Webuser Forums: Probably hijacked

SDFix: Version 1.181
Run by Administrator on Thu 05/08/2008 at 11:38 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
MsSecurity1.209.4

Path :
C:\WINDOWS\winself.exe service

MsSecurity1.209.4 - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\liqad$.exe - Deleted
C:\WINDOWS\liqad.dll - Deleted
C:\WINDOWS\liqad.exe - Deleted
C:\WINDOWS\megavid.cdt - Deleted
C:\WINDOWS\muotr.so - Deleted
C:\WINDOWS\system32\comsa32.sys - Deleted
C:\WINDOWS\system32\perfs.txt - Deleted
C:\WINDOWS\system32\winfrun32.bin - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 23:56:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:7630197a
"s1"=dword:8e4c1415
"s2"=dword:44be3bc1
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:de,57,2c,07,64,6f,9d,ab,dd,1b,6f,28,56,b7,35,8a,80,38,19,92,81,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,cf,7e,16,8b,64,9d,8e,77,33,0a,9f,db,31,10,50,44,11,..
"khjeh"=hex:bf,33,ab,f5,a4,8f,a8,13,d4,70,52,a3,99,46,bf,4b,cf,4a,21,bb,fd,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fe,13,28,47,c9,d7,80,d7,72,61,b8,4a,dc,8d,09,e9,09,94,2c,20,73,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:a0,d0,27,f9,87,8c,c9,54,b5,f7,4a,bc,ee,4b,06,eb,09,c3,38,f0,e5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:de,57,2c,07,64,6f,9d,ab,dd,1b,6f,28,56,b7,35,8a,80,38,19,92,81,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,cf,7e,16,8b,64,9d,8e,77,33,0a,9f,db,31,10,50,44,11,..
"khjeh"=hex:7e,62,e4,ab,72,15,95,40,7f,cc,cd,a4,66,67,9a,e5,80,07,35,20,aa,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e3,8b,3d,4b,12,66,54,6c,ed,c5,c6,94,f8,98,6a,3c,4a,d9,72,2a,8d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:de,57,2c,07,64,6f,9d,ab,dd,1b,6f,28,56,b7,35,8a,80,38,19,92,81,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,cf,7e,16,8b,64,9d,8e,77,33,0a,9f,db,31,10,50,44,11,..
"khjeh"=hex:bf,33,ab,f5,a4,8f,a8,13,d4,70,52,a3,99,46,bf,4b,cf,4a,21,bb,fd,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fe,13,28,47,c9,d7,80,d7,72,61,b8,4a,dc,8d,09,e9,09,94,2c,20,73,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:a0,d0,27,f9,87,8c,c9,54,b5,f7,4a,bc,ee,4b,06,eb,09,c3,38,f0,e5,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{447822FE-18F4-2D7D-48E0-0A6D7388A843}]
"abkmlnfggkchbennjpaadhfpdmklkcpfbi"=hex:61,62,6d,6a,65,6c,6f,62,68,61,61,6e,62,63,70,67,6f,6a,64,64,70,..
"bbkmlnfggkchbennjpnockpolklmlkjdfahl"=hex:61,62,6a,69,6b,6a,6b,63,66,6c,67,70,67,70,67,64,6e,6c,69,64,6d,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\WINDOWS\\system32\\TPSrv32.exe"="C:\\WINDOWS\\system32\\TPSrv32.exe:*:Enabled:Keygen.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Ruckus Player\\Ruckus.exe"="C:\\Program Files\\Ruckus Player\\Ruckus.exe:*:Enabled:Ruckus"
"C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"="C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe:*:Enabled:Gears of War"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sun 23 Dec 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 2 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 9 Nov 2006 1,073,270,784 A.SH. --- "C:\RECYCLER\S-1-5-21-1659004503-1292428093-839522115-1004\Dc27\S-1-5-21-1659004503-1292428093-839522115-1004\Dc11.sys"
Mon 7 Aug 2006 0 A.SHR --- "C:\RECYCLER\S-1-5-21-1659004503-1292428093-839522115-1004\Dc27\S-1-5-21-1659004503-1292428093-839522115-1004\Dc12.SYS"
Mon 7 Aug 2006 0 A.SHR --- "C:\RECYCLER\S-1-5-21-1659004503-1292428093-839522115-1004\Dc27\S-1-5-21-1659004503-1292428093-839522115-1004\Dc13.SYS"
Tue 3 Aug 2004 47,564 A.SHR --- "C:\RECYCLER\S-1-5-21-1659004503-1292428093-839522115-1004\Dc27\S-1-5-21-1659004503-1292428093-839522115-1004\Dc14.COM"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT16.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT14.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT18.tmp"
Mon 3 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT5.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT17.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT19.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT15.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BITB.tmp"

Finished!

