It seems so far that the pop-ups have stopped.
ComboFix log:
ComboFix 09-10-30.01 - Daniel 10/31/2009 22:07.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.391 [GMT -4:00]
Running from: c:\documents and settings\Daniel\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Daniel\LOCALS~1\Temp\7.tmp
c:\documents and settings\Daniel\Application Data\0200000048b6ceb2691C.manifest
c:\documents and settings\Daniel\Application Data\0200000048b6ceb2691O.manifest
c:\documents and settings\Daniel\Application Data\0200000048b6ceb2691P.manifest
c:\documents and settings\Daniel\Application Data\0200000048b6ceb2691S.manifest
c:\documents and settings\Daniel\Application Data\alot
c:\documents and settings\Daniel\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Daniel\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Daniel\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\Daniel\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\Daniel\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\Daniel\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\Daniel\Application Data\alot\Button_10\Button_10.xml
c:\documents and settings\Daniel\Application Data\alot\Button_10\Button_10.xml.backup
c:\documents and settings\Daniel\Application Data\alot\Button_11\Button_11.xml
c:\documents and settings\Daniel\Application Data\alot\Button_11\Button_11.xml.backup
c:\documents and settings\Daniel\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\Daniel\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\Daniel\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\Daniel\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\Daniel\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\Daniel\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\Daniel\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\Daniel\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\Daniel\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\Daniel\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\Daniel\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\Daniel\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\Daniel\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\Daniel\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\Daniel\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\Daniel\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\Daniel\Application Data\alot\configurator\configurator.xml
c:\documents and settings\Daniel\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\Daniel\Application Data\alot\ErrorSearch\ErrorSearch.xml
c:\documents and settings\Daniel\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
c:\documents and settings\Daniel\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\Daniel\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\Daniel\Application Data\alot\products\products.xml
c:\documents and settings\Daniel\Application Data\alot\products\products.xml.backup
c:\documents and settings\Daniel\Application Data\alot\Resources\Button_0\images\alot_icon_35x16.bmp
c:\documents and settings\Daniel\Application Data\alot\Resources\Button_1\images\alot_search_24x16.bmp
c:\documents and settings\Daniel\Application Data\alot\Resources\Button_2\domains.dat
c:\documents and settings\Daniel\Application Data\alot\Resources\Button_2\images\default_282_alot_map_widget_default.bmp
c:\documents and settings\Daniel\Application Data\alot\Resources\Button_3\images\default_244_alot_maps_tools.bmp
c:\documents and settings\Daniel\Application Data\alot\Resources\Button_4\domains.dat
c:\documents and settings\Daniel\Application Data\alot\Resources\Button_4\images\alert-icon.bmp
c:\documents and settings\Daniel\Application Data\alot\Resources\Button_4\images\clear.bmp
c:\documents and settings\Daniel\Application Data\alot\Resources\Button_4\images\cloudy.bmp
c:\documents and settings\Daniel\Application Data\alot\Resources\Button_4\images\default_283_alot_maps_weather.bmp
c:\documents and settings\Daniel\Application Data\alot\Resources\Button_4\images\mcloud.bmp
c:\documents and settings\Daniel\Application Data\alot\Resources\Button_4\images\nclear.bmp
c:\documents and settings\Daniel\Application Data\alot\Resources\Button_4\images\ncloudy.bmp
c:\documents and settings\Daniel\Application Data\alot\Resources\Button_4\images\nmcloud.bmp
c:\documents and settings\Daniel\Application Data\alot\Resources\Button_4\images\npcloud.bmp
c:\documents and settings\Daniel\Application Data\alot\Resources\Button_4\images\pcloud.bmp
c:\documents and settings\Daniel\Application Data\alot\Resources\Button_4\images\rain.bmp
c:\documents and settings\Daniel\Application Data\alot\Resources\Button_5\images\default_225_alot_maps_mrkt_maps.bmp
c:\documents and settings\Daniel\Application Data\alot\Resources\Button_5\images\default_225_alot_mrkt_travel_guides.bmp
c:\documents and settings\Daniel\Application Data\alot\Resources\Button_6\images\default_524_alot_mrkt_bang.bmp
c:\documents and settings\Daniel\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\Daniel\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\Daniel\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\Daniel\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\Daniel\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\Daniel\Application Data\alot\Resources\Shared\images\widget_btnmin0.bmp
c:\documents and settings\Daniel\Application Data\alot\Resources\Shared\images\widget_btnmin1.bmp
c:\documents and settings\Daniel\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\Daniel\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\Daniel\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\Daniel\Application Data\alot\toolbar.xml
c:\documents and settings\Daniel\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\Daniel\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\documents and settings\Daniel\Application Data\alot\Updater\Updater.xml
c:\documents and settings\Daniel\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\Daniel\Local Settings\Temp\7.tmp
c:\program files\alot
c:\program files\alot\alotUninst.exe
c:\recycler\NPROTECT
c:\windows\system32\__c00F4ABE.dat
c:\windows\system32\DMUSIC32.DLL
c:\windows\system32\encapi32.dll
.
