Thread: Slow Internet Explorer and Folder Browsing
View Single Post
Old 08-15-2008, 10:42 AM   #4 (permalink)
y2jericho
Registered User
 
Join Date: Aug 2008
Posts: 8
OS: XP SP2


Re: Slow Internet Explorer and Folder Browsing
Hi Ried, Thanks for replying

After running combofix, The same problems as my original post still exist.

Here are the logs for Combo and HiJack.
_____________________________________________

ComboFix 08-08-14.05 - user 2008-08-15 11:08:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.547 [GMT -5:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\VQ6DNAG6\interclick.com
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\VQ6DNAG6\interclick.com\ud.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\user\Cookies\user@2o7[1].txt
C:\Documents and Settings\user\Cookies\user@64.233.167[2].txt
C:\Documents and Settings\user\Cookies\user@72.14.203[2].txt
C:\Documents and Settings\user\Cookies\user@72.14.205[1].txt
C:\Documents and Settings\user\Cookies\user@a.chryslerllc[1].txt
C:\Documents and Settings\user\Cookies\user@a.consumerreports[2].txt
C:\Documents and Settings\user\Cookies\user@a.hasbro[2].txt
C:\Documents and Settings\user\Cookies\user@a.tomshardware[2].txt
C:\Documents and Settings\user\Cookies\user@account.live[2].txt
C:\Documents and Settings\user\Cookies\user@ads.pointroll[1].txt
C:\Documents and Settings\user\Cookies\user@ads.revsci[2].txt
C:\Documents and Settings\user\Cookies\user@adwatcher[2].txt
C:\Documents and Settings\user\Cookies\user@aweber[1].txt
C:\Documents and Settings\user\Cookies\user@bestbuy[3].txt
C:\Documents and Settings\user\Cookies\user@buysell[1].txt
C:\Documents and Settings\user\Cookies\user@ca.ebayrtm[2].txt
C:\Documents and Settings\user\Cookies\user@clicktorrent[1].txt
C:\Documents and Settings\user\Cookies\user@cnet[1].txt
C:\Documents and Settings\user\Cookies\user@co-opworld[1].txt
C:\Documents and Settings\user\Cookies\user@ebay.co[1].txt
C:\Documents and Settings\user\Cookies\user@ebay[1].txt
C:\Documents and Settings\user\Cookies\user@ebay[2].txt
C:\Documents and Settings\user\Cookies\user@ehg.fedex[2].txt
C:\Documents and Settings\user\Cookies\user@eyereturn[1].txt
C:\Documents and Settings\user\Cookies\user@ez-tracks[1].txt
C:\Documents and Settings\user\Cookies\user@eztracks.aavalue[2].txt
C:\Documents and Settings\user\Cookies\user@forum.ncixus[2].txt
C:\Documents and Settings\user\Cookies\user@gamespot[2].txt
C:\Documents and Settings\user\Cookies\user@go[2].txt
C:\Documents and Settings\user\Cookies\user@h.starware[1].txt
C:\Documents and Settings\user\Cookies\user@hypertracker[1].txt
C:\Documents and Settings\user\Cookies\user@ign[1].txt
C:\Documents and Settings\user\Cookies\user@indextools[1].txt
