Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:53 PM, on 5/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe
C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE
C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Pantone\huey\hueyTray.exe
C:\Program Files\Texter\texter.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Louie\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}] "C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BMf394b013] Rundll32.exe "C:\WINDOWS\system32\kwqxiclh.dll",s
O4 - HKLM\..\Run: [f0a7838f] rundll32.exe "C:\WINDOWS\system32\nlcdtqwn.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [1&1 EasyLogin] C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Texter.lnk = C:\Program Files\Texter\texter.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: hueyTray.lnk = C:\Program Files\Pantone\huey\hueyTray.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Louie\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.1.99.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148302864395
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cherrytap.com/imgs/ImageUploader4.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacDriveServiceD - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe
O23 - Service: M-Audio USB Installer (MAudioUSBService) - M-Audio - C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 11904 bytes
Thanks againf or the help!
oh... I have a ComboFix log as well:
ComboFix 08-05-15.2 - Louie 2008-05-15 22:08:46.1 - NTFSx86
Running from: C:\Documents and Settings\Louie\Desktop\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cMTCffii.ini
C:\WINDOWS\system32\cMTCffii.ini2
C:\WINDOWS\system32\jkgyocfw.ini
C:\WINDOWS\system32\kpyvjtya.ini
C:\WINDOWS\system32\launcher.exe
C:\WINDOWS\system32\nximgmnk.ini
C:\WINDOWS\system32\osmofgjh.ini
C:\WINDOWS\system32\redirect.dll
C:\WINDOWS\system32\rmdpjcys.ini
C:\WINDOWS\system32\shyojmic.ini
.
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.
2008-05-15 18:53 . 2008-05-15 18:54 116,736 --a------ C:\WINDOWS\system32\hjgfomso.dll
2008-05-15 18:51 . 2008-05-15 18:51 133,120 --a------ C:\WINDOWS\system32\rgfnxbue.dll
2008-05-15 18:41 . 2008-05-15 18:42 125,952 --a------ C:\WINDOWS\system32\xehuvaof.dll
2008-05-14 18:44 . 2008-05-14 18:45 133,120 --a------ C:\WINDOWS\system32\udmnrtic.dll
2008-05-14 18:41 . 2008-05-14 18:42 126,464 --a------ C:\WINDOWS\system32\foityovd.dll
2008-05-13 18:42 . 2008-05-13 18:42 133,632 --a------ C:\WINDOWS\system32\vuksehpv.dll
2008-05-13 18:41 . 2008-05-13 18:42 123,392 --a------ C:\WINDOWS\system32\ginvalay.dll
2008-05-12 23:49 . 2008-05-12 23:49 <DIR> d-------- C:\Program Files\mIRC
2008-05-12 23:49 . 2008-05-14 00:23 <DIR> d-------- C:\Documents and Settings\Louie\Application Data\mIRC
2008-05-12 18:41 . 2008-05-12 18:42 132,096 --a------ C:\WINDOWS\system32\wbmlkhsj.dll
2008-05-12 18:39 . 2008-05-12 18:39 125,952 --a------ C:\WINDOWS\system32\jbfyfntc.dll
2008-05-12 06:54 . 2008-05-12 07:40 <DIR> d-------- C:\Documents and Settings\Louie\.housecall6.6
2008-05-12 05:44 . 2008-05-12 05:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-11 17:21 . 2008-05-11 17:21 133,120 --a------ C:\WINDOWS\system32\cixhtfot.dll
2008-05-11 17:15 . 2008-05-11 17:15 2,048 --a------ C:\WINDOWS\system32\ovcukdel.exe
2008-05-11 17:13 . 2008-05-11 17:13 126,976 --a------ C:\WINDOWS\system32\nyaygbew.dll
2008-05-10 17:21 . 2008-05-10 17:21 134,656 --a------ C:\WINDOWS\system32\vohbnfyg.dll
2008-05-10 17:15 . 2008-05-10 17:15 2,048 --a------ C:\WINDOWS\system32\vxasvyfq.exe
2008-05-10 17:12 . 2008-05-10 17:12 125,440 --a------ C:\WINDOWS\system32\evktyrpl.dll
2008-05-10 17:12 . 2008-05-15 22:36 109,807 --a------ C:\WINDOWS\BMf394b013.xml
2008-05-10 05:06 . 2008-05-10 05:06 372,736 --a------ C:\WINDOWS\system32\iiffCTMc.dll
2008-05-10 05:01 . 2008-05-10 06:02 <DIR> d-------- C:\Program Files\FriendBlasterPro
2008-05-10 05:01 . 2005-07-15 12:49 245,760 --a------ C:\WINDOWS\system32\aUpdateNow.ocx
2008-05-10 05:01 . 2004-03-08 18:00 132,880 --a------ C:\WINDOWS\system32\msinet.ocx
2008-05-10 05:01 . 2000-07-15 00:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-05-10 05:00 . 2008-05-10 05:00 59,904 --a------ C:\WINDOWS\system32\fccDuSIc.dll
