ComboFix 09-01-01.02 - Sami 2009-01-02 18:20:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.119 [GMT 0:00]
Running from: c:\documents and settings\Sami\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
c:\windows\system32\_004669_.tmp.dll
c:\windows\system32\_004670_.tmp.dll
c:\windows\system32\_004671_.tmp.dll
c:\windows\system32\_004672_.tmp.dll
c:\windows\system32\_004679_.tmp.dll
c:\windows\system32\_004680_.tmp.dll
c:\windows\system32\_004681_.tmp.dll
c:\windows\system32\_004682_.tmp.dll
c:\windows\system32\_004684_.tmp.dll
c:\windows\system32\_004685_.tmp.dll
c:\windows\system32\_004688_.tmp.dll
c:\windows\system32\_004689_.tmp.dll
c:\windows\system32\_004691_.tmp.dll
c:\windows\system32\_004692_.tmp.dll
c:\windows\system32\_004693_.tmp.dll
c:\windows\system32\_004695_.tmp.dll
c:\windows\system32\_004698_.tmp.dll
c:\windows\system32\_004699_.tmp.dll
c:\windows\system32\_004703_.tmp.dll
c:\windows\system32\_004704_.tmp.dll
c:\windows\system32\_004706_.tmp.dll
c:\windows\system32\_004709_.tmp.dll
c:\windows\system32\_004711_.tmp.dll
c:\windows\system32\_004712_.tmp.dll
c:\windows\system32\_004713_.tmp.dll
c:\windows\system32\_004714_.tmp.dll
c:\windows\system32\_004715_.tmp.dll
c:\windows\system32\_004718_.tmp.dll
c:\windows\system32\_004719_.tmp.dll
c:\windows\system32\_004720_.tmp.dll
c:\windows\system32\_004721_.tmp.dll
c:\windows\system32\_004722_.tmp.dll
c:\windows\system32\_004727_.tmp.dll
c:\windows\system32\_004729_.tmp.dll
c:\windows\system32\_004730_.tmp.dll
c:\windows\system32\a.exe
c:\windows\system32\chantthq.dll
c:\windows\system32\igtccjpm.ini
c:\windows\system32\junlrfps.dll
c:\windows\system32\mpjcctgi.dll
c:\windows\system32\rpopmo.dll
c:\windows\system32\yaceNUtv.ini
c:\windows\system32\yaceNUtv.ini2
.
((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.
2009-09-12 21:44 . 2008-10-29 13:04 <DIR> d-------- c:\program files\Tales of Pirates Online
2009-04-22 20:35 . 2009-04-22 20:35 <DIR> d-------- c:\program files\alot
2008-12-29 13:15 . 2008-12-29 13:15 <DIR> d-------- c:\program files\Trend Micro
2008-12-27 12:28 . 2008-12-27 12:28 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-26 21:48 . 2008-12-26 22:04 <DIR> d-------- c:\program files\ProxyWay
2008-12-25 18:21 . 2008-12-25 18:21 <DIR> d-------- c:\documents and settings\yousuf
2008-12-24 22:11 . 2008-12-26 22:04 <DIR> d-------- c:\documents and settings\Sami\Application Data\Hide IP NG
2008-12-24 21:46 . 2008-12-24 21:46 32 --a------ c:\windows\go
2008-12-24 20:42 . 2008-12-24 20:42 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-24 20:42 . 2008-12-24 20:42 <DIR> d-------- c:\documents and settings\Sami\Application Data\SUPERAntiSpyware.com
2008-12-24 20:42 . 2008-12-24 20:42 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-12-10 22:48 . 2008-12-10 22:48 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Adobe Systems
2008-12-09 19:41 . 2008-12-09 19:41 <DIR> d-------- c:\windows\.jagex_cache_32
2008-12-08 10:51 . 2008-12-08 10:51 <DIR> d--hs---- C:\found.000
2008-12-07 17:38 . 2008-12-07 17:38 <DIR> d-------- c:\documents and settings\Sami\Application Data\Megaupload
2008-12-07 17:37 . 2008-12-07 17:38 <DIR> d-------- c:\documents and settings\Sami\Application Data\EmailNotifier
2008-12-07 17:37 . 2008-12-07 17:37 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Megaupload
2008-12-07 17:37 . 2008-12-07 17:37 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\EmailNotifier
2008-12-06 22:10 . 2008-12-06 22:10 <DIR> d-------- c:\program files\GoldWave
2008-12-04 15:58 . 2008-12-04 15:58 <DIR> d-------- c:\program files\MSXML 6.0
2008-12-03 12:15 . 2008-12-03 12:15 <DIR> d-------- c:\program files\FileZilla FTP Client
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 20:43 --------- d-----w c:\documents and settings\zaiby\Application Data\alot
