johnct5
2008-10-01, 18:45
Ive been reading the other threads and heres my log files so far
combofix log
ComboFix 08-09-30.03 - Rhythmatix 2008-10-01 8:53:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.660 [GMT -7:00]
Running from: C:\Documents and Settings\Rhythmatix\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rhythmatix\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Rhythmatix\Application Data\RACLE~1
C:\Program Files\Common Files\ystem3~1
C:\WINDOWS\2.exe
C:\WINDOWS\BMaf7b8bd7.txt
C:\WINDOWS\BMaf7b8bd7.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\aikyqcrc.dll
C:\WINDOWS\system32\awtsTJBq.dll
C:\WINDOWS\system32\blphcaetj0eg5n.scr
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\efcdAqNH.dll
C:\WINDOWS\system32\lphcaetj0eg5n.exe
C:\WINDOWS\system32\nmonubdq.dll
C:\WINDOWS\system32\qBJTstwa.ini
C:\WINDOWS\system32\qBJTstwa.ini2
C:\WINDOWS\system32\rtl60.bpl
C:\WINDOWS\system32\smbols~1
C:\WINDOWS\system32\smbols~1\s?mbols\
C:\WINDOWS\system32\udhmduwo.ini
C:\WINDOWS\system32\vrsarely.dll
C:\WINDOWS\system32\wnsintisv.exe
C:\WINDOWS\system32\xbrtyy.dll
C:\WINDOWS\system32\ylerasrv.ini
C:\WINDOWS\system32\zpprob.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Legacy_MCHINJDRV
-------\Legacy_NETWORK_MONITOR
-------\Service_Iprip
((((((((((((((((((((((((( Files Created from 2008-09-01 to 2008-10-01 )))))))))))))))))))))))))))))))
.
2008-12-21 21:59 . 2008-12-21 21:59 447,200 --a------ C:\WINDOWS\system32\OpenQuicktimeLib.dll
2008-12-21 21:59 . 2008-12-21 21:59 332,512 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll
2008-12-21 21:59 . 2008-12-21 21:59 25,312 --a------ C:\WINDOWS\system32\SamsungVfWCodec.dll
2008-12-21 21:59 . 2008-12-21 21:59 25,312 --a------ C:\WINDOWS\system32\DivXVfWCodec.dll
2008-12-21 21:58 . 2008-12-21 21:58 1,155,808 --a------ C:\WINDOWS\system32\3ivx.dll
2008-12-21 21:52 . 2008-12-21 21:52 66,272 --a------ C:\WINDOWS\system32\libfaac.dll
2008-09-30 06:48 . 2008-09-30 06:48 <DIR> d-------- C:\Documents and Settings\Rhythmatix\Application Data\Xilisoft Corporation
2008-09-30 06:47 . 2008-09-30 06:47 <DIR> d-------- C:\Program Files\Xilisoft
2008-09-30 05:41 . 2008-09-30 05:41 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-09-30 05:21 . 2008-09-30 06:56 <DIR> d-------- C:\Program Files\BitComet
2008-09-19 07:00 . 2008-09-19 07:00 90,112 --a------ C:\WINDOWS\system32\dcperwlc.exe
2008-09-19 06:50 . 2008-09-19 06:50 90,112 --a------ C:\WINDOWS\system32\lqzsjqza.exe
2008-09-19 06:45 . 2008-09-19 06:45 <DIR> d-------- C:\Program Files\Pcsx2_0.9.4
2008-09-13 01:31 . 2000-12-13 03:21 7,572,224 --a------ C:\WINDOWS\system32\CT8MGM.SF2
2008-09-13 01:27 . 2002-02-19 20:00 331,776 --a------ C:\WINDOWS\system32\CTMEDENG.DLL
2008-09-13 01:27 . 2001-09-18 03:00 139,264 --a------ C:\WINDOWS\system32\Video.skn
2008-09-13 01:27 . 2001-03-30 02:00 62,976 --a------ C:\WINDOWS\system32\CTDetres.dll
2008-09-13 01:27 . 1999-12-13 01:01 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2008-09-13 01:27 . 1999-11-18 01:00 25,088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE
2008-09-13 01:27 . 2000-04-20 01:00 24,576 --a------ C:\WINDOWS\system32\CTMERes.DLL
2008-09-13 01:27 . 1998-09-17 01:52 17,350 --a------ C:\WINDOWS\system32\CTDetect.hlp
2008-09-13 01:27 . 1998-09-17 01:52 641 --a------ C:\WINDOWS\system32\CTDetect.cnt
2008-09-13 01:25 . 2003-03-05 12:19 15,840 --a------ C:\WINDOWS\system32\pfmodnt.sys
2008-09-13 01:22 . 2008-04-13 11:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-09-13 01:22 . 2008-04-13 11:45 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-09-13 01:13 . 2008-09-13 01:13 94,208 --a------ C:\WINDOWS\system32\fepcnwbq.exe
2008-09-11 18:30 . 2008-09-11 18:30 <DIR> d-------- C:\Program Files\RADVideo
