no infected files for no lop
ComboFix 07-10-17.8 - kathy 2007-10-17 6:35:09.1 -
FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.169 [GMT -4:00]
Running from: C:\WINDOWS\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\tabatha\Application Data\Starware
C:\Documents and Settings\tabatha\Application Data\Starware\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\tabatha\Application Data\Starware\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\tabatha\Application Data\Starware\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\tabatha\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Games\GamesOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Games\GamesOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Games\GamesOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Games\GamesOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Games\GamesOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Games\GamesOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\JokeSearch\JokeSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\JokeSearch\JokeSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\JokeSearch\JokeSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\JokeSearch\JokeSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\JokeSearch\JokeSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\JokeSearch\JokeSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Layouts\PreferencesLayout.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Layouts\PreferencesLayout.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Layouts\PreferencesLayout.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Layouts\PreferencesLayout.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Layouts\PreferencesLayout.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Layouts\PreferencesLayout.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Layouts\ToolbarLayout.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Layouts\ToolbarLayout.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Layouts\ToolbarLayout.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Manager\ManagerOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Manager\ManagerOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Manager\ManagerOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Movies\MoviesOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Movies\MoviesOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Movies\MoviesOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Pranks\PranksOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Pranks\PranksOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Pranks\PranksOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Pranks\PranksOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Pranks\PranksOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Pranks\PranksOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\SmileyTown\SmileyTownOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\SmileyTown\SmileyTownOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\SmileyTown\SmileyTownOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup
C:\Program Files\Hammer.dll
C:\Program Files\ISM
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
C:\Program Files\Temporary
C:\Program Files\Temporary\wininstall.exe
C:\Program Files\Temporary\wininstall.exe
C:\Program Files\WinAble
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\xOe
C:\Temp\xOe\tOasF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\Profiles\All Users\Application Data\Starware337
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\epiRSS.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\epiRSS.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\epiRSS.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\epiRSS.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\epiSearch.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\epiSearch.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\epiSearch.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\epiSearch.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\FindIt.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\FindIt.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\FindItHot.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\FindItHot.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\findithotxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\findithotxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\finditxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\finditxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\Highlight.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\Highlight.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\HighlightHot.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\HighlightHot.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\highlighthotxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\highlighthotxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\highlightxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\highlightxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\Reference.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\Reference.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\ReferenceHot.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\ReferenceHot.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\referencehotxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\referencehotxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\referencexp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\referencexp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\starware_toolbar_icon.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\starware_toolbar_icon.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\Weather.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\Weather.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\weatherhotxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\weatherhotxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\weatherxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\weatherxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\contexts\error.xml
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\contexts\error.xml
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\contexts\related.xml
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\contexts\related.xml
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\contexts\travel.xml
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\contexts\travel.xml
C:\WINDOWS\start.exe
C:\WINDOWS\system32\b1
C:\WINDOWS\system32\biupobbc.dll
C:\WINDOWS\system32\byxvu.dll
C:\WINDOWS\system32\cbxyv.dll
C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\fdfqjdnu.dll
C:\WINDOWS\system32\hbilakww.exe
C:\WINDOWS\system32\hopjguu.dll
C:\WINDOWS\system32\nsw47.dll
C:\WINDOWS\SYSTEM32\qrstv.bak2
C:\WINDOWS\SYSTEM32\qrstv.ini
C:\WINDOWS\SYSTEM32\qrstv.tmp
C:\WINDOWS\SYSTEM32\undjqfdf.ini
C:\WINDOWS\SYSTEM32\uvxyb.bak1
C:\WINDOWS\SYSTEM32\uvxyb.bak1
C:\WINDOWS\SYSTEM32\uvxyb.ini
C:\WINDOWS\SYSTEM32\uvxyb.ini
C:\WINDOWS\system32\vMW04a
C:\WINDOWS\system32\vtsrq.dll
C:\WINDOWS\system32\vtsrq.dll
C:\WINDOWS\SYSTEM32\vycdd.bak1
C:\WINDOWS\SYSTEM32\vycdd.ini
C:\WINDOWS\SYSTEM32\vyxbc.bak1
C:\WINDOWS\SYSTEM32\vyxbc.bak1
C:\WINDOWS\SYSTEM32\vyxbc.ini
C:\WINDOWS\SYSTEM32\vyxbc.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
((((((((((((((((((((((((( Files Created from 2007-09-17 to 2007-10-17 )))))))))))))))))))))))))))))))
.