ComboFix 08-05-11.1 - Jay Cutler 2008-05-12 11:07:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.496 [GMT -4:00]
Running from: C:\Documents and Settings\Jay Cutler\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jay Cutler\Desktop\WinXP_EN_HOM_BF.EXE
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\mainms.vpi
C:\WINDOWS\system32\andt.sys
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\din.ip
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\klnTvyay.ini
C:\WINDOWS\system32\klnTvyay.ini2
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\sznf.ascii
C:\WINDOWS\system32\tmp0_13157538066.bk
C:\WINDOWS\system32\tmp0_145529695696.bk
C:\WINDOWS\system32\tmp0_164324115039.bk
C:\WINDOWS\system32\tmp0_19690446942.bk
C:\WINDOWS\system32\tmp0_203705479571.bk
C:\WINDOWS\system32\tmp0_219126817725.bk
C:\WINDOWS\system32\tmp0_223313489955.bk
C:\WINDOWS\system32\tmp0_346822429161.bk
C:\WINDOWS\system32\tmp0_354063372256.bk
C:\WINDOWS\system32\tmp0_362535577370.bk
C:\WINDOWS\system32\tmp0_367766742952.bk
C:\WINDOWS\system32\tmp0_463213215289.bk
C:\WINDOWS\system32\tmp0_504557681296.bk
C:\WINDOWS\system32\tmp0_555548215495.bk
C:\WINDOWS\system32\tmp0_607061524431.bk
C:\WINDOWS\system32\tmp0_874903562569.bk
C:\WINDOWS\system32\tmp1_133155314306.bk
C:\WINDOWS\system32\tmp1_167303599842.bk
C:\WINDOWS\system32\tmp1_189064177970.bk
C:\WINDOWS\system32\tmp1_348787219570.bk
C:\WINDOWS\system32\tmp1_395241343627.bk
C:\WINDOWS\system32\tmp1_402879534142.bk
C:\WINDOWS\system32\tmp1_411738777742.bk
C:\WINDOWS\system32\tmp1_432015876747.bk
C:\WINDOWS\system32\tmp1_433044311113.bk
C:\WINDOWS\system32\tmp1_486451390541.bk
C:\WINDOWS\system32\tmp1_506668707747.bk
C:\WINDOWS\system32\tmp1_5985286380.bk
C:\WINDOWS\system32\tmp1_6070141733.bk
C:\WINDOWS\system32\tmp1_62042930212.bk
C:\WINDOWS\system32\tmp1_723042384530.bk
C:\WINDOWS\system32\tmp1_771114367451.bk
C:\WINDOWS\system32\tmp3_22275703059.bk
C:\WINDOWS\system32\tmp3_22669485662.bk
C:\WINDOWS\system32\tmp3_294547166949.bk
C:\WINDOWS\system32\tmp3_353572441669.bk
C:\WINDOWS\system32\tmp3_408252462173.bk
C:\WINDOWS\system32\tmp3_435621555420.bk
C:\WINDOWS\system32\tmp3_49988825224.bk
C:\WINDOWS\system32\tmp3_571273356661.bk
C:\WINDOWS\system32\tmp3_609161698620.bk
C:\WINDOWS\system32\tmp3_615927248090.bk
C:\WINDOWS\system32\tmp3_619802397394.bk
C:\WINDOWS\system32\tmp3_641031720934.bk
C:\WINDOWS\system32\tmp3_670419203751.bk
C:\WINDOWS\system32\tmp3_702999204227.bk
C:\WINDOWS\system32\tmp3_768252386984.bk
C:\WINDOWS\system32\tmp3_76958572659.bk
C:\WINDOWS\system32\tmp3_76966405136.bk
C:\WINDOWS\system32\tmp3_816475400278.bk
C:\WINDOWS\system32\tmp4_131105228471.bk
C:\WINDOWS\system32\tmp4_167063266885.bk
C:\WINDOWS\system32\tmp4_171901425920.bk
C:\WINDOWS\system32\tmp4_175765101289.bk
C:\WINDOWS\system32\tmp4_183637601211.bk
C:\WINDOWS\system32\tmp4_255482404886.bk
C:\WINDOWS\system32\tmp4_297738772431.bk
C:\WINDOWS\system32\tmp4_336516558239.bk
C:\WINDOWS\system32\tmp4_413852832753.bk
C:\WINDOWS\system32\tmp4_476562483652.bk
C:\WINDOWS\system32\tmp4_615090646866.bk
C:\WINDOWS\system32\tmp4_683275697628.bk
C:\WINDOWS\system32\tmp4_728523825307.bk
C:\WINDOWS\system32\tmp4_734239747591.bk
C:\WINDOWS\system32\tmp4_856580482935.bk
C:\WINDOWS\system32\tmp4_871532542929.bk