2008-09-11 18:02 . 2008-09-11 18:02 102,400 --a------ C:\WINDOWS\system32\adoxongh.exe
2008-09-11 02:32 . 2008-09-19 06:56 <DIR> d-------- C:\Program Files\Unity
2008-09-07 09:44 . 2008-09-04 13:59 165,888 --a------ C:\WINDOWS\system32\sav.cpl
2008-09-07 09:44 . 2008-09-07 09:44 116,228 --a------ C:\WINDOWS\system32\msxml71.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 15:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-30 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-30 11:58 --------- d-----w C:\Program Files\LimeWire
2008-09-30 11:27 --------- d-----w C:\Documents and Settings\Rhythmatix\Application Data\Moyea
2008-09-19 18:47 --------- d-----w C:\Program Files\Microsoft Broadband Networking
2008-09-13 12:17 --------- d-----w C:\Program Files\FriendBlasterPro
2008-09-13 08:33 --------- d-----w C:\Program Files\Creative
2008-09-13 08:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-13 08:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-12 01:46 --------- d-----w C:\Program Files\DivX
2008-09-03 18:17 --------- d-----w C:\Program Files\Soulseek
2008-09-03 07:08 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-09-03 07:07 --------- d-----w C:\Program Files\Mah Jong Quest
2008-09-01 03:46 --------- d-----w C:\Program Files\Smilebox
2008-08-23 01:08 --------- d-----w C:\Program Files\MySpace
2008-08-18 22:31 --------- d-----w C:\Program Files\QuickTime
2008-08-18 10:19 --------- d-----w C:\Program Files\Luxor 2
2008-08-14 11:31 720,896 ----a-w C:\WINDOWS\iun6002ev.exe
2008-08-14 11:31 --------- d-----w C:\Program Files\Bejeweled 2 Deluxe
2008-08-13 08:20 --------- d-----w C:\Program Files\Windows Desktop Search
2008-08-07 15:32 --------- d-----w C:\Documents and Settings\Rhythmatix\Application Data\DNA
2008-08-07 07:08 --------- d-----w C:\Documents and Settings\Rhythmatix\Application Data\BitTorrent
2008-07-03 01:34 65,024 ----a-w C:\WINDOWS\IFinst26.exe
2008-01-28 06:13 22,328 -c--a-w C:\Documents and Settings\Rhythmatix\Application Data\PnkBstrK.sys
2008-01-20 15:34 5,810 -c--a-w C:\Program Files\install.log
2007-03-16 13:21 131,072 -c--a-w C:\Documents and Settings\Rhythmatix\updatetmp.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo RX620 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE" [2004-05-19 98304]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe" [2003-02-17 53248]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"SbUsb AudCtrl"="sbusbdll.dll" [2003-03-11 C:\WINDOWS\system32\sbusbdll.dll]
C:\Documents and Settings\Rhythmatix\Start Menu\Programs\Startup\
LimeWire On Startup.lnk.disabled [2008-09-30 1553]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=xbrtyy.dll zpprob.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= DivXa32.acm
"vidc.X264"= x264vfw.dll
"vidc.hfyu"= huffyuv.dll
"vidc.3IV2"= 3ivxVfWCodec.dll
"vidc.SEDG"= SamsungVfWCodec.dll
"vidc.DX50"= DivXVfWCodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Broadband Networking.lnk]
backup=C:\WINDOWS\pss\Microsoft Broadband Networking.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton SystemWorks
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSRKey
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 17:12 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent]
--a--c--- 2008-05-26 20:13 57344 C:\Program Files\MarkAny\ContentSafer\MaAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 17:12 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvdai]
--ah----- 2008-01-25 22:48 155648 C:\WINDOWS\system32\nvdai.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
-----c--- 2004-07-15 01:07 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
-----c--- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=3 (0x3)
"svcWRSSSDK"=2 (0x2)
"StarWindService"=2 (0x2)