2007-10-16 06:40 <DIR> d-------- C:\Documents and Settings\tyler\Application Data\COMCASTTOOLBAR
2007-10-16 00:06 <DIR> d-------- C:\Documents and Settings\kathy\Application Data\TrojanHunter
2007-10-15 20:51 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-10-15 20:05 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-15 19:44 212 --a------ C:\delete.bat
2007-10-15 00:01 <DIR> d-------- C:\NoLopBackups
2007-10-14 23:43 <DIR> d-------- C:\Documents and Settings\kathy\Application Data\ComcastToolbar
2007-10-14 19:00 <DIR> d-------- C:\VundoFix Backups
2007-10-14 15:55 <DIR> d-------- C:\Docum
2007-10-14 15:30 <DIR> d-------- C:\Documents and Settings\GUEST-1\Application Data\COMCASTTOOLBAR
2007-10-14 14:48 <DIR> d-------- C:\Program Files\ComcastToolbar
2007-10-14 09:36 <DIR> d--hs---- C:\FOUND.004
2007-10-10 20:24 <DIR> d-------- C:\WINDOWS\Profiles\All Users\Application Data\STOPzilla!
2007-10-10 20:24 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-10-10 19:18 <DIR> d--hs---- C:\FOUND.003
2007-10-08 05:20 <DIR> d-------- C:\Program Files\McAfee
2007-10-08 05:20 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-10-08 04:10 249 --a------ C:\Documents and Settings\kathy\9258.bat
2007-10-08 03:55 249 --a------ C:\Documents and Settings\kathy\9664.bat
2007-10-08 03:41 249 --a------ C:\Documents and Settings\kathy\7255.bat
2007-10-07 12:09 <DIR> d-------- C:\Documents and Settings\kathy\Application Data\Closedupe
2007-10-07 12:05 249 --a------ C:\Documents and Settings\kathy\2849.bat
2007-10-07 11:15 <DIR> d-------- C:\Documents and Settings\tabatha\Application Data\Adssite Advanced Toolbar
2007-10-07 11:12 <DIR> d-------- C:\Documents and Settings\tabatha\Application Data\BitDownload
2007-10-07 11:09 <DIR> d-------- C:\WINDOWS\Profiles\All Users\Application Data\setup film inter bib
2007-10-07 11:09 <DIR> d-------- C:\Program Files\Closedupe
2007-10-07 11:08 <DIR> d-------- C:\Program Files\BitDownload
2007-09-19 22:27 <DIR> d-------- C:\Program Files\ATI Technologies
2007-09-19 22:26 <DIR> d-------- C:\ATI
2007-09-17 20:04 <DIR> d--hs---- C:\FOUND.002
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-16 22:55 339,968 ----a-w C:\WINDOWS\SYSTEM32\taocppex.dll
2007-10-16 22:54 389,184 ----a-w C:\WINDOWS\SYSTEM32\sjkgdtco.exe
2007-10-15 22:52 389,184 ----a-w C:\WINDOWS\SYSTEM32\rnpkmmdx.exe
2007-10-14 22:59 389,184 ----a-w C:\WINDOWS\SYSTEM32\vbmkqpmr.exe
2007-10-13 11:25 389,184 ----a-w C:\WINDOWS\SYSTEM32\bbdjojll.exe
2007-10-10 23:07 40,733 ----a-w C:\WINDOWS\SYSTEM32\rightonadz-uninst.exe
2007-10-10 10:24 63,488 ----a-w C:\WINDOWS\SYSTEM32\gzmrotate.dll
2007-10-07 15:27 79,832 ----a-w C:\WINDOWS\SYSTEM32\adssite-remove.exe
2007-10-07 15:25 58,368 ------w C:\WINDOWS\SYSTEM32\app.exe
2007-10-07 15:25 32,768 ----a-w C:\WINDOWS\SYSTEM32\winlogo.exe
2007-10-07 15:25 111,710 ----a-w C:\WINDOWS\SYSTEM32\ps.exe
2007-08-18 15:02 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-06-02 19:24 76,928 ----a-w C:\Documents and Settings\kathy\Application Data\GDIPFONTCACHEV1.DAT
2006-03-15 02:10 876,576 ---ha-r C:\Documents and Settings\JOHN\USER.DAT
2006-03-12 08:18 819,232 ---ha-r C:\Documents and Settings\timmy\USER.DAT
2005-07-14 13:08 29,156 ----a-w C:\Program Files\1353.torrent
2005-05-30 05:35 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-05-28 18:55 266 --sh--w C:\Program Files\desktop.ini
2005-05-28 18:55 11,079 ---h--w C:\Program Files\folder.htt
2006-06-21 19:08:34 2 --sh--w C:\WINDOWS\SYSTEM\netstat.com
2006-06-21 19:08:34 2 --sh--w C:\WINDOWS\SYSTEM\ping.com
2006-06-21 19:08:34 2 --sh--w C:\WINDOWS\SYSTEM\tracert.com
2006-06-21 19:08:34 2 --sh--w C:\WINDOWS\SYSTEM\tasklist.com
2006-06-21 19:08:34 2 --sh--w C:\WINDOWS\SYSTEM\taskkill.com
2006-06-21 19:08:34 2 --sh--w C:\WINDOWS\SYSTEM\regedit.com
2006-06-21 19:08:34 2 --sh--w C:\WINDOWS\SYSTEM\cmd.com
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22BCC155-FCB0-4580-84E1-AFCFA9941B4D}]
C:\Program Files\Internet Explorer\woxezibo4444.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66C6F332-2191-F5F9-9C5E-4F856CDE8CD2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{941CA48C-3984-4E7D-AAF8-8755ED76EB50}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{971C3384-F75E-4562-95B3-CBE7417529BC}]
