ComboFix 09-11-06.01 - temp 11/06/2009 23:05.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1983.1414 [GMT -5:00]
Running from: c:\documents and settings\temp\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\temp\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Kenny\Cookies\hpothb07.dat
.
((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.
2009-11-04 05:16 . 2009-11-04 05:20 -------- d-----w- C:\OLDGAMES
2009-11-04 05:12 . 2009-11-04 05:38 -------- d-----w- C:\DOSBox-0.73
2009-11-04 05:06 . 2009-11-04 05:06 -------- d-----w- c:\documents and settings\temp\Local Settings\Application Data\DOSBox
2009-11-03 19:37 . 2009-11-03 19:37 -------- d-----w- c:\program files\JRE
2009-10-31 08:11 . 2009-10-31 08:11 -------- d-----w- c:\documents and settings\temp\Application Data\acccore
2009-10-31 08:11 . 2009-10-31 08:11 -------- d-----w- c:\documents and settings\temp\Local Settings\Application Data\AOL
2009-10-31 08:04 . 2009-10-31 08:04 -------- d-----w- c:\documents and settings\temp\Local Settings\Application Data\AOL OCP
2009-10-31 08:04 . 2009-10-31 08:04 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2009-10-31 08:04 . 2009-10-31 08:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-10-31 08:04 . 2009-10-31 08:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-10-31 08:04 . 2009-10-31 08:04 -------- d-----w- c:\program files\Common Files\AOL
2009-10-31 08:03 . 2009-10-31 08:11 -------- d-----w- c:\program files\AIM6
2009-10-30 10:53 . 2009-10-30 10:53 -------- d-----w- c:\program files\Utherverse Digital Inc
2009-10-29 23:10 . 2009-10-29 23:10 -------- d-----w- c:\documents and settings\temp\Application Data\AVG8
2009-10-29 22:29 . 2009-10-29 22:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-29 15:06 . 2009-10-29 15:06 22016 ----a-w- c:\windows\system32\tdlwsp.dll
2009-10-28 19:12 . 2009-10-28 19:12 -------- d-----w- C:\rsit
2009-10-25 06:24 . 2009-10-25 06:24 -------- d-----w- c:\program files\iPod
2009-10-25 06:24 . 2009-10-25 06:24 -------- d-----w- c:\program files\iTunes
2009-10-25 06:24 . 2009-10-25 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-25 06:21 . 2009-10-25 06:22 -------- d-----w- c:\program files\QuickTime
2009-10-25 06:13 . 2009-10-25 06:13 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-10-24 23:48 . 2009-10-24 23:48 -------- d-----w- c:\program files\Trend Micro
2009-10-24 21:18 . 2009-10-24 21:18 -------- d-----w- c:\documents and settings\Guest\Application Data\Malwarebytes
2009-10-24 19:44 . 2009-10-24 19:44 -------- d-----w- c:\documents and settings\temp\Application Data\Malwarebytes
2009-10-24 19:44 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-24 19:44 . 2009-10-24 21:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-24 19:44 . 2009-10-24 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-24 19:44 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-20 07:45 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-20 07:45 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-20 07:45 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-20 07:45 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-20 07:45 . 2009-10-13 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-20 07:45 . 2009-10-20 07:45 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-19 06:43 . 2009-10-19 06:43 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-10-19 06:09 . 2009-10-19 06:09 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Yahoo!