C:\Documents and Settings\user\Cookies\user@insightexpressai[1].txt
C:\Documents and Settings\user\Cookies\user@live[1].txt
C:\Documents and Settings\user\Cookies\user@live[3].txt
C:\Documents and Settings\user\Cookies\user@live[4].txt
C:\Documents and Settings\user\Cookies\user@main.ebayrtm[2].txt
C:\Documents and Settings\user\Cookies\user@metacafe[2].txt
C:\Documents and Settings\user\Cookies\user@msn[1].txt
C:\Documents and Settings\user\Cookies\user@msn[3].txt
C:\Documents and Settings\user\Cookies\user@myspace[2].txt
C:\Documents and Settings\user\Cookies\user@ngd.thesun.co[1].txt
C:\Documents and Settings\user\Cookies\user@nohold[2].txt
C:\Documents and Settings\user\Cookies\user@paypal[1].txt
C:\Documents and Settings\user\Cookies\user@questionmarket[1].txt
C:\Documents and Settings\user\Cookies\user@revsci[1].txt
C:\Documents and Settings\user\Cookies\user@secure.ncixus[2].txt
C:\Documents and Settings\user\Cookies\user@serving-sys[1].txt
C:\Documents and Settings\user\Cookies\user@serving-sys[2].txt
C:\Documents and Settings\user\Cookies\user@signup.live[1].txt
C:\Documents and Settings\user\Cookies\user@sp2.information[2].txt
C:\Documents and Settings\user\Cookies\user@speakeasy[1].txt
C:\Documents and Settings\user\Cookies\user@specificclick[2].txt
C:\Documents and Settings\user\Cookies\user@stat.dealtime[1].txt
C:\Documents and Settings\user\Cookies\user@t.spike[2].txt
C:\Documents and Settings\user\Cookies\user@tornadovideos[2].txt
C:\Documents and Settings\user\Cookies\user@tribalfusion[1].txt
C:\Documents and Settings\user\Cookies\user@tv[1].txt
C:\Documents and Settings\user\Cookies\user@walmart[3].txt
C:\Documents and Settings\user\Cookies\user@ws.yellowpages[1].txt
C:\Documents and Settings\user\Cookies\user@www.datalounge[2].txt
C:\Documents and Settings\user\Cookies\user@www.digitalhome.com[2].txt
C:\Documents and Settings\user\Cookies\user@www.mcssl[2].txt
C:\Documents and Settings\user\Cookies\user@yahoo[1].txt
C:\Documents and Settings\user\Cookies\user@youtube[2].txt
C:\Documents and Settings\user\Cookies\user@zap2it[2].txt
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_004744_.tmp.dll
C:\WINDOWS\system32\_004745_.tmp.dll
C:\WINDOWS\system32\_004746_.tmp.dll
C:\WINDOWS\system32\_004747_.tmp.dll
C:\WINDOWS\system32\_004754_.tmp.dll
C:\WINDOWS\system32\_004755_.tmp.dll
C:\WINDOWS\system32\_004756_.tmp.dll
C:\WINDOWS\system32\_004758_.tmp.dll
C:\WINDOWS\system32\_004759_.tmp.dll
C:\WINDOWS\system32\_004762_.tmp.dll
C:\WINDOWS\system32\_004763_.tmp.dll
C:\WINDOWS\system32\_004764_.tmp.dll
C:\WINDOWS\system32\_004765_.tmp.dll
C:\WINDOWS\system32\_004766_.tmp.dll
C:\WINDOWS\system32\_004767_.tmp.dll
C:\WINDOWS\system32\_004768_.tmp.dll
C:\WINDOWS\system32\_004769_.tmp.dll