2007-10-10 06:24 63488 --a------ C:\WINDOWS\system32\gzmrotate.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-16 18:55 339968 --a------ C:\WINDOWS\system32\taocppex.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5792AA9-D373-4039-8670-2CDAB6A71F15}]
2007-02-24 00:08 225280 --a------ C:\Program Files\BitDownload\TorrentManager.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E96A5803-5018-4123-B809-A2CF828FE2D6}]
C:\Program Files\Internet Explorer\woxezibo83122.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41C29B07-6F91-4966-91BE-2E2841643C83}"= C:\Program Files\Adssite Advanced Toolbar\toolbar.dll [ ]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\taocppex.dll [2007-10-16 18:55 339968]
[HKEY_CLASSES_ROOT\CLSID\{41C29B07-6F91-4966-91BE-2E2841643C83}]
[HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic.1]
[HKEY_CLASSES_ROOT\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}]
[HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-08-30 22:59]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45]
"MRT"="C:\WINDOWS\system32\MRT.exe" [2007-06-05 23:38]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 23:25 C:\WINDOWS\KHALMNPR.Exe]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 20:40]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-24 22:33]
"nwiz"="nwiz.exe" [2006-07-24 22:33 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-24 22:33]
"Inter bib audio army"="C:\WINDOWS\Profiles\All Users\Application Data\setup film inter bib\data help.exe" [2007-10-16 22:40]
"hid_start"="C:\WINDOWS\system32\gzmrotate.dll" [2007-10-10 06:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 02:14]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 12:00]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Printing Migration"=rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters
C:\Documents and Settings\tabatha\Start Menu\Programs\Startup\
Photo Express Calendar Checker SE.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [2005-11-07 04:11:15]
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2005-03-09 15:49:38]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-02-03 20:06:42]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-11-18 00:31:58]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
@=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\taocppex]
taocppex.dll 2007-10-16 18:55 339968 C:\WINDOWS\SYSTEM32\taocppex.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtsrq.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ATI Launchpad"=
"Weather"=C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
"Jmjbs"=C:\Program Files\Common Files\Elsd\jcgpbuy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"f3qhd2ks"=C:\WINDOWS\SYSTEM\f3qhd2ks.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Ulead Memory Card Detector"=C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 Trial\Monitor.exe
"PE2CKFNT SE"=C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"TaskMonitor"=C:\WINDOWS\taskmon.exe
"SystemTray"=SysTray.Exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"HydarVisionDesktopManager"=desk98.exe
"EM_EXEC"=C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
"KEMailKb"=C:\PROGRA~1\KEMAILKB\KEMailKb.EXE
"Adaptec DirectCD"=D:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
"HP CD-Writer"=D:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
"LexStart"=Lexstart.exe
"LexmarkPrinTray"=PrinTray.exe
"MCUpdateExe"=C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
"QuickTime Task"="C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
"OmgStartup"=C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
"SetPoint"=C:\Program Files\Logitech\SetPoint\KEM.EXE
"SsAAD.exe"=C:\PROGRA~1\SONY\SONICS~1\SSAAD.EXE
"CleanReg"=C:\WINDOWS\SYSTEM32\coclean.exe EnumPorts
"LXCFCATS"=rundll32 C:\WINDOWS\SYSTEM\LXCFtime.dll,_RunDLLEntry@16
"ScanRegistry"=C:\WINDOWS\scanregw.exe /autorun
"VSOCheckTask"="C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
"VirusScan Online"="C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
"MCAgentExe"=C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