"Speed Disk service"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"NProtectService"=2 (0x2)
"NPFMntor"=2 (0x2)
"navapsvc"=3 (0x3)
"LiveUpdate"=3 (0x3)
"LightScribeService"=2 (0x2)
"IDriverT"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" /tray
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"CTHelper"=CTHELPER.EXE
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27357:TCP"= 27357:TCP:BitComet 27357 TCP
"27357:UDP"= 27357:UDP:BitComet 27357 UDP
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"15955:TCP"= 15955:TCP:Soulseek
"26553:TCP"= 26553:TCP:BitComet 26553 TCP
"26553:UDP"= 26553:UDP:BitComet 26553 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R3 SaiClass;SaiClass;C:\WINDOWS\system32\drivers\SaiNtBus.sys [2003-04-10 26368]
R3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys [2003-03-24 632576]
S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\RHYTHM~1\LOCALS~1\Temp\DMSKSSRh.sys [ ]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 p2psvc;Peer Networking;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 SaiH0109;SaiH0109;C:\WINDOWS\system32\DRIVERS\SaiH0109.sys [2004-07-26 56576]
S3 SaiNtHid;SaiNtHid;C:\WINDOWS\system32\DRIVERS\SaiNtHid.sys [2003-04-10 48384]
S3 SaiNtSub;SaiNtSub;C:\WINDOWS\system32\DRIVERS\SaiNtSub.sys [2003-04-10 19200]
S3 SaiU0109;SaiU0109;C:\WINDOWS\system32\DRIVERS\SaiU0109.sys [2004-07-26 19584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bdd811b-beab-11db-90a8-00e04cba3783}]
\Shell\AutoRun\command - G:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecb7dfba-0b83-11db-b0b4-806d6172696f}]
\Shell\AutoRun\command - D:\Setup\rsrc\Autorun.exe
\Shell\dinstall\command - D:\Directx\dxsetup.exe
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
BHO-{03E3D45B-681C-481C-B6A3-0D08B12C4AB9} - (no file)
BHO-{267A6A6B-E859-4FA2-A6C9-4E661934D5CD} - (no file)
BHO-{B35A4AE9-BA1E-4927-875E-C9FDC0C56FB0} - (no file)
BHO-{EE5709D8-CD88-4A41-A03C-17CF5FE2648F} - C:\WINDOWS\system32\awtsTJBq.dll
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Explorer_Run-xAfxJVfYf1 - C:\Documents and Settings\All Users\Application Data\jkhklmvy\pclijyxw.exe
MSConfigStartUp-ALUAlert - C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
MSConfigStartUp-ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-PC Connection Agent - C:\PROGRA~1\MI3AA1~1\wcescomm.exe
MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-osCheck - C:\Program Files\Norton AntiVirus\osCheck.exe
MSConfigStartUp-Profiler - C:\Program Files\Saitek\Software\Profiler.exe
MSConfigStartUp-QUICKCARE - C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
MSConfigStartUp-SaiMfd - C:\Program Files\Saitek\Software\SaiMfd.exe
MSConfigStartUp-SaiSmart - C:\Program Files\Saitek\Software\SaiSmart.exe
MSConfigStartUp-SMSTray - C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
MSConfigStartUp-SweetIM - C:\Program Files\SweetIM\Messenger\SweetIM.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.comcast.net/a/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKLM-Main,Window Title = Windows Internet Explorer provided by Comcast
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s
O8 -: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-01 09:04:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-10-01 9:08:40 - machine was rebooted [Rhythmatix]
ComboFix-quarantined-files.txt 2008-10-01 16:08:35
Pre-Run: 201,390,292,992 bytes free
Post-Run: 201,254,006,784 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
329 --- E O F --- 2008-07-09 01:04:57
hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:43 AM, on 10/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE
C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\YouTube Converter\MoyeaCth.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: LimeWire On Startup.lnk.disabled
