Combo Fix LogComboFix 09-03-28.06 - kids 2009-03-29 23:18:25.1 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.617 [GMT 8:00]
Running from: c:\documents and settings\kids.VIPERKIDS\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\b.exe
C:\b3b9u.com
C:\n.com
c:\program files\FBrowserAdvisor
C:\sq.com
C:\t1ypkh.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\jucxkyqsrjon.dll
C:\xcrashdump.dat
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-29 )))))))))))))))))))))))))))))))
.
2009-03-29 07:11 . 2009-03-29 07:11 <DIR> d--hs---- C:\FOUND.101
2009-03-28 13:36 . 2009-03-28 13:36 <DIR> d-------- C:\rsit
2009-03-28 03:53 . 2009-03-28 03:54 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-28 03:51 . 2009-03-28 03:51 <DIR> d-------- c:\program files\Common Files\Adobe
2009-03-28 03:21 . 2009-03-28 03:21 <DIR> d-------- c:\program files\NOS
2009-03-28 03:21 . 2009-03-28 03:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-03-27 12:19 . 2009-03-27 12:19 <DIR> d--hs---- C:\FOUND.100
2009-03-26 08:45 . 2009-03-26 08:45 <DIR> d--hs---- C:\FOUND.099
2009-03-24 18:55 . 2009-03-24 18:55 <DIR> d-------- c:\program files\Regensoft
2009-03-24 18:55 . 2009-03-24 18:55 <DIR> d-------- c:\program files\AviSynth 2.5
2009-03-23 07:05 . 2009-03-23 07:06 <DIR> d-------- c:\program files\trend micro
2009-03-23 06:51 . 2009-03-23 06:51 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-23 06:37 . 2009-03-23 06:37 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-23 06:37 . 2009-03-23 06:37 <DIR> d-------- c:\documents and settings\kids.VIPERKIDS\Application Data\AVGTOOLBAR
2009-03-23 06:37 . 2009-03-23 06:37 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-23 06:37 . 2009-03-27 09:04 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-23 06:37 . 2009-03-23 06:37 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-23 06:36 . 2009-03-23 06:36 <DIR> d-------- c:\program files\AVG
2009-03-23 06:36 . 2009-03-23 06:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-21 06:52 . 2009-03-21 06:52 <DIR> d--hs---- C:\FOUND.098
2009-03-19 10:31 . 2009-03-19 10:31 <DIR> d-------- c:\documents and settings\kids.VIPERKIDS\Application Data\WildTangent
2009-03-19 09:46 . 2009-03-19 09:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\WildTangent
2009-03-19 09:42 . 2009-03-19 09:42 <DIR> d-------- c:\program files\WildGames
2009-03-19 08:19 . 2009-03-19 08:19 <DIR> d--hs---- c:\windows\ftpcache
2009-03-19 08:19 . 2009-03-19 08:19 <DIR> d-------- c:\program files\Age of Castles
2009-03-14 22:53 . 2009-03-14 22:53 <DIR> d-------- c:\program files\Galaxy Online
2009-03-14 10:02 . 2009-03-14 10:02 <DIR> d--hs---- C:\FOUND.097
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 10:47 48,253 ----a-w c:\windows\system32\vipfqnczvhrzvbv.exe
2009-02-22 15:14 --------- d-----w c:\documents and settings\kids.VIPERKIDS\Application Data\Uniblue
2009-02-22 15:14 --------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner
2009-02-22 06:32 --------- d-----w c:\program files\Winamp Toolbar
2009-02-22 06:32 --------- d-----w c:\documents and settings\All Users\Application Data\Winamp Toolbar
2009-02-22 05:27 --------- d-----w c:\program files\P2P_Torrent
2009-02-22 05:27 --------- d-----w c:\program files\Conduit
2009-02-22 05:26 --------- d-----w c:\program files\LimeWire Acceleration Patch
2009-02-21 05:28 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-19 12:42 --------- d--h--r c:\documents and settings\kids.VIPERKIDS\Application Data\SecuROM
2009-02-19 10:56 --------- d-----w c:\documents and settings\kids.VIPERKIDS\Application Data\SpinTop
2009-02-19 10:53 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\dllcache\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-17 1266992]
"{bc4be15d-6a34-4356-9e97-79e43da32b1d}"= "c:\program files\P2P_Torrent\tbP2P0.dll" [2009-03-17 1883672]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CLASSES_ROOT\clsid\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
2009-03-17 07:21 1883672 --a------ c:\program files\P2P_Torrent\tbP2P0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bc4be15d-6a34-4356-9e97-79e43da32b1d}"= "c:\program files\P2P_Torrent\tbP2P0.dll" [2009-03-17 1883672]
[HKEY_CLASSES_ROOT\clsid\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BC4BE15D-6A34-4356-9E97-79E43DA32B1D}"= "c:\program files\P2P_Torrent\tbP2P0.dll" [2009-03-17 1883672]
[HKEY_CLASSES_ROOT\clsid\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-23 335872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-23 1932568]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 c:\windows\soundman.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-23 06:37 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12109:TCP"= 12109:TCP:BitComet 12109 TCP
"12109:UDP"= 12109:UDP:BitComet 12109 UDP
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-23 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-23 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-23 298264]
R3 MusCVideo;MusCVideo;c:\windows\system32\drivers\MusCVideo.sys [2009-01-02 3768]
S3 FXDRV;FXDRV;\??\f:\fxdrv.sys --> f:\Fxdrv.sys [?]
