Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:42, on 2007-10-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\bak\bak\Smax4.exe
C:\Program Files\NetZero DSL\ConnectionCenter.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\reveal.exe.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://search.netzero.net/search?action ... search_dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://search.netzero.net/search?action ... search_dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: NetZero DSL - {8E613EAF-E16E-415C-BD39-F71D6A3B5518} - C:\Program Files\NetZero DSL\Toolbar.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\bak\bak\Smax4.exe" /tray
O4 - HKLM\..\Run: [NetZeroDSL] "C:\Program Files\NetZero DSL\ConnectionCenter.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: *.whataboutadog.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 4316 bytes
ComboFix 07-10-16.1 - Patty 2007-10-16 16:31:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.183 [GMT -4:00]
Running from: C:\Documents and Settings\Patty\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Patty\Desktop\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\System32\__c00A8CF9.dat
C:\WINDOWS\system32\msmapibx32.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin10.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin11.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin12.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin13.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin14.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin15.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin3.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin4.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin5.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin6.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin7.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin8.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin9.zip
C:\Program Files\Common Files\mcroso~1
C:\Program Files\Common Files\pppatc~1
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\Insider
C:\Program Files\ISM2
C:\Program Files\ISM2\dictionary.gz
C:\Program Files\ISM2\ISMPack6.exe
C:\Program Files\ISM2\targets.gz
C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\crap.1191456251.old
C:\Program Files\WinBudget\bin\crap.1192230529.old
C:\Program Files\WinBudget\bin\crap.1192444247.old
C:\Program Files\WinBudget\bin\matrix.dat
C:\Program Files\WinBudget\bin\matrix.dll.1192230529.old
C:\Program Files\WinBudget\bin\matrix.dll.1192444246.old
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\xOe
C:\Temp\xOe\tOasF.log
C:\WINDOWS\764.exe
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\ie_32.exe
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\abc2
C:\WINDOWS\system32\abc2\aisven2.exe
C:\WINDOWS\system32\dqsqbhjg.ini
C:\WINDOWS\system32\drivers\bg_bg.gif
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\close_ico.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\icon_warning_big.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\remove_spyware_header.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\spyware_detected.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_ico.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\gjhbqsqd.dll
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\kjkmp.bak1
C:\WINDOWS\system32\kjkmp.ini
C:\WINDOWS\system32\nssB.dll
C:\WINDOWS\system32\pppatc~1
C:\WINDOWS\system32\rev1
C:\WINDOWS\system32\rrutv.bak1
C:\WINDOWS\system32\rrutv.ini
C:\WINDOWS\system32\ss9
C:\WINDOWS\system32\ttstv.bak1
C:\WINDOWS\system32\ttstv.ini
C:\WINDOWS\system32\ugcrnkjn.dll
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\winlogon.dll
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\wnsinticomsv.exe
C:\WINDOWS\system32\z12
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
C:\xcrashdump.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DRIVER
-------\LEGACY_ICF
-------\LEGACY_NETWORK_MONITOR
((((((((((((((((((((((((( Files Created from 2007-09-16 to 2007-10-16 )))))))))))))))))))))))))))))))
.
2007-10-16 16:24 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-15 15:36 <DIR> d-------- C:\Documents and Settings\Patty\Application Data\AVG7
2007-10-15 15:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-15 15:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-15 15:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-15 15:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-15 15:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-10-15 06:27 <DIR> d-------- C:\WINDOWS\cache
2007-10-14 12:29 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-10-10 01:21 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-06 10:32 <DIR> d-------- C:\Program Files\Full Tilt Poker
2007-10-05 06:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-10-03 19:00 <DIR> d-------- C:\WINDOWS\provisioning
2007-10-03 19:00 <DIR> d-------- C:\WINDOWS\peernet
2007-10-03 18:58 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-10-03 18:53 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-10-03 18:50 <DIR> d-------- C:\WINDOWS\EHome
2007-10-03 09:05 <DIR> d-------- C:\WINDOWS\system32\ep1
2007-10-03 09:04 <DIR> d-------- C:\WINDOWS\system32\vMW27a