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O9 - Extra button: Acronis*Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Qwest Live - {6DA29277-47DD-4419-9DE7-DD7222BC0EA8} - http://qwest.live.com (file missing) (HKCU)
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.myhotcomments.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146910697796
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} -
O20 - AppInit_DLLs: xbrtyy.dll zpprob.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
--
End of file - 4966 bytes
uninstall_list
3ivx MPEG-4 5.0.2 (remove only)
Adobe Flash Player ActiveX
Adobe Reader 7.0.8
AVIcodec (remove only)
Bejeweled 2 Deluxe
Bink and Smacker
BitComet 0.93
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
CCleaner (remove only)
Cole2k Media - Codec Pack (Advanced)
Creative Audio Console
dBpowerAMP Compaact Mp4 Codec
dBpoweramp m4a Codec
dBpowerAMP Monkeys Audio Codec
dBpowerAMP Mp2 (ToLame CLI)
dBpowerAMP mp3PRO Input Codec
dBpowerAMP Mp4 & AAC Decode Codec
dBpowerAMP Mp4 Codec
dBpowerAMP Musepack Codec
dBpoweramp Music Converter
dBpowerAMP Nero Mp4 Codec
dBpoweramp Ogg Vorbis Codec
dBpowerAMP QuickTime Codec
dBpowerAMP Real Audio Codec
dBpowerAMP Wavepack Codec
dBpowerAMP WMA V9 Codec
dBpowerAMP WMA V9.1 Codec
DirectX Media Runtime 5.1
DivX Codec
DivX Converter
DivX Player
DivX Web Player
dMC Power Pack
Easy Video Joiner 5.21
EmoDio
EmoDio
EPSON Copy Utility 3
EPSON Printer Software
EPSON Scan
EPSON SPRX620 Reference Guide
Feeding Frenzy 2 1.0
FriendBlasterPro
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
J2SE Runtime Environment 5.0 Update 3
Lame ACM MP3 Codec
LEGO Star Wars II
LimeWire PRO 4.14.3
Magic ISO Maker v5.3 (build 0216)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Broadband Networking
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Moyea YouTube Converter Version: 1.5.1.155
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
MSXML4 Parser
MyFreeCodec
MySpaceIM
Nero 7 Demo
Nimo Lite Pack v1.0 (Remove Only)
NVIDIA Drivers
NVIDIA Windows 2000/XP nForce Drivers
Pcsx2 0.9.4 Watermoose
Puzzle Word
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
SoulSeek Client 156c
Sound Blaster
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
VideoLAN VLC media player 0.8.5
Windows Imaging Component
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XP Codec Pack
Xvid 1.1.3 final uninstall
Yahoo! Messenger
combofix log
ComboFix 08-09-30.03 - Rhythmatix 2008-10-01 8:53:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.660 [GMT -7:00]
Running from: C:\Documents and Settings\Rhythmatix\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rhythmatix\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Rhythmatix\Application Data\RACLE~1
C:\Program Files\Common Files\ystem3~1
C:\WINDOWS\2.exe
C:\WINDOWS\BMaf7b8bd7.txt
C:\WINDOWS\BMaf7b8bd7.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\aikyqcrc.dll
C:\WINDOWS\system32\awtsTJBq.dll
C:\WINDOWS\system32\blphcaetj0eg5n.scr
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\efcdAqNH.dll
C:\WINDOWS\system32\lphcaetj0eg5n.exe
C:\WINDOWS\system32\nmonubdq.dll
C:\WINDOWS\system32\qBJTstwa.ini
C:\WINDOWS\system32\qBJTstwa.ini2
C:\WINDOWS\system32\rtl60.bpl
C:\WINDOWS\system32\smbols~1
C:\WINDOWS\system32\smbols~1\s?mbols\
C:\WINDOWS\system32\udhmduwo.ini
C:\WINDOWS\system32\vrsarely.dll
C:\WINDOWS\system32\wnsintisv.exe
C:\WINDOWS\system32\xbrtyy.dll
C:\WINDOWS\system32\ylerasrv.ini
C:\WINDOWS\system32\zpprob.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Legacy_MCHINJDRV
-------\Legacy_NETWORK_MONITOR
-------\Service_Iprip
((((((((((((((((((((((((( Files Created from 2008-09-01 to 2008-10-01 )))))))))))))))))))))))))))))))
.