C:\WINDOWS\system32\_004770_.tmp.dll
C:\WINDOWS\system32\_004771_.tmp.dll
C:\WINDOWS\system32\_004772_.tmp.dll
C:\WINDOWS\system32\_004773_.tmp.dll
C:\WINDOWS\system32\_004774_.tmp.dll
C:\WINDOWS\system32\_004775_.tmp.dll
C:\WINDOWS\system32\_004776_.tmp.dll
C:\WINDOWS\system32\_004777_.tmp.dll
C:\WINDOWS\system32\_004778_.tmp.dll
C:\WINDOWS\system32\_004779_.tmp.dll
C:\WINDOWS\system32\_004780_.tmp.dll
C:\WINDOWS\system32\_004782_.tmp.dll
C:\WINDOWS\system32\_004783_.tmp.dll
C:\WINDOWS\system32\_004784_.tmp.dll
C:\WINDOWS\system32\_004785_.tmp.dll
C:\WINDOWS\system32\_004786_.tmp.dll
C:\WINDOWS\system32\_004787_.tmp.dll
C:\WINDOWS\system32\_004788_.tmp.dll
C:\WINDOWS\system32\_004789_.tmp.dll
C:\WINDOWS\system32\_004790_.tmp.dll
C:\WINDOWS\system32\_004791_.tmp.dll
C:\WINDOWS\system32\_004792_.tmp.dll
C:\WINDOWS\system32\_004793_.tmp.dll
C:\WINDOWS\system32\_004794_.tmp.dll
C:\WINDOWS\system32\_004795_.tmp.dll
C:\WINDOWS\system32\_004796_.tmp.dll
C:\WINDOWS\system32\_004797_.tmp.dll
C:\WINDOWS\system32\_004798_.tmp.dll
C:\WINDOWS\system32\_004799_.tmp.dll
C:\WINDOWS\system32\_004800_.tmp.dll
C:\WINDOWS\system32\_004802_.tmp.dll
C:\WINDOWS\system32\_004803_.tmp.dll
C:\WINDOWS\system32\_004804_.tmp.dll
C:\WINDOWS\system32\_004805_.tmp.dll
C:\WINDOWS\system32\_004807_.tmp.dll
C:\WINDOWS\system32\_004808_.tmp.dll
C:\WINDOWS\system32\_004809_.tmp.dll
C:\WINDOWS\system32\_004810_.tmp.dll
C:\WINDOWS\system32\_004811_.tmp.dll
C:\WINDOWS\system32\_004812_.tmp.dll
C:\WINDOWS\system32\_004813_.tmp.dll
C:\WINDOWS\system32\_004814_.tmp.dll
C:\WINDOWS\system32\_004815_.tmp.dll
C:\WINDOWS\system32\_004817_.tmp.dll
C:\WINDOWS\system32\_004818_.tmp.dll
C:\WINDOWS\system32\_004819_.tmp.dll
C:\WINDOWS\system32\_004820_.tmp.dll
C:\WINDOWS\system32\_004822_.tmp.dll
C:\WINDOWS\system32\_004824_.tmp.dll
C:\WINDOWS\system32\_004825_.tmp.dll
C:\WINDOWS\system32\_004826_.tmp.dll
C:\WINDOWS\system32\_004827_.tmp.dll
C:\WINDOWS\system32\_004828_.tmp.dll
C:\WINDOWS\system32\_004829_.tmp.dll
C:\WINDOWS\system32\_004830_.tmp.dll
C:\WINDOWS\system32\_004832_.tmp.dll
C:\WINDOWS\system32\_004833_.tmp.dll
C:\WINDOWS\system32\_004834_.tmp.dll
C:\WINDOWS\system32\_004835_.tmp.dll
C:\WINDOWS\system32\_004836_.tmp.dll
C:\WINDOWS\system32\_004837_.tmp.dll
C:\WINDOWS\system32\_004838_.tmp.dll
C:\WINDOWS\system32\_004839_.tmp.dll
C:\WINDOWS\system32\_004841_.tmp.dll
C:\WINDOWS\system32\_004842_.tmp.dll
C:\WINDOWS\system32\_004843_.tmp.dll
C:\WINDOWS\system32\_004844_.tmp.dll
C:\WINDOWS\system32\_004845_.tmp.dll
C:\WINDOWS\system32\_004846_.tmp.dll
C:\WINDOWS\system32\_004847_.tmp.dll
C:\WINDOWS\system32\_004849_.tmp.dll
C:\WINDOWS\system32\_004850_.tmp.dll
C:\WINDOWS\system32\_004851_.tmp.dll
C:\WINDOWS\system32\_004852_.tmp.dll
C:\WINDOWS\system32\_004854_.tmp.dll