((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))))
.
2009-11-01 01:59 . 2009-11-01 01:59 202240 ----a-w- c:\windows\system32\drmclien32.dll
2009-10-31 18:29 . 2009-10-31 18:29 202240 ----a-w- c:\windows\system32\comres32.dll
2009-10-30 00:04 . 2009-10-30 00:04 202240 ----a-w- c:\windows\system32\DKablmpm32.dll
2009-10-29 23:20 . 2009-10-29 23:20 202240 ----a-w- c:\windows\system32\dot3dlg32.dll
2009-10-29 23:10 . 2009-10-29 23:10 202240 ----a-w- c:\windows\system32\d3dim70032.dll
2009-10-29 23:03 . 2009-10-29 23:03 -------- d-----w- c:\program files\Trend Micro
2009-10-29 04:15 . 2009-10-29 04:15 202240 ----a-w- c:\windows\system32\c_g1803032.dll
2009-10-29 01:52 . 2009-10-29 01:52 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-10-29 01:52 . 2009-10-29 02:22 -------- d-----w- c:\documents and settings\Daniel\Application Data\Spyware Terminator
2009-10-29 01:52 . 2009-10-29 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-10-29 01:52 . 2009-10-29 02:15 -------- d-----w- c:\program files\Spyware Terminator
2009-10-28 03:39 . 2009-10-28 03:39 28706 ----a-w- c:\windows\ssrun4133.exe
2009-10-28 03:38 . 2009-10-28 03:39 80978 ----a-w- c:\windows\hvccb7674.exe
2009-10-28 03:37 . 2009-10-28 03:38 51939 ----a-w- c:\windows\kitf76802.exe
2009-10-28 03:37 . 2009-10-28 03:38 49035 ----a-w- c:\windows\fomx7881.exe
2009-10-28 03:36 . 2009-10-28 03:36 12735 ----a-w- c:\windows\awrim45212.exe
2009-10-28 03:30 . 2009-10-28 03:30 121344 ----a-w- c:\windows\system32\cryptext32.dll
2009-10-27 23:56 . 2009-10-27 23:56 -------- d-----w- c:\program files\wings3d_1.0.2
2009-10-26 04:11 . 2009-10-26 04:11 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
2009-10-24 23:31 . 2009-10-28 04:30 -------- d-----w- c:\documents and settings\Daniel\Shared
2009-10-24 23:31 . 2009-10-28 03:32 -------- d-----w- c:\documents and settings\Daniel\Application Data\FrostWire
2009-10-24 23:31 . 2009-10-24 23:31 -------- d-----w- c:\program files\FrostWire
2009-10-24 22:25 . 2009-10-24 22:26 -------- d-----w- c:\program files\Microsoft Virtual PC
2009-10-24 22:15 . 2009-10-24 22:15 -------- d-----w- c:\documents and settings\Daniel\Local Settings\Application Data\DOSBox
2009-10-12 21:58 . 2009-10-12 22:00 -------- d-----w- c:\program files\OgreSDK
2009-10-12 20:39 . 2009-10-12 20:39 -------- d-----w- c:\program files\Solstar Games
2009-10-09 00:44 . 2009-10-09 00:44 -------- d-----w- c:\documents and settings\Daniel\Application Data\Malwarebytes
2009-10-09 00:44 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-09 00:44 . 2009-10-09 00:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-09 00:44 . 2009-10-09 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-09 00:44 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-01 02:25 . 2009-11-01 02:25 522240 --sha-w- c:\windows\system32\4.tmp
2009-11-01 02:23 . 2009-05-03 17:49 -------- d-----w- c:\program files\DNA
2009-11-01 02:23 . 2009-05-03 17:49 -------- d-----w- c:\documents and settings\Daniel\Application Data\DNA
2009-11-01 02:23 . 2008-04-12 16:07 -------- d-----w- c:\program files\lg_fwupdate
2009-11-01 02:23 . 2009-04-01 02:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-31 18:21 . 2008-06-03 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-10-29 22:58 . 2007-11-29 03:43 -------- d-----w- c:\program files\YPOPs
2009-10-27 22:54 . 2009-04-01 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-21 00:16 . 2007-11-28 23:00 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-10-20 22:36 . 2008-03-02 00:42 1890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-10-11 18:32 . 2008-04-06 20:51 -------- d-----w- c:\program files\Cheat Engine 5.4
2009-09-29 16:45 . 2008-02-17 01:24 -------- d-----w- c:\documents and settings\Daniel\Application Data\CyberLink
2009-09-29 15:58 . 2008-06-03 16:59 -------- d-----w- c:\program files\Free FLV Converter
2009-09-29 15:53 . 2008-01-06 00:53 -------- d-----w- c:\program files\Logitech
2009-09-18 03:38 . 2009-01-12 01:04 -------- d-----w- c:\program files\Walmart MP3 Music Downloads
2009-09-17 02:26 . 2009-09-17 02:26 -------- d-----w- c:\program files\Steinberg
2009-09-17 02:25 . 2009-09-17 02:25 -------- d-----w- c:\program files\Peavey Electronics