2008-12-21 21:59 . 2008-12-21 21:59 447,200 --a------ C:\WINDOWS\system32\OpenQuicktimeLib.dll
2008-12-21 21:59 . 2008-12-21 21:59 332,512 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll
2008-12-21 21:59 . 2008-12-21 21:59 25,312 --a------ C:\WINDOWS\system32\SamsungVfWCodec.dll
2008-12-21 21:59 . 2008-12-21 21:59 25,312 --a------ C:\WINDOWS\system32\DivXVfWCodec.dll
2008-12-21 21:58 . 2008-12-21 21:58 1,155,808 --a------ C:\WINDOWS\system32\3ivx.dll
2008-12-21 21:52 . 2008-12-21 21:52 66,272 --a------ C:\WINDOWS\system32\libfaac.dll
2008-09-30 06:48 . 2008-09-30 06:48 <DIR> d-------- C:\Documents and Settings\Rhythmatix\Application Data\Xilisoft Corporation
2008-09-30 06:47 . 2008-09-30 06:47 <DIR> d-------- C:\Program Files\Xilisoft
2008-09-30 05:41 . 2008-09-30 05:41 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-09-30 05:21 . 2008-09-30 06:56 <DIR> d-------- C:\Program Files\BitComet
2008-09-19 07:00 . 2008-09-19 07:00 90,112 --a------ C:\WINDOWS\system32\dcperwlc.exe
2008-09-19 06:50 . 2008-09-19 06:50 90,112 --a------ C:\WINDOWS\system32\lqzsjqza.exe
2008-09-19 06:45 . 2008-09-19 06:45 <DIR> d-------- C:\Program Files\Pcsx2_0.9.4
2008-09-13 01:31 . 2000-12-13 03:21 7,572,224 --a------ C:\WINDOWS\system32\CT8MGM.SF2
2008-09-13 01:27 . 2002-02-19 20:00 331,776 --a------ C:\WINDOWS\system32\CTMEDENG.DLL
2008-09-13 01:27 . 2001-09-18 03:00 139,264 --a------ C:\WINDOWS\system32\Video.skn
2008-09-13 01:27 . 2001-03-30 02:00 62,976 --a------ C:\WINDOWS\system32\CTDetres.dll
2008-09-13 01:27 . 1999-12-13 01:01 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2008-09-13 01:27 . 1999-11-18 01:00 25,088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE
2008-09-13 01:27 . 2000-04-20 01:00 24,576 --a------ C:\WINDOWS\system32\CTMERes.DLL
2008-09-13 01:27 . 1998-09-17 01:52 17,350 --a------ C:\WINDOWS\system32\CTDetect.hlp
2008-09-13 01:27 . 1998-09-17 01:52 641 --a------ C:\WINDOWS\system32\CTDetect.cnt
2008-09-13 01:25 . 2003-03-05 12:19 15,840 --a------ C:\WINDOWS\system32\pfmodnt.sys
2008-09-13 01:22 . 2008-04-13 11:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-09-13 01:22 . 2008-04-13 11:45 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-09-13 01:13 . 2008-09-13 01:13 94,208 --a------ C:\WINDOWS\system32\fepcnwbq.exe
2008-09-11 18:30 . 2008-09-11 18:30 <DIR> d-------- C:\Program Files\RADVideo
2008-09-11 18:02 . 2008-09-11 18:02 102,400 --a------ C:\WINDOWS\system32\adoxongh.exe
2008-09-11 02:32 . 2008-09-19 06:56 <DIR> d-------- C:\Program Files\Unity
2008-09-07 09:44 . 2008-09-04 13:59 165,888 --a------ C:\WINDOWS\system32\sav.cpl
2008-09-07 09:44 . 2008-09-07 09:44 116,228 --a------ C:\WINDOWS\system32\msxml71.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 15:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-30 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-30 11:58 --------- d-----w C:\Program Files\LimeWire
2008-09-30 11:27 --------- d-----w C:\Documents and Settings\Rhythmatix\Application Data\Moyea
2008-09-19 18:47 --------- d-----w C:\Program Files\Microsoft Broadband Networking
2008-09-13 12:17 --------- d-----w C:\Program Files\FriendBlasterPro
2008-09-13 08:33 --------- d-----w C:\Program Files\Creative
2008-09-13 08:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-13 08:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-12 01:46 --------- d-----w C:\Program Files\DivX
2008-09-03 18:17 --------- d-----w C:\Program Files\Soulseek
2008-09-03 07:08 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-09-03 07:07 --------- d-----w C:\Program Files\Mah Jong Quest
2008-09-01 03:46 --------- d-----w C:\Program Files\Smilebox
2008-08-23 01:08 --------- d-----w C:\Program Files\MySpace
2008-08-18 22:31 --------- d-----w C:\Program Files\QuickTime
2008-08-18 10:19 --------- d-----w C:\Program Files\Luxor 2
2008-08-14 11:31 720,896 ----a-w C:\WINDOWS\iun6002ev.exe
2008-08-14 11:31 --------- d-----w C:\Program Files\Bejeweled 2 Deluxe
2008-08-13 08:20 --------- d-----w C:\Program Files\Windows Desktop Search
2008-08-07 15:32 --------- d-----w C:\Documents and Settings\Rhythmatix\Application Data\DNA