C:\WINDOWS\system32\_004856_.tmp.dll
C:\WINDOWS\system32\_004857_.tmp.dll
C:\WINDOWS\system32\_004858_.tmp.dll
C:\WINDOWS\system32\_004859_.tmp.dll
C:\WINDOWS\system32\_004860_.tmp.dll
C:\WINDOWS\system32\_004861_.tmp.dll
C:\WINDOWS\system32\_004862_.tmp.dll
C:\WINDOWS\system32\_004864_.tmp.dll
C:\WINDOWS\system32\_004865_.tmp.dll
C:\WINDOWS\system32\_004866_.tmp.dll
C:\WINDOWS\system32\_004867_.tmp.dll
C:\WINDOWS\system32\_004868_.tmp.dll
C:\WINDOWS\system32\_004869_.tmp.dll
C:\WINDOWS\system32\_004870_.tmp.dll
C:\WINDOWS\system32\_004871_.tmp.dll
C:\WINDOWS\system32\_004873_.tmp.dll
C:\WINDOWS\system32\_004874_.tmp.dll
C:\WINDOWS\system32\_004876_.tmp.dll
C:\WINDOWS\system32\_004878_.tmp.dll
C:\WINDOWS\system32\_004879_.tmp.dll
C:\WINDOWS\system32\_004883_.tmp.dll
C:\WINDOWS\system32\_004884_.tmp.dll
C:\WINDOWS\system32\_004886_.tmp.dll
C:\WINDOWS\system32\_004889_.tmp.dll
C:\WINDOWS\system32\_004891_.tmp.dll
C:\WINDOWS\system32\_004892_.tmp.dll
C:\WINDOWS\system32\_004893_.tmp.dll
C:\WINDOWS\system32\_004894_.tmp.dll
C:\WINDOWS\system32\_004897_.tmp.dll
C:\WINDOWS\system32\_004898_.tmp.dll
C:\WINDOWS\system32\_004899_.tmp.dll
C:\WINDOWS\system32\_004900_.tmp.dll
C:\WINDOWS\system32\_004901_.tmp.dll
C:\WINDOWS\system32\_004906_.tmp.dll
C:\WINDOWS\system32\_004908_.tmp.dll
C:\WINDOWS\system32\_007242_.tmp.dll
C:\WINDOWS\system32\_007243_.tmp.dll
C:\WINDOWS\system32\_007244_.tmp.dll
C:\WINDOWS\system32\_007245_.tmp.dll
C:\WINDOWS\system32\_007252_.tmp.dll
C:\WINDOWS\system32\_007253_.tmp.dll
C:\WINDOWS\system32\_007254_.tmp.dll
C:\WINDOWS\system32\_007255_.tmp.dll
C:\WINDOWS\system32\_007257_.tmp.dll
C:\WINDOWS\system32\_007258_.tmp.dll
C:\WINDOWS\system32\_007261_.tmp.dll
C:\WINDOWS\system32\_007262_.tmp.dll
C:\WINDOWS\system32\_007264_.tmp.dll
C:\WINDOWS\system32\_007265_.tmp.dll
C:\WINDOWS\system32\_007266_.tmp.dll
C:\WINDOWS\system32\_007268_.tmp.dll
C:\WINDOWS\system32\_007271_.tmp.dll
C:\WINDOWS\system32\_007272_.tmp.dll
C:\WINDOWS\system32\_007276_.tmp.dll
C:\WINDOWS\system32\_007277_.tmp.dll
C:\WINDOWS\system32\_007279_.tmp.dll
C:\WINDOWS\system32\_007282_.tmp.dll
C:\WINDOWS\system32\_007284_.tmp.dll
C:\WINDOWS\system32\_007285_.tmp.dll
C:\WINDOWS\system32\_007286_.tmp.dll
C:\WINDOWS\system32\_007287_.tmp.dll
C:\WINDOWS\system32\_007288_.tmp.dll
C:\WINDOWS\system32\_007291_.tmp.dll
C:\WINDOWS\system32\_007292_.tmp.dll
C:\WINDOWS\system32\_007293_.tmp.dll
C:\WINDOWS\system32\_007294_.tmp.dll
C:\WINDOWS\system32\_007295_.tmp.dll
C:\WINDOWS\system32\_007300_.tmp.dll
C:\WINDOWS\system32\_007302_.tmp.dll
C:\WINDOWS\system32\_007303_.tmp.dll
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\userini.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 )))))))))))))))))))))))))))))))
.