2009-09-11 14:18 . 2004-08-03 23:56 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 22:50 . 2007-11-24 18:02 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 04:14 . 2009-09-10 04:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-09-10 04:14 . 2009-09-10 04:14 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-09-04 21:03 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-08-03 23:56 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-03 23:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-03 23:56 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-08-03 23:56 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-19 02:47 . 2007-11-23 23:49 198256 ----a-w- c:\documents and settings\Daniel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 23:04 . 2008-01-06 00:57 56 --sh--r- c:\windows\system32\9EF8F35DD3.sys
2009-08-10 23:04 . 2008-01-06 00:57 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-06 23:24 . 2007-11-23 21:49 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2007-11-23 21:49 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2007-11-23 21:49 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2007-07-31 00:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2007-11-23 21:49 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-03 23:56 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2007-11-23 21:49 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2007-12-03 23:24 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2007-11-23 21:49 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 23:23 . 2007-07-31 00:18 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01 . 2004-08-03 23:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2004-08-03 22:18 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 21:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2004-10-01 19:00 . 2008-02-17 01:10 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2009-04-01 02:47 . 2009-04-01 22:24 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01BC6F84-DDE8-43AF-92C0-38E39E5DD0Db}]
2009-11-01 01:59 202240 ----a-w- c:\windows\system32\drmclien32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DKab1err"="c:\program files\Dell\Printer Software\DKab1err.exe" [2006-10-21 521112]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-06 323392]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-10-29 3055616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ULiRaid"="c:\program files\ULI5287\ULiRaid.exe" [2005-02-15 401408]
"Launch Ai Booster"="c:\program files\ASUS\Ai Booster\OverClk.exe" [2004-11-11 3501056]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2005-04-12 229376]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-29 233472]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-29 131072]
"SaiVolume"="c:\program files\Saitek\SD6\Software\SaiVolume.exe" [2007-10-29 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-08-12 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-02 77824]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\14d7f624691]
2009-10-28 03:30 121344 ----a-w- c:\windows\system32\cryptext32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"=xgusb.cpl
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Daniel^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Daniel\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Daniel^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\documents and settings\Daniel\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_10\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_10\\jre\\bin\\java.exe"=
"c:\\Program Files\\NetBeans 6.0\\mobility8\\WTK2.5.2\\bin\\emulator.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\program files\Gameforge4D\AirRivals\Launcher.atm"= c:\program files\Gameforge4D\AirRivals\Launcher.atm:Enabled:GameExe2
"c:\program files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe"= c:\program files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe:Enabled:GameVoIP
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BYOND\\bin\\byond.exe"=
"c:\\Program Files\\BYOND\\bin\\dreamseeker.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\WINDOWS\\system32\\DKabcoms.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Abyss Web Server\\abyssws.exe"=
"c:\\Program Files\\Ascaron Entertainment\\Sacred\\Sacred.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Qualcomm\\Brew MP 1.0 SDK Rev 4.3\\tools\\application\\AppCreator\\appcreator.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [11/23/2007 11:23 AM 85888]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [10/28/2009 9:52 PM 142592]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [6/13/2009 5:29 PM 78848]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 3:37 PM 149352]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/25/2007 11:42 PM 24652]
