ComboFix 09-01-08.01 - llong 2009-01-14 9:43:22.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.179 [GMT -7:00]
Running from: c:\documents and settings\llong\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\llong\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\llong\Application Data\LimeWire
c:\documents and settings\llong\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\llong\Application Data\LimeWire\createtimes.cache
c:\documents and settings\llong\Application Data\LimeWire\downloads.dat
c:\documents and settings\llong\Application Data\LimeWire\fileurns.bak
c:\documents and settings\llong\Application Data\LimeWire\fileurns.cache
c:\documents and settings\llong\Application Data\LimeWire\filters.props
c:\documents and settings\llong\Application Data\LimeWire\gnutella.net
c:\documents and settings\llong\Application Data\LimeWire\installation.props
c:\documents and settings\llong\Application Data\LimeWire\library.dat
c:\documents and settings\llong\Application Data\LimeWire\limewire.props
c:\documents and settings\llong\Application Data\LimeWire\mojito.props
c:\documents and settings\llong\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\llong\Application Data\LimeWire\promotion\promodb.lck
c:\documents and settings\llong\Application Data\LimeWire\promotion\promodb.log
c:\documents and settings\llong\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\llong\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\llong\Application Data\LimeWire\questions.props
c:\documents and settings\llong\Application Data\LimeWire\responses.cache
c:\documents and settings\llong\Application Data\LimeWire\simpp.xml
c:\documents and settings\llong\Application Data\LimeWire\spam.dat
c:\documents and settings\llong\Application Data\LimeWire\tables.props
c:\documents and settings\llong\Application Data\LimeWire\themes\limewire_theme.lwtp
c:\documents and settings\llong\Application Data\LimeWire\themes\limewire_theme\01_star.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\limewire_theme\02_star.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\limewire_theme\03_star.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\limewire_theme\04_star.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\limewire_theme\05_star.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\limewire_theme\chat.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\limewire_theme\kill.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\limewire_theme\lime.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\limewire_theme\play_up.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\limewire_theme\question.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\limewire_theme\theme.txt
c:\documents and settings\llong\Application Data\LimeWire\themes\limewire_theme\version.txt
c:\documents and settings\llong\Application Data\LimeWire\themes\limewire_theme\warning.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\llong\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\llong\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\llong\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\llong\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\llong\Application Data\LimeWire\version.xml
c:\documents and settings\llong\Application Data\LimeWire\versions.props
c:\documents and settings\llong\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\llong\Application Data\Twain
c:\program files\Webtools
.
((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))))
.
2100-02-23 14:35 . 2001-02-22 09:54 768 --a------ c:\program files\x73_lut.dat
2100-02-08 16:03 . 2001-05-11 11:39 53,248 --a------ c:\program files\ACMonitor_X73.exe
2009-01-02 14:53 . 2009-01-02 14:53 <DIR> d-------- c:\program files\Trend Micro
2008-12-30 09:05 . 2008-12-30 09:05 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-30 09:05 . 2008-12-30 09:05 1,409 --a------ c:\windows\QTFont.for
2008-12-23 15:35 . 2008-12-23 15:35 76,040 --a------ c:\windows\SYSTEM32\DRIVERS\avgtdix.sys
2008-12-23 15:35 . 2008-12-23 15:35 10,520 --a------ c:\windows\SYSTEM32\avgrsstx.dll
2008-12-23 15:34 . 2008-12-23 15:34 <DIR> d-------- c:\windows\SYSTEM32\DRIVERS\Avg
2008-12-23 15:34 . 2008-12-23 15:34 <DIR> d-------- c:\documents and settings\llong\Application Data\AVGTOOLBAR
2008-12-23 15:34 . 2008-12-23 15:34 97,928 --a------ c:\windows\SYSTEM32\DRIVERS\avgldx86.sys
