As requested, the new logs
Hijack ThisLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:42 PM, on 8/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://mail.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Coffee%20Rush/Images/stg_drm.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.av.aol.com/molbin/share ... insctl.cabO16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
http://atv.disney.go.com/global/downloa ... YAX29b.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://cdn2.zone.msn.com/binFramework/v ... b34246.cabO16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
http://us.dl1.yimg.com/download.yahoo.c ... mplete.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.av.aol.com/molbin/share ... cgdmgr.cabO16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) -
http://support.f-secure.com/ols/fscax.cabO16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} -
file://C:\Program Files\Mystery P.I. - The Lottery Ticket\Images\armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\McShield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
--
End of file - 9202 bytes
ComboFixComboFix 08-08-18.01 - Owner 2008-08-23 21:13:05.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\cfscript.txt
* Created a new restore point
FILE ::
C:\Program Files\temp01
C:\WINDOWS\system32\4LU7K1qI.exe.a_a
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
C:\Program Files\BitLord
C:\Program Files\BitLord\BitLord.xml
C:\Program Files\BitLord\Downloads.xml
C:\Program Files\BitLord\Downloads\Entourage.S03E13.HDTV.XviD-LOL.avi
C:\Program Files\BitLord\Downloads\Entourage.S03E14.HDTV.XviD-NoTV.avi
C:\Program Files\BitLord\Downloads\PSHOP.zip
C:\Program Files\BitLord\Downloads\The.Office.S03E14.HDTV.XviD-NoTV\Sample\the.office.314.hdtv.xvid.notv-sample.avi
C:\Program Files\BitLord\Downloads\The.Office.S03E14.HDTV.XviD-NoTV\Sample\Thumbs.db
C:\Program Files\BitLord\Downloads\The.Office.S03E14.HDTV.XviD-NoTV\the.office.314.hdtv.xvid.notv.nfo
C:\Program Files\BitLord\Downloads\The.Office.S03E14.HDTV.XviD-NoTV\the.office.314.hdtv.xvid.notv.part01.rar
C:\Program Files\BitLord\Downloads\The.Office.S03E14.HDTV.XviD-NoTV\the.office.314.hdtv.xvid.notv.part02.rar
C:\Program Files\BitLord\Downloads\The.Office.S03E14.HDTV.XviD-NoTV\the.office.314.hdtv.xvid.notv.part03.rar
C:\Program Files\BitLord\Downloads\The.Office.S03E14.HDTV.XviD-NoTV\the.office.314.hdtv.xvid.notv.part04.rar
C:\Program Files\BitLord\Downloads\The.Office.S03E14.HDTV.XviD-NoTV\the.office.314.hdtv.xvid.notv.part05.rar
C:\Program Files\BitLord\Downloads\The.Office.S03E14.HDTV.XviD-NoTV\the.office.314.hdtv.xvid.notv.part06.rar
C:\Program Files\BitLord\Downloads\The.Office.S03E14.HDTV.XviD-NoTV\the.office.314.hdtv.xvid.notv.part07.rar
C:\Program Files\BitLord\Downloads\The.Office.S03E14.HDTV.XviD-NoTV\the.office.314.hdtv.xvid.notv.part08.rar
C:\Program Files\BitLord\Downloads\The.Office.S03E14.HDTV.XviD-NoTV\the.office.314.hdtv.xvid.notv.part09.rar