2008-08-14 22:10 . 2008-08-14 22:10 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint
2008-08-14 22:09 . 2008-08-14 22:09 <DIR> d-------- C:\Program Files\Microsoft IntelliType Pro
2008-08-14 22:06 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-14 22:06 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-08-14 22:06 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-08-14 22:06 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-08-14 22:06 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-08-14 22:06 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-08-14 22:06 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-08-14 22:06 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-08-13 01:23 . 2008-08-13 01:23 142 --a------ C:\WINDOWS\system32\drivers\pxfsf.dat
2008-08-12 12:34 . 2008-08-12 12:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 12:34 . 2008-07-30 20:15 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-12 12:34 . 2008-07-30 20:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-11 16:15 . 2007-03-29 07:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-08-11 16:15 . 2007-03-29 07:56 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-08-11 16:00 . 2008-08-11 16:00 <DIR> d-------- C:\Documents and Settings\user\Application Data\PrevxCSI
2008-08-11 15:45 . 2008-08-13 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-08-11 15:35 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-08-11 15:34 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-08-11 15:33 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-08-11 15:32 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-08-11 15:31 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-08-11 15:30 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-08-11 15:29 . 2001-08-17 12:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
2008-08-11 15:28 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-08-11 15:27 . 2001-08-17 22:36 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-08-11 15:27 . 2001-09-06 16:54 47,066 --a--c--- C:\WINDOWS\system32\dllcache\ksc.nls
2008-08-11 15:27 . 2001-08-17 22:36 45,568 --a--c--- C:\WINDOWS\system32\dllcache\kdsui.dll
2008-08-11 15:27 . 2001-08-17 22:36 37,376 --a--c--- C:\WINDOWS\system32\dllcache\kousd.dll
2008-08-11 15:27 . 2004-08-03 22:59 34,688 --a--c--- C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2008-08-11 15:27 . 2001-08-17 12:12 26,442 --a--c--- C:\WINDOWS\system32\dllcache\lanepic5.sys
2008-08-11 15:27 . 2001-08-17 12:12 19,016 --a--c--- C:\WINDOWS\system32\dllcache\ktc111.sys
2008-08-11 15:27 . 2001-08-17 22:36 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2008-08-11 15:27 . 2001-08-17 22:36 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2008-08-11 15:24 . 2004-08-04 00:56 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-08-11 15:23 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-08-11 15:22 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-08-11 15:21 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-08-11 15:20 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-08-11 15:19 . 2001-08-17 14:05 314,752 --a--c--- C:\WINDOWS\system32\dllcache\camdro21.sys
2008-08-11 14:16 . 2008-08-12 00:19 <DIR> d-------- C:\Program Files\AutoStreamer
2008-08-11 14:10 . 2001-09-06 16:53 180,770 --a--c--- C:\WINDOWS\system32\dllcache\c_20932.nls
2008-08-11 14:09 . 2001-09-06 16:53 189,986 --a--c--- C:\WINDOWS\system32\dllcache\c_1361.nls
2008-08-11 14:08 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-08-11 14:07 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-08-11 14:06 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-08-11 13:40 . 2008-08-11 13:40 <DIR> d-------- C:\Deckard
2008-08-11 11:19 . 2008-08-11 12:49 <DIR> d-------- C:\Program Files\Panda Security
2008-08-11 00:28 . 2008-08-11 00:28 <DIR> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-08-11 00:28 . 2008-08-11 00:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-11 00:04 . 2004-08-04 00:56 221,696 --a--c--- C:\WINDOWS\system32\dllcache\seo.dll
2008-08-11 00:04 . 2004-08-04 00:56 189,440 --a--c--- C:\WINDOWS\system32\dllcache\smtpadm.dll
2008-08-11 00:04 . 2004-08-04 00:56 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2008-08-11 00:04 . 2004-08-04 00:56 10,752 --a--c--- C:\WINDOWS\system32\dllcache\smtpapi.dll
2008-08-11 00:04 . 2004-08-04 00:56 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2008-08-11 00:04 . 2004-08-04 00:56 9,728 --a--c--- C:\WINDOWS\system32\dllcache\rwnh.dll
