07-14 01:43]
.
- - - - ORPHANS REMOVED - - - -
BHO-{F3A299B7-3318-447F-90A2-20BB11223255} - C:\Documents and Settings\ILOVEAIMEEFOREVER\Local Settings\Temporary Internet Files\Content.IE5\UV5WFJPG\3077htsbdjyf[1].dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\ILOVEAIMEEFOREVER\Application Data\Mozilla\Firefox\Profiles\yjjlqsla.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\nppsynth.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\nproougcplugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
FF -: plugin - C:\WINDOWS\system32\Photosynth\nppsynth.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-14 04:19:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-08-14 4:28:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-13 18:28:54
Pre-Run: 11,595,804,672 bytes free
Post-Run: 11,561,693,184 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
266 --- E O F --- 2008-07-29 03:44:28
==============
Hijack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:32:46, on 14/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ILOVEAIMEEFOREVER\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 82.160.69.2:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: vwsrfton - {ABA69CF4-20FB-42CE-BB6D-B6171D64B8EC} - C:\WINDOWS\vwsrfton.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} -
http://messenger.zon...kr.cab56986.cabO16 - DPF: {2B866353-E598-4403-8E4D-B871AB30DC55} -
http://unshaped.paci...u/SpeedCtrl.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1215895027671O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1198153022625O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
http://messenger.zon...nt.cab56907.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{FD5B32CA-63FC-4501-B5C8-982A4F7C10EA}: NameServer = 10.1.1.1,10.1.1.4
O18 - Protocol: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Crypkey License - Unknown owner - crypserv.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Virtual PDF Printer (Service1) - Unknown owner - C:\Program Files\Virtual PDF Printer\VirtualPrinting.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
--
End of file - 5511 bytes