2009-04-22 20:42 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-04-22 20:41 --------- d-----w c:\documents and settings\zaiby\Application Data\Publish Providers
2009-04-22 20:40 --------- d-----w c:\documents and settings\zaiby\Application Data\Sony
2008-12-29 16:09 --------- d-----w c:\program files\Google
2008-12-27 12:59 --------- d-----w c:\documents and settings\Sami\Application Data\FileZilla
2008-12-27 12:27 --------- d-----w c:\program files\Java
2008-12-26 22:29 --------- d-----w c:\program files\Tubeinator
2008-12-24 20:39 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-10 22:45 --------- d-----w c:\program files\Common Files\Adobe
2008-12-07 19:28 --------- d-----w c:\program files\TubeAdder
2008-12-07 19:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-24 20:14 --------- d-----w c:\program files\Windows Live
2008-11-24 20:13 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\WLInstaller
2008-11-24 14:41 --------- d-----w c:\program files\Microsoft
2008-11-24 14:28 --------- d-----w c:\program files\Common Files\Windows Live
2008-11-17 20:24 --------- d-----w c:\program files\Topaz Labs LLC
2008-11-15 17:56 --------- d-----w c:\program files\Traffic Hurricane
2008-11-15 17:47 --------- d-----w c:\program files\Common Files\Real
2008-11-15 13:33 --------- d-----w c:\program files\SystemRequirementsLab
2008-11-15 13:30 --------- d-----w c:\documents and settings\Sami\Application Data\SystemRequirementsLab
2008-11-14 20:20 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-11-14 20:20 249,856 ------w c:\windows\Setup1.exe
2008-11-11 14:06 434,688 ----a-w c:\windows\system32\ss2uinst.exe
2008-11-10 13:34 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-10 13:26 676,224 ----a-w c:\windows\system32\ogacheckcontrol.dll
2008-11-09 14:17 --------- d-----w c:\program files\Ahead
2008-11-05 20:19 --------- d-----w c:\program files\Magic Traffic Bot
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 10:37 659,456 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
.
------- Sigcheck -------
2008-04-14 00:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\termsrv.dll
2002-12-31 12:00 215552 a77219a971029dc2fb683e8513713803 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Google Update"="c:\documents and settings\Sami\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-14 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]
"ProxyWay"="c:\program files\ProxyWay\proxyway.exe" [2008-12-26 409088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-27 136600]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 c:\windows\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]
c:\documents and settings\Sami\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll rpopmo.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\
0lsdelete
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 18:51 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2002-12-31 12:00 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 18:42 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-07-18 97928]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-22 55024]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-23 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-23 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-07-18 76040]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16dfbc98-2843-11de-a4ec-0016761da936}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16dfbc9b-2843-11de-a4ec-0016761da936}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder
2009-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1303643608-2147027303-1003.job
- c:\documents and settings\Sami\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-14 15:55]
.