2009-10-19 00:45 . 2009-08-04 14:20 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-10-19 00:45 . 2009-08-04 15:13 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-10-15 20:59 . 2009-10-15 20:59 -------- d-----w- c:\documents and settings\Guest\Application Data\U3
2009-10-12 20:20 . 2009-10-12 20:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-11 03:43 . 2009-10-11 03:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 04:04 . 2008-05-13 04:20 -------- d-----w- c:\documents and settings\temp\Application Data\uTorrent
2009-11-06 20:18 . 2008-06-11 03:30 20528 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-03 20:49 . 2009-07-22 21:11 1 ----a-w- c:\documents and settings\temp\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-03 19:37 . 2009-07-22 20:57 -------- d-----w- c:\program files\OpenOffice.org 3
2009-11-01 07:24 . 2008-10-22 02:16 445 ----a-w- c:\windows\EntPack.dat
2009-10-31 10:10 . 2008-04-19 18:11 -------- d-----w- c:\documents and settings\temp\Application Data\Apple Computer
2009-10-31 08:04 . 2008-04-17 05:14 -------- d-----w- c:\program files\Viewpoint
2009-10-31 08:04 . 2008-04-17 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-31 08:01 . 2008-04-17 05:14 -------- d-----w- c:\program files\AIM
2009-10-30 21:22 . 2008-02-03 02:56 -------- d-----w- c:\program files\Java
2009-10-30 21:16 . 2009-02-08 05:39 152576 ----a-w- c:\documents and settings\temp\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-10-30 21:10 . 2008-02-29 06:40 -------- d-----w- c:\program files\LimeWire
2009-10-30 06:12 . 2008-06-11 03:30 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2009-10-29 23:28 . 2009-06-19 13:06 -------- d-----w- c:\program files\AVG
2009-10-29 23:27 . 2009-06-19 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-25 06:24 . 2008-04-13 04:54 -------- d-----w- c:\program files\Common Files\Apple
2009-10-24 21:04 . 2009-04-15 21:44 -------- d-----w- c:\program files\Angle Interactive
2009-10-23 22:19 . 2008-03-16 03:35 -------- d-----w- c:\documents and settings\Kenny\Application Data\LimeWire
2009-10-20 07:45 . 2008-11-23 03:59 -------- d-----w- c:\program files\ffdshow
2009-10-20 03:38 . 2009-09-26 04:39 1 ----a-w- c:\documents and settings\Guest\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-10-19 03:37 . 2008-01-29 13:05 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-10-15 02:00 . 2009-08-16 17:47 1 ----a-w- c:\documents and settings\Kenny\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-10-14 14:48 . 2009-09-26 05:52 -------- d-----w- c:\documents and settings\temp\Application Data\FrostWire
2009-10-12 02:12 . 2009-09-20 23:19 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-11 03:34 . 2009-09-05 01:00 -------- d-----w- c:\documents and settings\temp\Application Data\Skype
2009-10-11 03:34 . 2009-09-05 01:04 -------- d-----w- c:\documents and settings\temp\Application Data\skypePM
2009-10-11 03:33 . 2008-03-23 01:08 -------- d-----w- c:\documents and settings\temp\Application Data\LimeWire
2009-10-08 13:51 . 2009-10-04 16:53 -------- d-sh--w- c:\documents and settings\Guest\Application Data\lowsec
2009-10-04 19:28 . 2008-04-14 20:33 -------- d-----w- c:\documents and settings\Kenny\Application Data\Apple Computer
2009-10-04 05:50 . 2009-10-04 05:34 -------- d-----w- c:\program files\Phantasy Star Online Blue Burst
2009-10-02 04:52 . 2009-10-02 04:51 -------- d-----w- c:\program files\Common Files\Real
2009-10-02 04:51 . 2009-10-02 04:51 -------- d-----w- c:\program files\Common Files\xing shared
2009-10-02 04:51 . 2008-02-01 20:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-02 04:51 . 2009-10-02 04:51 -------- d-----w- c:\program files\Real
2009-09-26 06:23 . 2009-09-26 06:23 0 ----a-w- c:\documents and settings\temp\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2009-09-11 14:18 . 2009-09-11 14:18 136192 ----a-w- c:\windows\system32\SET3D9.tmp
2009-09-10 04:49 . 2009-09-10 04:09 -------- d-----w- c:\documents and settings\Kenny\Application Data\Skype
2009-09-10 04:10 . 2009-09-10 04:10 19896 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-09 23:14 . 2008-03-04 23:46 20528 ----a-w- c:\documents and settings\Kenny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-08 15:12 . 2009-07-15 05:02 -------- d-----w- c:\program files\Safari