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Service_perfmons
-------\Service_Routing

((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))
.

2008-05-08 23:33 . 2008-05-08 23:33 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-08 23:27 . 2008-05-09 00:02 <DIR> d-------- C:\SDFix
2008-05-07 21:09 . 2008-05-07 21:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-07 19:16 . 2008-05-07 19:16 <DIR> d-------- C:\Documents and Settings\Jay Cutler\Application Data\vlc
2008-05-07 18:57 . 2008-05-07 18:57 <DIR> d-------- C:\Documents and Settings\Jay Cutler\Application Data\dvdcss
2008-05-07 18:54 . 2008-05-07 18:54 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
2008-05-07 18:54 . 2008-05-07 18:54 43,008 --a------ C:\WINDOWS\system32\qoMDULbB.dll.vzr
2008-05-07 18:54 . 2008-05-07 18:54 4 --a------ C:\WINDOWS\system32\jpewocmz.ini
2008-05-07 18:40 . 2008-05-07 18:55 <DIR> d-------- C:\Program Files\VLC
2008-05-07 10:18 . 2008-05-12 10:00 1,113 --a------ C:\rollback.ini
2008-05-05 21:08 . 2008-05-07 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-05 21:07 . 2008-03-13 23:10 99,816 --a------ C:\WINDOWS\system32\~GLH0021.TMP
2008-05-05 20:45 . 2008-05-07 10:04 <DIR> d-------- C:\Documents and Settings\Jay Cutler\Application Data\MailFrontier
2008-05-05 20:45 . 2008-05-12 11:16 19,807,008 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-05 20:45 . 2008-05-12 11:11 274,580 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-05 20:45 . 2008-05-07 19:21 71,712 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-05 20:45 . 2008-05-07 19:21 8,744 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-05 20:30 . 2008-05-12 00:29 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-05 20:29 . 2008-03-13 23:11 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-05-05 20:29 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-05-05 20:28 . 2008-05-05 20:28 <DIR> d-------- C:\Program Files\Zone Labs
2008-05-05 11:22 . 2008-05-05 11:22 <DIR> d-------- C:\Documents and Settings\Jay Cutler\Application Data\iolo
2008-05-05 11:22 . 2008-05-05 11:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-05-05 11:22 . 2008-05-05 11:22 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-05-04 14:38 . 2008-05-04 14:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-05-04 14:36 . 2008-05-04 14:36 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2008-04-30 13:33 . 2008-04-30 13:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AcrobatInstall
2008-04-28 14:08 . 2008-05-09 06:06 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-28 13:51 . 2008-04-28 13:51 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-04-28 13:51 . 2008-04-28 13:51 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-04-28 13:50 . 2008-05-12 06:17 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-28 13:50 . 2008-04-28 13:50 <DIR> d-------- C:\Program Files\AVG
2008-04-28 13:50 . 2008-04-29 00:27 <DIR> d-------- C:\Documents and Settings\Jay Cutler\Application Data\AVGTOOLBAR
2008-04-28 13:50 . 2008-04-28 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-28 13:50 . 2008-04-28 13:50 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-28 13:50 . 2008-04-28 13:50 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-04-18 19:04 . 2008-05-12 10:24 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-18 18:50 . 2008-04-18 19:05 <DIR> d-------- C:\Documents and Settings\Jay Cutler\Application Data\Ahead
2008-04-18 18:48 . 2008-04-18 18:48 <DIR> d-------- C:\Program Files\Nero
2008-04-18 18:48 . 2008-04-18 18:48 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-18 18:29 . 2008-04-18 18:29 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-04-18 18:28 . 2008-04-18 18:28 <DIR> d-------- C:\Program Files\DVD Shrink
2008-04-18 18:28 . 2008-04-18 18:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-18 12:36 . 2008-04-18 12:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Viewpoint
2008-04-18 00:06 . 2008-04-18 00:06 0 --a------ C:\WINDOWS\nsf1BD.tmp
2008-04-18 00:01 . 2008-04-18 00:01 0 --a------ C:\WINDOWS\va21B8.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 04:27 --------- d-----w C:\Program Files\Steam
2008-05-09 14:06 67,114 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_05_09_09_28_57_small.dmp.zip
2008-05-09 14:06 55,323 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_05_09_09_29_43_small.dmp.zip