2008-08-11 00:02 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\000001_.tmp
2008-08-10 21:50 . 2007-02-28 04:08 2,136,064 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-08-10 17:36 . 2008-08-10 17:36 88 --a------ C:\WINDOWS\wininit.ini
2008-08-10 16:21 . 2008-08-10 16:21 172 --a------ C:\WINDOWS\el.ini
2008-07-26 02:55 . 2008-07-26 02:55 <DIR> d-------- C:\Program Files\Broderbund
2008-07-26 02:55 . 2008-07-26 02:55 <DIR> d-------- C:\Documents and Settings\user\Application Data\Broderbund
2008-07-26 02:55 . 2008-07-26 02:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Broderbund
2008-07-24 23:25 . 2008-07-24 23:25 <DIR> d-------- C:\Downloads
2008-07-24 19:16 . 1999-03-06 03:55 57,344 --a------ C:\WINDOWS\Uninstaller.exe
2008-07-24 00:17 . 2008-07-24 00:17 3,120 --a------ C:\WINDOWS\YVAJ3BDH.ocx
2008-07-24 00:17 . 2008-07-24 00:17 3,120 --a------ C:\WINDOWS\system32\SBE48W62.ocx
2008-07-24 00:16 . 2008-07-24 00:16 <DIR> d-------- C:\Program Files\Common Files\DiskTrix
2008-07-24 00:03 . 2008-07-29 10:42 <DIR> d-------- C:\Program Files\UltimateDefrag
2008-07-18 00:56 . 2008-04-14 05:42 354,304 --a------ C:\WINDOWS\system32\SET1245.tmp
2008-07-18 00:56 . 2008-04-14 05:40 177,152 --a------ C:\WINDOWS\system32\SET1278.tmp
2008-07-18 00:56 . 2008-04-14 05:42 80,896 --a------ C:\WINDOWS\system32\SET1240.tmp
2008-07-18 00:56 . 2008-04-14 05:42 75,776 --a------ C:\WINDOWS\system32\SET1250.tmp
2008-07-18 00:56 . 2008-04-14 05:41 24,576 --a------ C:\WINDOWS\system32\SET129C.tmp
2008-07-18 00:56 . 2008-04-14 05:42 15,872 --a------ C:\WINDOWS\system32\SET1249.tmp
2008-07-18 00:56 . 2008-04-14 05:42 6,656 --a------ C:\WINDOWS\system32\SET123D.tmp
2008-07-18 00:52 . 2008-04-14 05:42 471,552 --a------ C:\WINDOWS\system32\SET832.tmp
2008-07-18 00:52 . 2008-04-14 05:41 95,744 --a------ C:\WINDOWS\system32\SET838.tmp
2008-07-18 00:50 . 2008-04-14 05:42 2,843,136 --a------ C:\WINDOWS\system32\SET529.tmp
2008-07-18 00:49 . 2008-04-14 05:42 8,461,312 --a------ C:\WINDOWS\system32\SET371.tmp
2008-07-18 00:47 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\004026_.tmp
2008-07-18 00:42 . 2004-08-04 01:00 71,040 --------- C:\WINDOWS\system32\drivers\_004740_.tmp.dll
2008-07-17 23:47 . 2004-08-04 01:00 71,040 --------- C:\WINDOWS\system32\drivers\_004748_.tmp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-15 16:14 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-08-15 05:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-15 02:33 --------- d-----w C:\Documents and Settings\user\Application Data\uTorrent
2008-08-13 03:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-12 19:17 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-08-12 19:17 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2008-08-11 17:50 --------- d-----w C:\Program Files\Viewpoint
2008-08-11 17:50 --------- d-----w C:\Documents and Settings\user\Application Data\Viewpoint
2008-08-11 17:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-11 05:07 --------- d-----w C:\Program Files\Ad-Aware SE Personal
2008-08-10 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-10 21:39 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-08 17:04 --------- d-----w C:\Documents and Settings\user\Application Data\Hoyle Card Games
2008-08-06 06:54 --------- d-----w C:\Documents and Settings\user\Application Data\Hoyle Blackjack
2008-08-04 05:25 --------- d-----w C:\Documents and Settings\user\Application Data\Hoyle Puzzle and Board Games
2008-08-04 04:26 --------- d-----w C:\Program Files\Encore
2008-08-01 12:42 --------- d-----w C:\Program Files\Google
2008-07-31 12:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-31 12:46 --------- d-----w C:\Program Files\LimeWire
2008-07-31 12:43 --------- d-----w C:\Program Files\Java
2008-07-31 12:34 --------- d-----w C:\Program Files\Sierra
2008-07-31 12:29 --------- d-----w C:\Program Files\ArcSoft
2008-07-31 12:25 --------- d-----w C:\Program Files\uTorrent
2008-07-29 21:51 --------- d-----w C:\Program Files\Common Files\Nikon
2008-07-29 21:51 --------- d-----w C:\Documents and Settings\user\Application Data\Nikon
2008-07-25 02:21 --------- d-----w C:\Program Files\IsoBuster
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-17 21:05 22 ----a-w C:\Documents and Settings\All Users\Application Data\ReturnCounter.dat
2007-02-22 06:59 189,760 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
2007-02-02 06:35 87,608 ----a-w C:\Documents and Settings\user\Application Data\ezpinst.exe
2007-02-02 06:35 47,360 ----a-w C:\Documents and Settings\user\Application Data\pcouffin.sys