C:\Program Files\BitLord\Downloads\The.Office.S03E14.HDTV.XviD-NoTV\the.office.314.hdtv.xvid.notv.part10.rar
C:\Program Files\BitLord\Downloads\The.Office.S03E14.HDTV.XviD-NoTV\the.office.314.hdtv.xvid.notv.part11.rar
C:\Program Files\BitLord\Downloads\The.Office.S03E14.HDTV.XviD-NoTV\the.office.314.hdtv.xvid.notv.part12.rar
C:\Program Files\BitLord\Downloads\The.Office.S03E14.HDTV.XviD-NoTV\the.office.314.hdtv.xvid.notv.part13.rar
C:\Program Files\BitLord\Downloads\The.Office.S03E14.HDTV.XviD-NoTV\the.office.314.hdtv.xvid.notv.sfv
C:\Program Files\BitLord\Downloads\The.Office.S03E18.HDTV.XviD-XOR\Sample\Thumbs.db
C:\Program Files\BitLord\Downloads\The.Office.S03E18.HDTV.XviD-XOR\Sample\xor-the.office.318-sample.avi
C:\Program Files\BitLord\Downloads\The.Office.S03E18.HDTV.XviD-XOR\the.office.s03e18.hdtv.xvid-xor.avi
C:\Program Files\BitLord\Downloads\The.Office.S03E18.HDTV.XviD-XOR\the.office.s03e18.hdtv.xvid-xor.nfo
C:\Program Files\BitLord\Downloads\The.Office.S03E18.HDTV.XviD-XOR\Thumbs.db
C:\Program Files\BitLord\Downloads\The.Office.S03E22.HDTV.XviD-XOR.avi
C:\Program Files\BitLord\lang\lang_ar_ae.xml
C:\Program Files\BitLord\lang\lang_bg_bg.xml
C:\Program Files\BitLord\lang\lang_ca_es.xml
C:\Program Files\BitLord\lang\lang_cz_cz.xml
C:\Program Files\BitLord\lang\lang_da_dk.xml
C:\Program Files\BitLord\lang\lang_de_de.xml
C:\Program Files\BitLord\lang\lang_el_gr.xml
C:\Program Files\BitLord\lang\lang_en_us.xml
C:\Program Files\BitLord\lang\lang_es_ar.xml
C:\Program Files\BitLord\lang\lang_es_es.xml
C:\Program Files\BitLord\lang\lang_et_ee.xml
C:\Program Files\BitLord\lang\lang_fi_fi.xml
C:\Program Files\BitLord\lang\lang_fr_fr.xml
C:\Program Files\BitLord\lang\lang_gl_es.xml
C:\Program Files\BitLord\lang\lang_he_il.xml
C:\Program Files\BitLord\lang\lang_hu_hu.xml
C:\Program Files\BitLord\lang\lang_it_it.xml
C:\Program Files\BitLord\lang\lang_jp_jp.xml
C:\Program Files\BitLord\lang\lang_ko_kr.xml
C:\Program Files\BitLord\lang\lang_nb_no.xml
C:\Program Files\BitLord\lang\lang_nl_nl.xml
C:\Program Files\BitLord\lang\lang_pl_pl.xml
C:\Program Files\BitLord\lang\lang_pt_br.xml
C:\Program Files\BitLord\lang\lang_pt_pt.xml
C:\Program Files\BitLord\lang\lang_ro_ro.xml
C:\Program Files\BitLord\lang\lang_ru_ru.xml
C:\Program Files\BitLord\lang\lang_sk_sk.xml
C:\Program Files\BitLord\lang\lang_sl_si.xml
C:\Program Files\BitLord\lang\lang_sr_sr.xml
C:\Program Files\BitLord\lang\lang_sv_se.xml
C:\Program Files\BitLord\lang\lang_th_th.xml
C:\Program Files\BitLord\lang\lang_tr_tr.xml
C:\Program Files\BitLord\lang\lang_va_es.xml
C:\Program Files\BitLord\lang\lang_zh_tw.xml
C:\Program Files\BitLord\rules\ipfilter.dat
C:\Program Files\BitLord\Torrents\PSHOP.zip.torrent
C:\Program Files\BitLord\Torrents\PSHOP.zip.xml
C:\Program Files\LimeWire
C:\Program Files\LimeWire\hs_err_pid1348.log
C:\Program Files\LimeWire\hs_err_pid2184.log
C:\Program Files\temp01
C:\WINDOWS\system32\4LU7K1qI.exe.a_a
.
((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))
.