2008-05-09 03:30 --------- d-----w C:\Documents and Settings\Jay Cutler\Application Data\uTorrent
2008-05-07 23:21 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd7805.sys
2008-05-04 18:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-28 18:41 --------- d-----w C:\Program Files\AIM6
2008-04-17 15:08 --------- d-----w C:\Documents and Settings\Jay Cutler\Application Data\U3
2008-04-14 16:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-11 00:53 --------- d-----w C:\Program Files\DivX
2008-04-08 14:43 --------- d-----w C:\Documents and Settings\Jay Cutler\Application Data\Ruckus Network
2008-04-08 07:18 --------- d-----w C:\Documents and Settings\Jay Cutler\Application Data\goombah
2008-04-08 01:15 --------- d-----w C:\Program Files\Ruckus Player
2008-04-08 01:15 --------- d-----w C:\Program Files\Emergent Music LLC
2008-04-05 04:05 --------- d-----w C:\Program Files\Java
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-29 18:57 --------- d-----w C:\Documents and Settings\Jay Cutler\Application Data\CyberLink
2008-03-29 18:53 --------- d-----w C:\Program Files\CyberLink
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-14 03:11 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-12-09 06:34 4,512 ----a-w C:\Program Files\pkey.txt
2007-11-04 21:21 2,045,024 ----a-w C:\Program Files\everest.exe
2006-03-20 20:37 5,689,344 ----a-w C:\Program Files\mplayerc.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EA2008F-CF84-40DF-BDD0-FCD559C919FD}]
C:\WINDOWS\system32\yayvTnlk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-04-28 13:50 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-28 13:50 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-28 13:50 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 17:44 140288]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-04-21 01:33 1271032]
"C:\Program Files\NetMeter\NetMeter.exe"="C:\Program Files\NetMeter\NetMeter.exe" [2007-08-11 16:50 331264]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-24 15:38 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-10-04 18:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-10-04 18:14 81920]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 14:38 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 14:05 2650112]
"P17Helper"="P17.dll" [2005-05-03 07:38 64512 C:\WINDOWS\system32\P17.dll]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 11:51 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 17:48 479232]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-02 20:00 55368]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-21 03:14 185632]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-28 13:50 1177368]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Keygen.exe"="C:\WINDOWS\system32\TPSrv32.exe" [ ]

C:\Documents and Settings\Jay Cutler\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 23:31:38 241664]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-29 00:06:36 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khFUoliF]
khFUoliF.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-12-02 22:32 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Ruckus Player\\Ruckus.exe"=
"C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-04-28 13:51]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-28 13:50]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-28 13:50]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-28 13:50]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-28 13:50]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S2 AFinding;AFinding Service;C:\WINDOWS\system32\afinding.exe []
S2 WServing;WServing Service;C:\WINDOWS\system32\wserving.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14576f3d-cd3a-11dc-8f70-0016b69b6791}]
\Shell\AutoRun\command - F:\LinksysConnectPC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fde2270-ad36-11dc-8f68-0016b69b6791}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9a03ce2-0b1e-11dd-8f7c-0016b69b6791}]
\Shell\AutoRun\command - F:\LaunchU3.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 11:13:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\DOCUME~1\JAYCUT~1\LOCALS~1\Temp\0d9a492b-e7ff-4383-902d-35f2723daaea.tmp 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"C:\\Program Files\\NetMeter\\NetMeter.exe"="C:\\Program Files\\NetMeter\\NetMeter.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-05-12 11:22:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-12 15:22:24