2007-09-30 19:22 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-30 19:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-30 19:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-28 08:30 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-26 14:00 <DIR> d-------- C:\Program Files\Viewpoint
2007-09-26 13:59 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-09-26 13:59 <DIR> d-------- C:\Program Files\AIM6
2007-09-24 22:20 27,440 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-09-23 06:11 <DIR> d-------- C:\Documents and Settings\Patty\Application Data\SpywareRemover
2007-09-23 05:55 30,976 --a------ C:\WINDOWS\system32\ace16win.dll
2007-09-22 22:10 <DIR> d-------- C:\Documents and Settings\Patty\Application Data\AdwareAlert
2007-09-21 20:47 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-09-21 20:39 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-09-17 23:33 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-09-17 23:33 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-09-17 23:33 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-09-17 23:33 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-15 10:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-11 19:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\NetZero DSL
2007-10-11 12:58 --------- d-----w C:\Program Files\NetZero DSL
2007-10-06 14:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-03 23:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-03 23:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-03 13:55 --------- d-----w C:\Program Files\Symantec
2007-09-29 19:50 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-27 13:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-26 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-09-26 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-09-26 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-09-15 01:11 59,392 ----a-w C:\WINDOWS\mscrypt.dll
2007-09-15 01:11 2,146 ----a-w C:\gvhp.exe
2007-09-13 22:53 4,074 ----a-w C:\Program Files\hlpsrv.exe
2007-09-13 22:37 55,560 ----a-w C:\WINDOWS\system32\adssite-remove.exe
2007-09-09 21:36 --------- d-----w C:\Program Files\LimeWire
2007-08-29 01:13 --------- d-----w C:\Program Files\NetZero
2007-08-29 01:00 --------- d-----w C:\Program Files\Enigma Software Group
2007-08-26 04:52 246 ----a-w C:\Program Files\Common Files\bapu345
2007-08-25 16:53 --------- d-----w C:\Program Files\Java
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-28 09:06 135 ----a-w C:\Program Files\Common Files\fsoxy.html
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 27,664 2007-10-03 23:56:34 C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe
----a-w 24,080 2007-08-29 01:10:51 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
----a-w 1,388,544 2004-10-14 13:11:10 C:\Program Files\Analog Devices\SoundMAX\bak\SMax4PNP.exe
----a-w 27,664 2007-10-03 23:56:34 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
----a-w 860,160 2004-09-23 16:41:54 C:\Program Files\Analog Devices\SoundMAX\bak\bak\Smax4.exe
----a-w 24,080 2007-08-29 01:10:51 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
----a-w 860,160 2004-09-23 16:41:54 C:\Program Files\Analog Devices\SoundMAX\bak\bak\Smax4.exe
----a-w 27,664 2007-10-03 23:56:34 C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe
----a-w 218,240 2004-11-02 23:59:52 C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe
----a-w 132,496 2007-07-12 08:00:36 C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe
----a-w 1,629,184 2007-03-07 00:00:40 C:\Program Files\NetZero\bak\exec.exe
----a-w 24,080 2007-08-29 01:10:51 C:\Program Files\NetZero\exec.exe
----a-w 1,050,360 2007-05-14 16:18:39 C:\Program Files\NetZero DSL\bak\ConnectionCenter.exe
----a-w 1,095,152 2007-09-17 23:48:48 C:\Program Files\NetZero DSL\ConnectionCenter.exe
----a-w 224,248 2007-06-08 14:59:38 C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe
----a-w 27,664 2007-10-03 23:56:34 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
----a-w 145,408 2001-08-23 12:00:00 C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\bak\MSConfig.exe
----a-w 158,208 2004-08-04 07:56:53 C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8E613EAF-E16E-415C-BD39-F71D6A3B5518}"= C:\Program Files\NetZero DSL\Toolbar.dll [2007-09-13 17:34 264688]
[HKEY_CLASSES_ROOT\CLSID\{8E613EAF-E16E-415C-BD39-F71D6A3B5518}]
[HKEY_CLASSES_ROOT\DSLToolbar.NetZero DSL.1]
[HKEY_CLASSES_ROOT\TypeLib\{98C469F7-8C27-489D-B107-44FD6A54C554}]
[HKEY_CLASSES_ROOT\DSLToolbar.NetZero DSL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-08-25 07:05 C:\WINDOWS\system32\SiSPower.dll]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2007-10-03 19:56]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\bak\bak\Smax4.exe" [2004-09-23 12:41]
"NetZeroDSL"="C:\Program Files\NetZero DSL\ConnectionCenter.exe" [2007-09-17 19:48]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-10-03 19:56]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-15 15:36]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-04-02 13:10:02]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US
ee://aol/imApp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
S2 ohbusb;Open Host Controller Miniport USB Driver;\??\C:\WINDOWS\System32\drivers\ohbusb.sys
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-10-16 16:35:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-16 16:37:32 - machine was rebooted
.
--- E O F ---