2009-09-06 03:45 . 2007-11-21 14:05 20528 ----a-w- c:\documents and settings\temp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-05 04:26 . 2009-09-05 04:26 0 ----a-w- c:\documents and settings\Arick\Application Data\LimeWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2009-09-05 04:21 . 2008-05-28 01:11 20528 ----a-w- c:\documents and settings\Arick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-05 01:04 . 2009-09-05 01:04 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-04 21:03 . 2009-09-04 21:03 58880 ----a-w- c:\windows\system32\SET3ED.tmp
2009-08-29 08:08 . 2009-10-14 07:35 916480 ----a-w- c:\windows\system32\SET3FF.tmp
2009-08-29 08:08 . 2009-10-14 07:35 1208832 ----a-w- c:\windows\system32\SET400.tmp
2009-08-29 08:08 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-29 08:08 . 2009-10-14 07:35 5940224 ----a-w- c:\windows\system32\SET402.tmp
2009-08-29 08:08 . 2009-10-14 07:35 594432 ----a-w- c:\windows\system32\SET404.tmp
2009-08-29 08:08 . 2009-10-14 07:35 55296 ----a-w- c:\windows\system32\SET403.tmp
2009-08-29 08:08 . 2009-10-14 07:35 1985536 ----a-w- c:\windows\system32\SET407.tmp
2009-08-29 08:08 . 2009-10-14 07:35 11069440 ----a-w- c:\windows\system32\SET409.tmp
2009-08-29 02:42 . 2009-07-15 04:39 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-29 02:42 . 2008-04-13 04:54 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 04:33 . 2009-08-20 04:33 152576 ----a-w- c:\documents and settings\Arick\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-03_21.24.19 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-26 49968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-02 198160]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"2wSysTray"="c:\program files\2Wire\2PortalMon.exe" [2004-05-25 393216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-30 2023704]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-31 1622016]
c:\documents and settings\temp\Start Menu\Programs\Startup\
Mozilla Firefox (2).lnk - c:\program files\Mozilla Firefox\firefox.exe [2008-1-30 908280]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-1-29 614400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 13:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Kenny^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\Kenny\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Kenny^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Kenny\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^temp^Start Menu^Programs^Startup^ESPN BottomLine.lnk]
path=c:\documents and settings\temp\Start Menu\Programs\Startup\ESPN BottomLine.lnk
backup=c:\windows\pss\ESPN BottomLine.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^temp^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\temp\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^temp^Start Menu^Programs^Startup^Yahoo! Messenger (2).lnk]
path=c:\documents and settings\temp\Start Menu\Programs\Startup\Yahoo! Messenger (2).lnk
backup=c:\windows\pss\Yahoo! Messenger (2).lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/31/2009 3:04 AM 24652]
S3 phil2vid;Philips USB VGA Camera;c:\windows\system32\drivers\philcam2.sys [1/29/2008 11:34 AM 173696]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder
2009-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2008-05-16 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4201706787.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-10 01:56]
2008-05-16 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4201707429.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-10 01:56]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://yahoo.sbc.com/dsluSearchMigratedDefaultURL =
hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext =
hxxp://www.yahoo.com/uSearchURL,(Default) =
hxxp://www.google.com/keyword/%s
IE: &Search
FF - ProfilePath - c:\documents and settings\temp\Application Data\Mozilla\Firefox\Profiles\np858xja.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-06 23:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-11-07 23:11
ComboFix-quarantined-files.txt 2009-11-07 04:11
ComboFix2.txt 2009-11-03 21:25
Pre-Run: 173,462,208,512 bytes free
Post-Run: 173,427,552,256 bytes free
- - End Of File - - 9E4FECB0769765D03B50CE5B42DF18D5
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:05 PM, on 11/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://yahoo.sbc.com/dslR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.yahoo.com/R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US
ee://aol/imAppO4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Mozilla Firefox (2).lnk = C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 5981 bytes