Pre-Run: 190,884,855,808 bytes free
Post-Run: 191,701,053,440 bytes free

WinXP_EN_HOM_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn /usepmtimer
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

371 --- E O F --- 2008-04-14 16:21:54

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:33 AM, on 5/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scottrade.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4EA2008F-CF84-40DF-BDD0-FCD559C919FD} - C:\WINDOWS\system32\yayvTnlk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [Keygen.exe] C:\WINDOWS\system32\TPSrv32.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1196622624500
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll
O20 - Winlogon Notify: khFUoliF - khFUoliF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe (file missing)

--
End of file - 11284 bytes

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ComboFix 08-05-24.1 - Jay Cutler 2008-05-25 13:39:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.517 [GMT -4:00]
Running from: C:\Documents and Settings\Jay Cutler\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jay Cutler\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\afinding.exe
C:\WINDOWS\system32\andt.sys
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\din.ip
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\tmp0_3430811804.bk
C:\WINDOWS\system32\tmp0_380907497373.bk
C:\WINDOWS\system32\tmp0_469786540126.bk
C:\WINDOWS\system32\tmp0_599422390509.bk
C:\WINDOWS\system32\tmp0_625053806360.bk
C:\WINDOWS\system32\tmp0_748092173924.bk
C:\WINDOWS\system32\tmp1_315894244406.bk
C:\WINDOWS\system32\tmp1_317085122207.bk
C:\WINDOWS\system32\tmp1_649344219682.bk
C:\WINDOWS\system32\tmp1_664023400460.bk
C:\WINDOWS\system32\tmp1_94190556457.bk
C:\WINDOWS\system32\tmp3_117240541271.bk
C:\WINDOWS\system32\tmp3_218644657288.bk
C:\WINDOWS\system32\tmp3_373653381638.bk
C:\WINDOWS\system32\tmp3_47311507548.bk
C:\WINDOWS\system32\tmp3_5515904207.bk
C:\WINDOWS\system32\tmp3_81667222068.bk
C:\WINDOWS\system32\tmp4_409043720879.bk
C:\WINDOWS\system32\tmp4_7215768361.bk
C:\WINDOWS\system32\tmp4_796775231189.bk
C:\WINDOWS\system32\tmp4_89543966186.bk
C:\WINDOWS\system32\WServing.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFINDING
-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Legacy_WSERVING
-------\Service_AFinding
-------\Service_perfmons
-------\Service_Routing
-------\Service_WServing

((((((((((((((((((((((((( Files Created from 2008-04-25 to 2008-05-25 )))))))))))))))))))))))))))))))
.