2008-05-02 23:23 . 2008-05-02 23:23 <DIR> d-------- C:\Program Files\Chronotron Inc
2008-04-28 03:21 . 2008-04-28 03:21 <DIR> d-------- C:\Program Files\twhirl
2008-04-24 23:15 . 2008-04-24 23:15 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-04-24 23:14 . 2008-04-24 23:15 <DIR> d-------- C:\Documents and Settings\Louie\Application Data\SystemRequirementsLab
2008-04-22 17:42 . 2008-04-22 17:42 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-04-22 17:41 . 2008-04-23 03:13 <DIR> d-------- C:\Program Files\Airport Mania
2008-04-21 20:19 . 2008-04-21 20:20 99 --a------ C:\WINDOWS\galaxy.ini
2008-04-21 20:17 . 2008-04-21 21:17 <DIR> d-------- C:\Alien Arena 2008
2008-04-21 04:30 . 2008-04-21 04:41 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-04-21 04:30 . 2008-04-21 04:30 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-21 04:30 . 2008-04-21 04:41 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-21 04:14 . 2008-04-21 04:29 <DIR> d-------- C:\Program Files\WarRock
2008-04-21 04:11 . 2008-04-21 04:11 <DIR> d-------- C:\Nexon
2008-04-21 04:11 . 2008-04-21 04:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NexonUS
2008-04-20 18:29 . 2008-04-20 18:29 <DIR> d-------- C:\Logs
2008-04-19 17:11 . 2008-04-19 17:12 <DIR> d-------- C:\Program Files\Texter
2008-04-17 19:14 . 2008-04-17 19:14 <DIR> d-------- C:\Program Files\iTunes
2008-04-17 19:14 . 2008-04-17 19:14 <DIR> d-------- C:\Program Files\iPod
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 05:29 --------- d-----w C:\Documents and Settings\Louie\Application Data\DNA
2008-05-15 04:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-14 06:01 --------- d-----w C:\Program Files\Flickr Uploadr
2008-05-14 05:23 --------- d-----w C:\Documents and Settings\Louie\Application Data\FileZilla
2008-05-12 13:21 --------- d-----w C:\Program Files\DittoSideBar
2008-05-12 12:45 --------- d-----w C:\Program Files\Lavasoft
2008-05-12 12:45 --------- d-----w C:\Documents and Settings\Louie\Application Data\Lavasoft
2008-05-12 12:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-12 12:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-05-12 01:21 --------- d-----w C:\Program Files\UOGateway
2008-05-10 13:15 --------- d-----w C:\Documents and Settings\Louie\Application Data\BitTorrent
2008-05-09 11:24 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-05-06 23:40 --------- d-----w C:\Documents and Settings\Louie\Application Data\OpenOffice.org2
2008-05-03 08:42 --------- d-----w C:\Documents and Settings\Louie\Application Data\Digidesign
2008-04-28 05:21 --------- d-----w C:\Program Files\Java
2008-04-28 05:19 --------- d-----w C:\Documents and Settings\Louie\Application Data\U3
2008-04-22 03:00 --------- d-----w C:\Documents and Settings\Louie\Application Data\IGN_DLM
2008-04-21 11:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 01:38 --------- d-----w C:\Program Files\World of Warcraft
2008-04-18 02:12 --------- d-----w C:\Program Files\QuickTime
2008-04-18 02:02 --------- d-----w C:\Program Files\Safari
2008-04-18 01:59 --------- d-----w C:\Program Files\Apple Software Update
2008-04-10 00:45 --------- d-----w C:\Documents and Settings\Louie\Application Data\SecondLife
2008-04-10 00:44 --------- d-----w C:\Program Files\LightZone
2008-04-10 00:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-04-10 00:28 --------- d-----w C:\Documents and Settings\Louie\Application Data\Tunebite
2008-04-10 00:15 --------- d-----w C:\Program Files\PixiePack Codec Pack
2008-04-10 00:12 --------- d-----w C:\Program Files\RapidSolution
2008-04-08 02:32 --------- d-----w C:\Program Files\1&1
2008-04-08 02:32 --------- d-----w C:\Documents and Settings\Louie\Application Data\1&1
2008-04-05 09:57 --------- d-----w C:\Documents and Settings\Louie\Application Data\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
2008-04-05 09:56 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-03-30 22:43 --------- d-----w C:\Program Files\Seagate
2008-03-27 23:48 --------- d-----w C:\Documents and Settings\Louie\Application Data\Notepad++
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-21 00:32 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 00:53 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3