2000-06-05 23:47 32,768 -c--a-w C:\Program Files\mozilla firefox\plugins\AppSub32.dll
2004-10-16 18:16 56 --sh--r C:\WINDOWS\system32\0FA0CD486F.sys
2004-10-16 18:16 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"WeatherEye"="C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2008-05-30 14:45 4501912]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-30 14:45 1829712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 13:52 339968]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 15:46 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 16:04 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 09:16 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 10:34 851968]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 09:21 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 19:27 85696]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 20:08 813912]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 20:09 842584]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 13:54 65536 C:\WINDOWS\SOUNDMAN.EXE]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Event Reminder.lnk - C:\Program Files\PrintMaster\PMREMIND.EXE [1998-06-06 10:33:30 325632]
MRU-Blaster Scheduler.lnk - C:\Program Files\MRU-Blaster\scheduler.exe [2003-07-19 16:48:42 118784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2005-02-17 00:19:11 819200]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 14:13 49152 C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
"msacm.l3codec"= l3codecp.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer]
--a------ 2008-06-23 04:20 625664 C:\Program Files\Internet Explorer\iexplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QD FastAndSafe]
--a------ 2008-06-23 04:20 625664 C:\Program Files\Internet Explorer\iexplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2003-06-25 00:18 868352 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
--a------ 2003-05-01 18:44 65536 C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a--c--- 2005-01-29 17:32 12598440 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2005-02-24 11:57 2506752 C:\Program Files\Yahoo!\Messenger\YPager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"C:\WINDOWS\system32\kdykd.exe"=C:\WINDOWS\system32\kdykd.exe
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\UltimateDefrag\\UDefrag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:auth.keyhole.com

S3 ATICXCAP;ATI TV Wonder Pro A/V Capture;C:\WINDOWS\system32\drivers\aticxcap.sys [2003-04-08 08:47]
S3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);C:\WINDOWS\system32\drivers\aticxtun.sys [2003-04-08 08:47]
S3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;C:\WINDOWS\system32\drivers\aticxxbr.sys [2003-04-08 08:47]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 06:27]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 05:28]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B0D039E0-C6F0-CC70-A44C-B49BC97A72AA}]
C:\WINDOWS\system32\My_Server.exe
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-RunOnce-POSTRBT - C:\Program Files\Norton SystemWorks\Norton AntiVirus\Navw32.exe
Notify-dimsntfy - (no file)
Notify-WgaLogon - (no file)
MSConfigStartUp-kdykd - C:\WINDOWS\system32\kdykd.exe
MSConfigStartUp-SMrhctbaj0e7fn - C:\Program Files\rhctbaj0e7fn\rhctbaj0e7fn.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lo9iwjxo.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 11:16:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\COMMON~1\stardock\SDMCP.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-08-15 11:23:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-15 16:23:00

Pre-Run: 29,861,728,256 bytes free
Post-Run: 29,668,229,120 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

546 --- E O F --- 2008-08-13 03:14:22

___________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 11:31:49 AM, on 8/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\PrintMaster\PMREMIND.EXE
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.casharrives365.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094708655453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1129180172375
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} -
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} -
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://tgs.gov.mb.ca/roadinfo/help/downLoadIE/Acgm.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VideoAcceleratorEngine - Unknown owner - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (file missing)
y2jericho is offline