C:\ComboFix\CreateC00.bat .
C:\ComboFix\CreateC00.bat .
C:\ComboFix\CreateC00.bat .
2008-05-25 13:50 . 1,610,612,736 C:\pagefile.sys
2008-05-25 13:50 . 1,610,612,736 C:\pagefile.sys
2008-05-25 13:50 . 1,610,612,736 C:\pagefile.sys
2008-05-25 13:50 . 1,610,612,736 C:\pagefile.sys
2008-05-25 13:28 . 2008-05-25 13:28 <DIR> d-------- C:\cmdcons
2008-05-25 13:28 . 2008-05-25 13:28 <DIR> d-------- C:\cmdcons
2008-05-25 13:28 . 2008-05-25 13:28 <DIR> d-------- C:\cmdcons
2008-05-25 13:28 . 2008-05-25 13:28 <DIR> d-------- C:\cmdcons
2008-05-25 13:27 . 2008-05-25 13:53 <DIR> d-------- C:\ComboFix
2008-05-25 13:27 . 2008-05-25 13:53 <DIR> d-------- C:\ComboFix
2008-05-25 13:27 . 2008-05-25 13:53 <DIR> d-------- C:\ComboFix
2008-05-25 13:27 . 2008-05-25 13:53 <DIR> d-------- C:\ComboFix
2008-05-24 18:41 . 2008-04-15 08:00 4,952 -ra------ C:\Bootfont.bin
2008-05-24 18:41 . 2008-04-15 08:00 4,952 -ra------ C:\Bootfont.bin
2008-05-24 18:41 . 2008-04-15 08:00 4,952 -ra------ C:\Bootfont.bin
2008-05-24 18:41 . 2008-04-15 08:00 4,952 -ra------ C:\Bootfont.bin
2008-05-24 18:41 . 2008-04-15 08:00 4,952 -ra------ C:\Bootfont.bin
2008-05-23 19:31 . 2008-05-23 19:31 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-23 19:31 . 2008-05-23 19:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-23 19:30 . 2008-05-23 19:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-23 17:15 . 2008-05-23 17:15 <DIR> d--hs---- C:\Diskeeper
2008-05-23 17:15 . 2008-05-23 17:15 <DIR> d--hs---- C:\Diskeeper
2008-05-23 17:15 . 2008-05-23 17:15 <DIR> d--hs---- C:\Diskeeper
2008-05-23 17:15 . 2008-05-23 17:15 <DIR> d--hs---- C:\Diskeeper
2008-05-23 17:15 . 2008-05-23 17:15 <DIR> d--hs---- C:\Diskeeper
2008-05-12 23:20 . 2008-05-12 23:20 <DIR> d--hs---- C:\RECYCLER
2008-05-12 23:20 . 2008-05-12 23:20 <DIR> d--hs---- C:\RECYCLER
2008-05-12 23:20 . 2008-05-12 23:20 <DIR> d--hs---- C:\RECYCLER
2008-05-12 23:20 . 2008-05-12 23:20 <DIR> d--hs---- C:\RECYCLER
2008-05-12 11:04 . 2008-05-25 13:39 <DIR> d-------- C:\QooBox
2008-05-12 11:04 . 2008-05-25 13:39 <DIR> d-------- C:\QooBox
2008-05-12 11:04 . 2008-05-25 13:39 <DIR> d-------- C:\QooBox
2008-05-12 11:04 . 2008-05-25 13:39 <DIR> d-------- C:\QooBox
2008-05-08 23:33 . 2008-05-08 23:33 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-08 23:27 . 2008-05-09 00:02 <DIR> d-------- C:\SDFix
2008-05-08 23:27 . 2008-05-09 00:02 <DIR> d-------- C:\SDFix
2008-05-08 23:27 . 2008-05-09 00:02 <DIR> d-------- C:\SDFix
2008-05-08 23:27 . 2008-05-09 00:02 <DIR> d-------- C:\SDFix
2008-05-08 23:27 . 2008-05-09 00:02 <DIR> d-------- C:\SDFix
2008-05-07 21:09 . 2008-05-07 21:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-07 19:16 . 2008-05-07 19:16 <DIR> d-------- C:\Documents and Settings\Jay Cutler\Application Data\vlc
2008-05-07 18:59 . 2008-05-07 19:20 6,317 --ahs---- C:\WINDOWS\system32\klnTvyay.ini
2008-05-07 18:57 . 2008-05-07 18:57 <DIR> d-------- C:\Documents and Settings\Jay Cutler\Application Data\dvdcss
2008-05-07 18:54 . 2008-05-07 18:54 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
2008-05-07 18:54 . 2008-05-07 18:54 4 --a------ C:\WINDOWS\system32\jpewocmz.ini
2008-05-07 18:40 . 2008-05-07 18:55 <DIR> d-------- C:\Program Files\VLC
2008-05-07 10:18 . 2008-05-23 17:36 1,258 --a------ C:\rollback.ini
2008-05-05 21:08 . 2008-05-07 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-05 21:07 . 2008-03-13 23:10 99,816 --a------ C:\WINDOWS\system32\~GLH0021.TMP
2008-05-05 20:30 . 2008-05-23 17:28 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-05 20:29 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-05-05 20:28 . 2008-05-25 12:58 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-05-05 20:28 . 2008-05-24 18:48 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-05-05 11:22 . 2008-05-05 11:22 <DIR> d-------- C:\Documents and Settings\Jay Cutler\Application Data\iolo
2008-05-05 11:22 . 2008-05-05 11:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-05-05 11:22 . 2008-05-05 11:22 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-05-04 14:38 . 2008-05-04 14:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-05-04 14:36 . 2008-05-04 14:36 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2008-04-30 13:33 . 2008-04-30 13:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AcrobatInstall