2008-03-16 01:00 --------- d-----w C:\Program Files\OGPlanet
2008-03-04 04:01 830,464 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-04 04:01 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-03-04 04:01 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-03-04 04:01 142,848 ------w C:\WINDOWS\system32\IESetting.dll
2008-03-04 03:53 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2008-03-04 03:52 41,984 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-03-04 03:52 17,920 ----a-w C:\WINDOWS\system32\corpol.dll
2008-03-04 03:51 69,120 ----a-w C:\WINDOWS\system32\iesetup.dll
2008-03-04 03:51 69,120 ----a-w C:\WINDOWS\system32\admparse.dll
2008-03-04 03:50 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-03-04 03:50 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-03-04 03:50 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2006-05-09 02:19 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2005-10-26 19:48 777 ----a-w C:\Program Files\trial_setup.ini
2005-10-26 19:48 5,126,656 ----a-w C:\Program Files\trial_setup.msi
2005-10-26 19:48 40,448 ----a-w C:\Program Files\trial_setup.exe
2007-01-23 22:07 1,847,296 ----a-w C:\Program Files\mozilla firefox\plugins\Seadragon.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bd923292-ab65-42f6-adce-322be76bd17f}]
2008-05-15 18:51 133120 --a------ C:\WINDOWS\system32\rgfnxbue.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1B2B165-FBF2-4EB3-98FF-9CF5506062B5}]
2008-05-10 05:00 59904 --a------ C:\WINDOWS\system32\fccDuSIc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6172A49-BCC8-4E7E-907D-5C8217811C61}]
2008-05-10 05:06 372736 --a------ C:\WINDOWS\system32\iiffCTMc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFE7A36D-DF08-490D-B223-C94CDBB544C1}]
2008-05-15 22:40 370176 --a------ C:\WINDOWS\system32\urqNDUlK.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{FD8348AB-D74A-4C76-B2FE-926FF6D7CC40}]
@=MacDrive Volume Icons
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-29 09:22 68856]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-07 15:22 289088]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\dlm.exe" [2007-03-05 13:57 1103480]
"1&1 EasyLogin"="C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe" [2008-02-27 09:55 1540096]
"Tunebite"="C:\Program Files\RapidSolution\Tunebite\Tunebite.exe" [ ]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-11-06 20:51 3810544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-03-09 15:29 7561216]
"nwiz"="nwiz.exe" [2006-03-09 15:29 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-03-09 15:29 86016]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-27 22:20 579584]
"LWBMOUSE"="C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE" [2001-11-08 23:47 356352]
"LWBKEYBOARD"="C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe" [2004-05-26 19:37 392704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"M-Audio Taskbar Icon"="C:\WINDOWS\System32\M-AudioTaskBarIcon.exe" [2005-12-13 10:39 91136]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-03-14 17:03 24104]
"{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}"="C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe" [2007-04-18 13:27 159744]
"DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 00:35 77824]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"BMf394b013"="C:\WINDOWS\system32\kwqxiclh.dll" [2008-05-15 22:43 125952]
"f0a7838f"="C:\WINDOWS\system32\nlcdtqwn.dll" [2008-05-15 22:46 116736]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-30 17:13 219136]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 13:32 8699904]
C:\Documents and Settings\Louie\Start Menu\Programs\Startup\
Texter.lnk - C:\Program Files\Texter\texter.exe [2007-11-06 16:20:14 377303]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2007-05-06 13:54:40 295606]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
hueyTray.lnk - C:\Program Files\Pantone\huey\hueyTray.exe [2006-07-17 22:20:16 901120]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{F1B2B165-FBF2-4EB3-98FF-9CF5506062B5}"= C:\WINDOWS\system32\fccDuSIc.dll [2008-05-10 05:00 59904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccDuSIc]