R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888]
R3 dkab_device;dkab_device;c:\windows\system32\DKabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/29/2009 12:00 AM 102448]
R3 SaiH0728;SaiH0728;c:\windows\system32\drivers\SaiH0728.sys [4/1/2009 9:31 PM 136448]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [3/7/2009 7:48 PM 99248]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCCFLTR.SYS [1/5/2008 8:53 PM 14092]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [11/29/2007 11:07 PM 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [11/29/2007 11:07 PM 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [11/29/2007 11:07 PM 60816]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [12/1/2007 1:44 PM 7548]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - COMHOST
*NewlyCreated* - MBR
*NewlyCreated* - SCSIPORT_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - SCSIPORT_2
.
Contents of the 'Scheduled Tasks' folder
2009-06-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-11-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-03 23:58]
2009-11-01 c:\windows\Tasks\WindowsLicence.job
- c:\downloads\WindowsLicense\WindowsLicence.reg [2009-05-26 03:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = localhost;*.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Compare Prices with &Dealio - c:\documents and settings\Daniel\Application Data\Dealio\kb127\res\DealioSearch.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
.
- - - - ORPHANS REMOVED - - - -
AddRemove-alotToolbar - c:\program files\alot\alotUninst.exe
AddRemove-Mozilla Firefox (3.5.2) - i:\firefox\uninstall\helper.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-10-31 22:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\GroupPolicy000.dat 1430 bytes
c:\windows\system32\LocalService
scan completed successfully
hidden files: 2
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1172)
c:\windows\System32\cryptext32.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(992)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\System32\cryptext32.dll
c:\windows\system32\4.tmp
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\System32\drmclien32.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Spybot - Search & Destroy\SDHelper.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WgaTray.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lxddcoms.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\DKabcoms.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-11-01 22:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-01 02:35
Pre-Run: 115,641,389,056 bytes free
Post-Run: 115,664,171,008 bytes free
- - End Of File - - 02D2143BFAC250C180084EEF024A8C03
HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:22 PM, on 10/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\ULI5287\ULiRaid.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Saitek\SD6\Software\SaiVolume.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\Printer Software\DKab1err.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\WINDOWS\system32\DKabcoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
http://www.crawler.c...spx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402F96-3DC7-4285-BC50-9E81FEFAFE43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {01BC6F84-DDE8-43AF-92C0-38E39E5DD0Db} - C:\WINDOWS\System32\drmclien32.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULI5287\ULiRaid.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Launch Ai Booster] C:\Program Files\ASUS\Ai Booster\OverClk.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [SaiVolume] C:\Program Files\Saitek\SD6\Software\SaiVolume.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DKab1err] C:\Program Files\Dell\Printer Software\DKab1err.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - Startup: Adobe Media Player.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Daniel\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1196636213906
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) -
http://das.microsoft...tail/DASAct.cab
O20 - Winlogon Notify: 14d7f624691 - C:\WINDOWS\System32\cryptext32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - c:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dkab_device - - C:\WINDOWS\system32\DKabcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 15932 bytes
Edited by Gammastar, 31 October 2009 - 09:08 PM.