"MPFEXE"="C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
"MCTskShd"=C:\PROGRA~1\MCAFEE.COM\AGENT\mctskshd.exe
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"winupdates"=\winupdates\winupdates.exe /auto
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"QuickTime Task"="C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
"MCUpdateExe"=C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
"MCAgentExe"=C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
"MPFEXE"="C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
"MCTskShd"=C:\PROGRA~1\MCAFEE.COM\AGENT\mctskshd.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"VSOCheckTask"="C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
"CY_BG"=C:\WINDOWS\CY_BG.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"KB891711"=C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"SchedulingAgent"=mstask.exe
"McVsRte"=C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
"2006-07-25 01:54:58 C:\WINDOWS\Tasks\ScanDisk.job"
"2007-10-07 03:00:02 C:\WINDOWS\Tasks\Tune-up Application Start.job"
"2007-10-16 16:00:02 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer tsid_09272005082920.job"
"2007-06-16 06:46:56 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-14 06:46:02 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-08 09:21:20 C:\WINDOWS\Tasks\McQcTask.job"
"2007-10-15 08:29:38 C:\WINDOWS\Tasks\McDefragTask.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-10-17 06:57:24
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-17 7:05:33 - machine was rebooted
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:10 AM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\Trend Micro\HijackThis\sweettweeter.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.gophersearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {22BCC155-FCB0-4580-84E1-AFCFA9941B4D} - C:\Program Files\Internet Explorer\woxezibo4444.dll (file missing)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {66C6F332-2191-F5F9-9C5E-4F856CDE8CD2} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: ngsh33.clsIS - {941CA48C-3984-4E7D-AAF8-8755ED76EB50} - (no file)
O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\WINDOWS\system32\gzmrotate.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\taocppex.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll
O2 - BHO: (no name) - {E96A5803-5018-4123-B809-A2CF828FE2D6} - C:\Program Files\Internet Explorer\woxezibo83122.dll (file missing)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\taocppex.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Inter bib audio army] C:\WINDOWS\Profiles\All Users\Application Data\setup film inter bib\data help.exe
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.h ... xdm492YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List -
res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print -
res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview -
res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print -
res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) -
http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) -
http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) -
http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) -
http://software-dl.real.com/14f90097b40 ... st_Win.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) -
http://www.pogo.com/cdl/launcher/PogoWe ... taller.CAB
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} -
http://eztracks.aavalue.com/ezt/toolbar/eztdl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) -
http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) -
http://dm.screensavers.com/dm/installer ... taller.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) -
http://www.vzwpix.com/activex/VerizonWi ... ontrol.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) -
http://www.intel.com/design/motherbd/bo ... oardID.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -
http://www.creative.com/su/ocx/15028/CTPID.cab
O20 - Winlogon Notify: taocppex - C:\WINDOWS\SYSTEM32\taocppex.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing)
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 15854 bytes