2008-08-23 20:57 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-23 20:54 . 2008-08-23 20:54 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-23 19:48 . 2008-08-23 19:48 <DIR> d-------- C:\Program Files\Sun
2008-08-23 17:37 . 2008-08-23 17:37 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-20 19:08 . 2008-08-20 19:08 <DIR> d-------- C:\Program Files\Viewpoint
2008-08-18 18:17 . 2008-08-18 18:17 <DIR> d-------- C:\Program Files\CCleaner
2008-08-18 18:12 . 2008-08-18 18:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-17 23:00 . 2008-08-17 23:00 <DIR> d-------- C:\fsaua.data
2008-08-17 20:58 . 2008-08-17 20:58 <DIR> d-------- C:\Program Files\Bonjour
2008-08-17 19:05 . 2008-08-17 19:06 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-17 19:03 . 2004-04-02 17:38 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-08-17 19:03 . 2004-04-02 21:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-08-17 19:03 . 2004-04-02 18:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-08-17 19:03 . 2008-08-17 19:03 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-17 18:13 . 2008-08-17 20:39 <DIR> d-------- C:\SDFix
2008-08-17 09:23 . 2008-08-17 11:23 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-08-16 18:01 . 2008-08-16 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comcast
2008-08-12 18:23 . 2008-08-12 18:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlapdashGames
2008-08-11 20:54 . 2008-08-11 20:54 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-07-28 00:14 . 2008-08-18 01:36 <DIR> d-------- C:\Program Files\Dream Day Wedding - Married in Manhattan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 02:25 2,521 --sha-w C:\WINDOWS\system32\mmf.sys
2008-08-24 01:57 --------- d-----w C:\Program Files\Java
2008-08-19 03:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-19 03:20 --------- d-----w C:\Program Files\iWin.com
2008-08-18 23:07 --------- d-----w C:\Program Files\Google
2008-08-18 23:03 --------- d-----w C:\Program Files\GameHouse
2008-08-18 23:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-18 23:02 --------- d-----w C:\Program Files\Rock Legend
2008-08-18 23:02 --------- d-----w C:\Program Files\PCStitch 7
2008-08-18 23:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-18 12:49 --------- d-----w C:\Program Files\DAP
2008-08-18 12:41 --------- d-----w C:\Program Files\WildGames
2008-08-18 12:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-08-17 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-28 05:10 --------- d-----w C:\Program Files\bfgclient
2008-07-23 02:34 --------- d-----w C:\Program Files\Paint Shop Pro 7
2008-07-13 20:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\Gamelab
2008-07-12 16:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\PlayFirst
2008-07-12 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-07-08 00:40 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yatec Games
2008-07-08 00:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\VirtualFarm
2008-07-06 20:56 --------- d-----w C:\Program Files\Netflix
2008-06-29 00:50 --------- d-----w C:\Program Files\SymNetDrv
.
((((((((((((((((((((((((((((( snapshot@2008-08-18_19.34.14.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
- 2006-07-26 07:25:56 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 06:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2006-07-26 07:26:06 53,346 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 06:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2006-07-26 09:03:16 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 07:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-08-24 02:24:48 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_544.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 22:00 200704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 16:51 118784]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 15:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 22:13 98304]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-02-27 18:48 45056]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51 233472]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 06:42 176128]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37 229437]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 16:55 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-30 23:00 185632]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 13:25 202560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 04:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-07-13 16:19 95352]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe [2005-02-25 13:22:56 339968]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-02-22 00:10:00 169472]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Real\\RealOne Player\\trueplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\iWin Games\\iWinGames.exe"=
"C:\\Program Files\\iWin Games\\WebUpdater.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 09:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 09:37]
.
Contents of the 'Scheduled Tasks' folder
2008-08-23 C:\WINDOWS\Tasks\At25.job
- C:\WINDOWS\system32\4LU7K1qI.exe []
2006-01-17 C:\WINDOWS\Tasks\XoftSpy.job
- C:\Program Files\XoftSpy\XoftSpy.exe []
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-23 21:26:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\WINDOWS\Runservice.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-08-23 22:03:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-24 03:01:38
ComboFix2.txt 2008-08-19 00:36:49
Pre-Run: 9,662,812,160 bytes free
Post-Run: 9,662,124,032 bytes free
236 --- E O F --- 2008-07-15 01:46:28