2008-08-07 07:08 --------- d-----w C:\Documents and Settings\Rhythmatix\Application Data\BitTorrent
2008-07-03 01:34 65,024 ----a-w C:\WINDOWS\IFinst26.exe
2008-01-28 06:13 22,328 -c--a-w C:\Documents and Settings\Rhythmatix\Application Data\PnkBstrK.sys
2008-01-20 15:34 5,810 -c--a-w C:\Program Files\install.log
2007-03-16 13:21 131,072 -c--a-w C:\Documents and Settings\Rhythmatix\updatetmp.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo RX620 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE" [2004-05-19 98304]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe" [2003-02-17 53248]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"SbUsb AudCtrl"="sbusbdll.dll" [2003-03-11 C:\WINDOWS\system32\sbusbdll.dll]
C:\Documents and Settings\Rhythmatix\Start Menu\Programs\Startup\
LimeWire On Startup.lnk.disabled [2008-09-30 1553]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=xbrtyy.dll zpprob.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= DivXa32.acm
"vidc.X264"= x264vfw.dll
"vidc.hfyu"= huffyuv.dll
"vidc.3IV2"= 3ivxVfWCodec.dll
"vidc.SEDG"= SamsungVfWCodec.dll
"vidc.DX50"= DivXVfWCodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Broadband Networking.lnk]
backup=C:\WINDOWS\pss\Microsoft Broadband Networking.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton SystemWorks
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSRKey
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 17:12 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent]
--a--c--- 2008-05-26 20:13 57344 C:\Program Files\MarkAny\ContentSafer\MaAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 17:12 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvdai]
--ah----- 2008-01-25 22:48 155648 C:\WINDOWS\system32\nvdai.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
-----c--- 2004-07-15 01:07 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
-----c--- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=3 (0x3)
"svcWRSSSDK"=2 (0x2)
"StarWindService"=2 (0x2)
"Speed Disk service"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"NProtectService"=2 (0x2)
"NPFMntor"=2 (0x2)
"navapsvc"=3 (0x3)
"LiveUpdate"=3 (0x3)
"LightScribeService"=2 (0x2)
"IDriverT"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" /tray
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"CTHelper"=CTHELPER.EXE
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27357:TCP"= 27357:TCP:BitComet 27357 TCP
"27357:UDP"= 27357:UDP:BitComet 27357 UDP
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"15955:TCP"= 15955:TCP:Soulseek
"26553:TCP"= 26553:TCP:BitComet 26553 TCP
"26553:UDP"= 26553:UDP:BitComet 26553 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R3 SaiClass;SaiClass;C:\WINDOWS\system32\drivers\SaiNtBus.sys [2003-04-10 26368]
R3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys [2003-03-24 632576]
S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\RHYTHM~1\LOCALS~1\Temp\DMSKSSRh.sys [ ]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 p2psvc;Peer Networking;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 SaiH0109;SaiH0109;C:\WINDOWS\system32\DRIVERS\SaiH0109.sys [2004-07-26 56576]
S3 SaiNtHid;SaiNtHid;C:\WINDOWS\system32\DRIVERS\SaiNtHid.sys [2003-04-10 48384]
S3 SaiNtSub;SaiNtSub;C:\WINDOWS\system32\DRIVERS\SaiNtSub.sys [2003-04-10 19200]
S3 SaiU0109;SaiU0109;C:\WINDOWS\system32\DRIVERS\SaiU0109.sys [2004-07-26 19584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bdd811b-beab-11db-90a8-00e04cba3783}]
\Shell\AutoRun\command - G:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecb7dfba-0b83-11db-b0b4-806d6172696f}]
\Shell\AutoRun\command - D:\Setup\rsrc\Autorun.exe
\Shell\dinstall\command - D:\Directx\dxsetup.exe
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
BHO-{03E3D45B-681C-481C-B6A3-0D08B12C4AB9} - (no file)
BHO-{267A6A6B-E859-4FA2-A6C9-4E661934D5CD} - (no file)
BHO-{B35A4AE9-BA1E-4927-875E-C9FDC0C56FB0} - (no file)
BHO-{EE5709D8-CD88-4A41-A03C-17CF5FE2648F} - C:\WINDOWS\system32\awtsTJBq.dll
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Explorer_Run-xAfxJVfYf1 - C:\Documents and Settings\All Users\Application Data\jkhklmvy\pclijyxw.exe