fccDuSIc.dll 2008-05-10 05:00 59904 C:\WINDOWS\system32\fccDuSIc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave7"= Digi32.dll
"MIDI4"= diomidi.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\urqNDUlK
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Louie^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\Louie\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 23:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
-ra------ 2007-06-26 17:58 61440 C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-02-28 23:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 16:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-05-29 01:07 1831936 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 14:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-08-20 15:55 155648 C:\WINDOWS\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2007-03-05 13:57 1103480 C:\Program Files\IGN\Download Manager\DLM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 09:24 1694208 C:\Program Files\Messenger\MSMSGS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2008-02-01 13:32 8699904 C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-10-23 14:18 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-04-09 05:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-03-29 09:22 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-11-06 20:51 3810544 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLTRYSVC"=2 (0x2)
"KodakCCS"=3 (0x3)
"iPod Service"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)
"gusvc"=2 (0x2)
"Adobe Version Cue CS3"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Program Files\\Trillian Pro\\trillian.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Soldier of Fortune II - Double Helix GOLD\\SoF2MP.exe"=
"C:\\Program Files\\Chami\\HTML-Kit\\Bin\\HTMLKit.exe"=
"C:\\Program Files\\webcamXP\\webcamXP.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.10.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"=
"C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"C:\\Program Files\\Softnyx\\Gunbound\\Gunbound Revolution\\GunBound.gme"=
"C:\\Program Files\\EA Games\\Ultima Online Gold\\client.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\temptrill\\trillian.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"C:\\Program Files\\Risk II\\RiskII.RWG"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program Files\\Microsoft Xbox Music Mixer PC Tool\\XboxMusicMixerTool.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"=
"C:\\Program Files\\OGPlanet\\BB Tanks\\game.exe"=
"C:\\Program Files\\AeriaGames\\ProjectTorque\\ProjectTorque.bin"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17015:TCP"= 17015:TCP:BitComet 17015 TCP
"17015:UDP"= 17015:UDP:BitComet 17015 UDP
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys [2006-12-08 22:50]
R0 MDFSYSNT;MacDrive file system driver;C:\WINDOWS\system32\drivers\MDFSYSNT.sys [2007-04-18 16:33]
R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys [2007-02-28 11:15]
R2 BT848;Conexant's BtPCI WDM Video Capture;C:\WINDOWS\system32\DRIVERS\BT848.sys [2006-05-23 01:30]
R2 MacDriveServiceD;MacDriveServiceD;"C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe" [2007-04-18 11:58]
R2 MAudioUSBService;M-Audio USB Installer;C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe [2005-12-02 09:20]
R3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);C:\WINDOWS\system32\DRIVERS\mausb.sys [2005-12-13 10:39]
S3 XDva037;XDva037;C:\WINDOWS\system32\XDva037.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47a4c094-82ff-11db-9a0b-000f661e22dc}]
\Shell\AutoRun\command - H:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-05-11 00:05:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 22:33:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\fccDuSIc.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nlcdtqwn.dll
-> C:\WINDOWS\system32\kwqxiclh.dll
-> C:\WINDOWS\system32\urqNDUlK.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Zune\ZuneNss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-05-15 22:55:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-16 05:54:14
Pre-Run: 19,459,739,648 bytes free
Post-Run: 21,678,489,600 bytes free
393 --- E O F --- 2008-05-14 13:04:25