2008-04-28 14:08 . 2008-05-25 05:08 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-28 14:08 . 2008-05-25 05:08 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-28 14:08 . 2008-05-25 05:08 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-28 14:08 . 2008-05-25 05:08 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-28 14:08 . 2008-05-25 05:08 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-28 13:51 . 2008-04-28 13:51 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-04-28 13:51 . 2008-04-28 13:51 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-04-28 13:50 . 2008-05-25 10:17 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-28 13:50 . 2008-04-28 13:50 <DIR> d-------- C:\Program Files\AVG
2008-04-28 13:50 . 2008-04-29 00:27 <DIR> d-------- C:\Documents and Settings\Jay Cutler\Application Data\AVGTOOLBAR
2008-04-28 13:50 . 2008-04-28 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-28 13:50 . 2008-04-28 13:50 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-28 13:50 . 2008-04-28 13:50 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-25 17:52 --------- d-----w C:\Program Files\Steam
2008-05-25 17:40 --------- d-----w C:\Documents and Settings\Jay Cutler\Application Data\uTorrent
2008-05-23 23:04 --------- d-----w C:\Program Files\CursorXP
2008-05-16 04:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-09 14:06 67,114 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_05_09_09_28_57_small.dmp.zip
2008-05-09 14:06 55,323 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_05_09_09_29_43_small.dmp.zip
2008-05-07 23:21 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd7805.sys
2008-05-04 18:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-28 18:41 --------- d-----w C:\Program Files\AIM6
2008-04-18 23:05 --------- d-----w C:\Documents and Settings\Jay Cutler\Application Data\Ahead
2008-04-18 22:48 --------- d-----w C:\Program Files\Nero
2008-04-18 22:48 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-18 22:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-18 22:29 --------- d-----w C:\Program Files\DVD Decrypter
2008-04-18 22:28 --------- d-----w C:\Program Files\DVD Shrink
2008-04-18 16:36 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Viewpoint
2008-04-17 15:08 --------- d-----w C:\Documents and Settings\Jay Cutler\Application Data\U3
2008-04-11 00:53 --------- d-----w C:\Program Files\DivX
2008-04-08 14:43 --------- d-----w C:\Documents and Settings\Jay Cutler\Application Data\Ruckus Network
2008-04-08 07:18 --------- d-----w C:\Documents and Settings\Jay Cutler\Application Data\goombah
2008-04-08 01:15 --------- d-----w C:\Program Files\Ruckus Player
2008-04-08 01:15 --------- d-----w C:\Program Files\Emergent Music LLC
2008-04-05 04:05 --------- d-----w C:\Program Files\Java
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-29 18:57 --------- d-----w C:\Documents and Settings\Jay Cutler\Application Data\CyberLink
2008-03-29 18:53 --------- d-----w C:\Program Files\CyberLink
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2007-12-09 06:34 4,512 ----a-w C:\Program Files\pkey.txt
2007-11-04 21:21 2,045,024 ----a-w C:\Program Files\everest.exe
2006-03-20 20:37 5,689,344 ----a-w C:\Program Files\mplayerc.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EA2008F-CF84-40DF-BDD0-FCD559C919FD}]
C:\WINDOWS\system32\yayvTnlk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-04-28 13:50 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-28 13:50 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-28 13:50 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-04-21 01:33 1271032]
"C:\Program Files\NetMeter\NetMeter.exe"="C:\Program Files\NetMeter\NetMeter.exe" [2007-08-11 16:50 331264]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-24 15:38 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-10-04 18:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-10-04 18:14 81920]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 14:38 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 14:05 2650112]
"P17Helper"="P17.dll" [2005-05-03 07:38 64512 C:\WINDOWS\system32\P17.dll]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 11:51 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 17:48 479232]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-02 20:00 55368]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-21 03:14 185632]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-28 13:50 1177368]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2008-05-23 19:33 4382720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Keygen.exe"="C:\WINDOWS\system32\TPSrv32.exe" [ ]

C:\Documents and Settings\Jay Cutler\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 23:31:38 241664]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-29 00:06:36 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khFUoliF]
khFUoliF.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll,avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\AIM6\\aim6.