MSConfigStartUp-ALUAlert - C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
MSConfigStartUp-ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-PC Connection Agent - C:\PROGRA~1\MI3AA1~1\wcescomm.exe
MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-osCheck - C:\Program Files\Norton AntiVirus\osCheck.exe
MSConfigStartUp-Profiler - C:\Program Files\Saitek\Software\Profiler.exe
MSConfigStartUp-QUICKCARE - C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
MSConfigStartUp-SaiMfd - C:\Program Files\Saitek\Software\SaiMfd.exe
MSConfigStartUp-SaiSmart - C:\Program Files\Saitek\Software\SaiSmart.exe
MSConfigStartUp-SMSTray - C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
MSConfigStartUp-SweetIM - C:\Program Files\SweetIM\Messenger\SweetIM.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.comcast.net/a/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKLM-Main,Window Title = Windows Internet Explorer provided by Comcast
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s
O8 -: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-01 09:04:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-10-01 9:08:40 - machine was rebooted [Rhythmatix]
ComboFix-quarantined-files.txt 2008-10-01 16:08:35
Pre-Run: 201,390,292,992 bytes free
Post-Run: 201,254,006,784 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
329 --- E O F --- 2008-07-09 01:04:57
hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:43 AM, on 10/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE
C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\YouTube Converter\MoyeaCth.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: LimeWire On Startup.lnk.disabled
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O9 - Extra button: Acronis*Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Qwest Live - {6DA29277-47DD-4419-9DE7-DD7222BC0EA8} - http://qwest.live.com (file missing) (HKCU)
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.myhotcomments.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146910697796
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} -
O20 - AppInit_DLLs: xbrtyy.dll zpprob.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
--
End of file - 4966 bytes
uninstall_list
3ivx MPEG-4 5.0.2 (remove only)
Adobe Flash Player ActiveX
Adobe Reader 7.0.8
AVIcodec (remove only)
Bejeweled 2 Deluxe
Bink and Smacker
BitComet 0.93
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
CCleaner (remove only)
Cole2k Media - Codec Pack (Advanced)
Creative Audio Console
dBpowerAMP Compaact Mp4 Codec
dBpoweramp m4a Codec
dBpowerAMP Monkeys Audio Codec
dBpowerAMP Mp2 (ToLame CLI)
dBpowerAMP mp3PRO Input Codec
dBpowerAMP Mp4 & AAC Decode Codec
dBpowerAMP Mp4 Codec
dBpowerAMP Musepack Codec
dBpoweramp Music Converter
dBpowerAMP Nero Mp4 Codec
dBpoweramp Ogg Vorbis Codec
dBpowerAMP QuickTime Codec
dBpowerAMP Real Audio Codec
dBpowerAMP Wavepack Codec
dBpowerAMP WMA V9 Codec
dBpowerAMP WMA V9.1 Codec
DirectX Media Runtime 5.1
DivX Codec
DivX Converter
DivX Player
DivX Web Player
dMC Power Pack
Easy Video Joiner 5.21
EmoDio
EmoDio
EPSON Copy Utility 3
EPSON Printer Software
EPSON Scan
EPSON SPRX620 Reference Guide
Feeding Frenzy 2 1.0
FriendBlasterPro
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
J2SE Runtime Environment 5.0 Update 3
Lame ACM MP3 Codec
LEGO Star Wars II
LimeWire PRO 4.14.3
Magic ISO Maker v5.3 (build 0216)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Broadband Networking
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Moyea YouTube Converter Version: 1.5.1.155
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
MSXML4 Parser
MyFreeCodec
MySpaceIM
Nero 7 Demo
Nimo Lite Pack v1.0 (Remove Only)
NVIDIA Drivers
NVIDIA Windows 2000/XP nForce Drivers
Pcsx2 0.9.4 Watermoose
Puzzle Word
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
SoulSeek Client 156c
Sound Blaster
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
VideoLAN VLC media player 0.8.5
Windows Imaging Component
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XP Codec Pack
Xvid 1.1.3 final uninstall
Yahoo! Messenger