- - - - ORPHANS REMOVED - - - -
BHO-{925dcd6d-4d73-4100-958c-e840b68593b9} - c:\windows\system32\rpopmo.dll
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKCU-Run-Free Ram Optimizer - c:\program files\AceLogix\Free Ram Optimizer\fro.exe
Notify-dimsntfy - (no file)
MSConfigStartUp-NeroCheck - c:\windows\system32\\NeroCheck.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
uSearchURL,(Default) =
hxxp://www.google.com/search/?q=%s
TCP: {3C50D662-88C5-4D58-AC1C-C2586CDA1343} = 208.67.222.222,208.67.222.220
FF - ProfilePath - c:\documents and settings\Sami\Application Data\Mozilla\Firefox\Profiles\zsc14161.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - component: c:\documents and settings\Sami\Application Data\Mozilla\Firefox\Profiles\zsc14161.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-02 18:29:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-682003330-1303643608-2147027303-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96615BFF-D8CB-B059-E66B-2D036C7C3CD4}*NULL*]
"hanbngpannofhjfl"=hex:6a,61,68,6a,6a,6d,6b,6b,62,6c,69,63,6e,62,6f,69,6a,64,\
63,6f,00,22
"iahphkdlghjiodmije"=hex:63,61,62,6a,6c,70,00,00
"iadchhkigoeeipdmof"=hex:6a,61,68,6a,6a,6d,6b,6b,62,6c,69,63,6e,62,6f,69,6a,64,\
63,6f,00,d6
[HKEY_LOCAL_MACHINE\software\Microsoft\MS Juan\DJZERO]
@DACL=(02 0000)
"LTM"=hex:00,00,00,00,00,00,00,00
"CDY"=hex:00,00,00,00,00,00,00,00
"CNT"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\MS Juan\JKWL]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MS Juan\JKWL\msg/view/140482/inbox]
@DACL=(02 0000)
"LU"="www.google-analytics.com/__utm.gif?utmwv=4.3&utmn=1067967982&utmhn=www.streetmobster.com&utmcs=UTF-8&utmsr=1024x768&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=10.0%20r12&utmdt=STREETMOBSTER.COM%20%E2%80%94%20the%20hottest%20online%20mobster%20game!&utmhid=1728396597&utmr=-&utmp=/?q=msg/view/140482/inbox&z=TxtO&utmac=UA-4769024-1&utmcc=__utma%3D65884396.4361062169877727700.1230229586.1230552612.1230558779.13%3B%2B__utmz%3D65884396.1230229586.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B"
"CT"=dword:00000001
"LT"=hex:fe,e8,da,c4,bc,69,c9,01
[HKEY_LOCAL_MACHINE\software\Microsoft\MS Juan\metajuan]
@DACL=(02 0000)
"LTM"=hex:00,00,00,00,00,00,00,00
"CDY"=hex:00,00,00,00,00,00,00,00
"CNT"=dword:00000000
"LBL"=hex:00,00,00,00,00,00,00,00
"MN"=hex:00,00,00,00
[HKEY_LOCAL_MACHINE\software\Microsoft\MS Juan\meta_mg]
@DACL=(02 0000)
"LTM"=hex:00,00,00,00,00,00,00,00
"CDY"=hex:00,00,00,00,00,00,00,00
"CNT"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\MS Juan\profiling4]
@DACL=(02 0000)
"LTM"=hex:04,40,44,41,bb,69,c9,01
"CDY"=hex:fe,e8,da,c4,bc,69,c9,01
"CNT"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\MS Juan\superjuan]
@DACL=(02 0000)
"LTM"=hex:fe,e8,da,c4,bc,69,c9,01
"CDY"=hex:00,00,00,00,00,00,00,00
"CNT"=dword:00000033
[HKEY_LOCAL_MACHINE\software\Microsoft\MS Juan\TrackDJuan]
@DACL=(02 0000)
"LTM"=hex:00,00,00,00,00,00,00,00
"CDY"=hex:00,00,00,00,00,00,00,00
"CNT"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ôw*NULL*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(528)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-02 18:35:45 - machine was rebooted [Sami]
ComboFix-quarantined-files.txt 2009-01-02 18:35:41
Pre-Run: 18,891,427,840 bytes free
Post-Run: 28,121,726,976 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
291 --- E O F --- 2008-12-19 11:54:37
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:36:38, on 02/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\Sami\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\CF16361.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sami\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{3C50D662-88C5-4D58-AC1C-C2586CDA1343}: NameServer = 208.67.222.222,208.67.222.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C50D662-88C5-4D58-AC1C-C2586CDA1343}: NameServer = 208.67.222.222,208.67.222.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll rpopmo.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 5672 bytes