S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys --> c:\windows\system32\drivers\MusCAudio.sys [?]
S3 NTProcDrv;Process creation detector for NT.;c:\documents and settings\kids.VIPERKIDS\Desktop\Stuff\CabalRider_PH\NTProcDrv.sys [2008-08-14 3584]
S3 Revolution1;Revolution1;\??\c:\documents and settings\kids.VIPERKIDS\Desktop\gb\Revolution_Engine_8.3_ShaK3\SHAK3.sys --> c:\documents and settings\kids.VIPERKIDS\Desktop\gb\Revolution_Engine_8.3_ShaK3\SHAK3.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36159cb0-aa29-11dd-89bc-0015583cce62}]
\Shell\Autoplay\Command - G:\xmss.exe
\Shell\AutoRun\command - G:\xmss.exe
\Shell\Explore\Command - G:\xmss.exe
\Shell\Open\Command - G:\xmss.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40116ed8-f042-11dd-8b32-0015583cce62}]
\Shell\AutoRun\command - RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe
\Shell\open\command - RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d9be608-c5ab-11dd-8a3b-0015583cce62}]
\Shell\AutoRun\command - e:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe
\Shell\open\command - e:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55aa70be-e765-11dc-8545-0015583cce62}]
\Shell\AutoRun\command - E:\u9dyi.exe
\Shell\explore\Command - E:\u9dyi.exe
\Shell\open\Command - E:\u9dyi.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fb076e3-270a-11dd-8734-0015583cce62}]
\Shell\AutoRun\command - H:\u9dyi.exe
\Shell\explore\Command - H:\u9dyi.exe
\Shell\open\Command - H:\u9dyi.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a161fa0f-e4e5-11dc-8537-0015583cce62}]
\Shell\AutoRun\command - E:\u9dyi.exe
\Shell\explore\Command - E:\u9dyi.exe
\Shell\open\Command - E:\u9dyi.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a161fa10-e4e5-11dc-8537-0015583cce62}]
\Shell\AutoRun\command - I:\u9dyi.exe
\Shell\explore\Command - I:\u9dyi.exe
\Shell\open\Command - I:\u9dyi.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af620836-ebf9-11dc-856f-0015583cce62}]
\Shell\AutoRun\command - H:\o.exe
\Shell\open\Command - H:\o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc9a6509-5ba5-11dd-882e-0015583cce62}]
\Shell\AutoRun\command - E:\u9dyi.exe
\Shell\explore\Command - E:\u9dyi.exe
\Shell\open\Command - E:\u9dyi.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db0bc0f4-7357-11dd-88a3-0015583cce62}]
\Shell\AutoRun\command - G:\1t6yxlxx.cmd
\Shell\explore\Command - G:\1t6yxlxx.cmd
\Shell\open\Command - G:\1t6yxlxx.cmd
.
Contents of the 'Scheduled Tasks' folder
2009-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -
BHO-{875EBB95-ED22-9BF1-E384-E4BC9A65FB9A} - c:\windows\system32\jucxkyqsrjon.dll
HKCU-Run-BitComet - d:\bitcomet\BitComet.exe
HKCU-Run-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
HKCU-Run-BitDownload - c:\program files\BitDownload\BitDownload.exe
HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
Notify-__c004DB49 - c:\windows\system32\__c004DB49.dat
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.yahoo.com/mStart Page =
hxxp://www.yahoo.com/mSearch Bar =
hxxp://us.rd.yahoo.com/customize/ie/def ... earch.htmluInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.comIE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\kids.VIPERKIDS\Application Data\Mozilla\Firefox\Profiles\kee0izlp.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www3.yoog.com/search.php?q=FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage -
hxxp://www.yahoo.com/FF - prefs.js: keyword.URL -
hxxp://www3.yoog.com/search.php?q=FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL -
hxxp://www3.yoog.com/search.php?q=FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl -
hxxp://www3.yoog.com/search.php?q=.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-29 23:25:27
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1801674531-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connecti€**]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1801674531-2025429265-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:92,0d,08,c5,94,de,01,2c,a8,8c,7c,a2,c5,3e,5f,67,37,f1,1c,36,19,06,b2,
28,30,ce,3f,c0,c5,a8,87,da,fc,92,e6,a1,fb,49,26,32,0d,86,53,70,20,a0,7b,af,\
"??"=hex:e5,46,a7,ec,14,28,f5,62,cd,e4,4c,00,50,8b,04,09
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\program files\AVG\AVG8\AVGWDSVC.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\windows\SYSTEM32\WGATRAY.EXE
c:\program files\AVG\AVG8\AVGRSX.EXE
c:\program files\AVG\AVG8\AVGNSX.EXE
.
**************************************************************************
.
Completion time: 2009-03-29 23:27:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-29 15:27:48
Pre-Run: 5,926,600,704 bytes free
Post-Run: 6,205,849,600 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
244 --- E O F --- 2009-03-12 12:54:53
Hijack LogLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:34 PM, on 3/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/def ... earch.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P0.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P0.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P0.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) -
file://C:\Program Files\Monopoly\Images\stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -
file://C:\Program Files\Monopoly\Images\armhelper.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O24 - Desktop Component 0: (no name) -
http://www.hamsterhideout.com/illustrations/aspen.jpg--
End of file - 6846 bytes
sorry for late reply...