2008-12-23 13:33 . 2008-12-23 13:33 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-12-23 13:33 . 2008-12-23 13:33 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-23 13:33 . 2008-12-23 13:33 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-23 13:33 . 2008-12-23 13:33 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-23 12:23 . 2008-12-23 12:23 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-23 11:19 . 2008-12-23 11:19 <DIR> d--hs---- C:\FOUND.000
2008-12-23 09:13 . 2008-12-23 09:13 <DIR> d-------- c:\program files\AVG
2008-12-23 09:13 . 2008-12-23 09:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-22 16:29 . 2008-12-22 16:28 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
2008-12-22 16:29 . 2008-12-22 16:28 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl
2008-12-22 16:27 . 2008-12-22 16:27 <DIR> d-------- c:\program files\Java
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-12-18 16:55 39,832 ----a-w c:\documents and settings\llong\Application Data\GDIPFONTCACHEV1.DAT
2006-03-04 17:38 113 ----a-w c:\documents and settings\llong\Application Data\fusioncache.dat
2002-03-11 23:04 806,944 ------w c:\program files\user.pca
2002-03-11 23:04 2,162,720 ------w c:\program files\system.pca
2001-07-26 23:58 47 ----a-w c:\program files\ACMonitor_X73.ini
2001-07-05 19:46 8,116 ----a-w c:\program files\OSLO3071b2.USB
2001-05-08 23:36 114,688 ----a-w c:\program files\lxarscan.dll
2001-04-23 21:22 1,437 ----a-w c:\program files\gtx73.ini
2000-06-16 19:26 271 --sh--w c:\program files\desktop.ini
2000-06-16 19:26 23,357 ---h--w c:\program files\folder.htt
2001-08-19 22:36 77,824 ----a-w c:\program files\internet explorer\plugins\IEHelper.dll
2005-07-14 21:20 8 --sh--w c:\windows\DRM\pdrm.dat
.
((((((((((((((((((((((((((((( snapshot@2009-01-08_17.01.21.71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-10 02:29:50 16,384 ----a-w c:\windows\TEMP\Perflib_Perfdata_5bc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eBot.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\eBot.lnk
backup=c:\windows\pss\eBot.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^llong^Start Menu^Programs^Startup^Virtual Bouncer.lnk]
path=c:\documents and settings\llong\Start Menu\Programs\Startup\Virtual Bouncer.lnk
backup=c:\windows\pss\Virtual Bouncer.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2008-12-23 15:33 1261336 c:\progra~1\AVG\AVG8\avgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 c:\windows\SYSTEM32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-12 13:38 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\SYSTEM32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2003-12-19 15:52 77824 c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-22 16:28 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
--a------ 2001-08-23 12:00 3072 c:\windows\SYSTEM32\systray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RDSessMgr"=3 (0x3)
"mnmsrvc"=3 (0x3)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"MMTray"=
"hpsysdrv"=c:\windows\SYSTEM32\hpsysdrv.exe
"Delay"=c:\windows\delayrun.exe
"MotiveMonitor"=c:\program files\Motive\motmon.exe
"WorksFUD"=c:\program files\Microsoft Works\wkfud.exe
"mgavrtclexe"=c:\windows\MCBin\AV\Rt\mgavrtcl.exe
"DJRegFix"=regedit /s c:\hp\djregfix.reg
"HPLogiFinder"=\WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
"LexmarkPrinTray"=PrinTray.exe
"Lexmark X73 Button Monitor"=c:\progra~1\LEXMAR~1\ACMonitor_X73.exe
"Lexmark X73 Button Manager"=c:\progra~1\LEXMAR~1\AcBtnMgr_X73.exe
"LexStart"=Lexstart.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2008-12-23 97928]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [2008-12-23 76040]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-22 24652]
S3 DCamUSBVeo532;Veo Web Camera;c:\windows\system32\Drivers\ubVeo532.sys --> c:\windows\system32\Drivers\ubVeo532.sys [?]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-23 875288]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-23 231704]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\c2ec5b36-1a6b-4e73-a7d8-e9e70107710c]
c:\windows\system32\huuxpz.exe
.
Contents of the 'Scheduled Tasks' folder
2009-01-08 c:\windows\Tasks\Maintenance-Defragment programs.job
- c:\windows\DEFRAG.EXE []
2009-01-14 c:\windows\Tasks\PCHealth Scheduler for Data Collection.job
- c:\windows\PCHEALTH\SUPPORT\PCHSCHD.EXE []
2009-01-01 c:\windows\Tasks\Maintenance-Disk cleanup.job
- c:\windows\CLEANMGR.EXE []
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = about:blank
mLocal Page = c:\windows\SYSTEM\blank.htm
mStart Page = hxxp://rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com
mWindow Title = Burke Net Inc.
mSearch Bar = hxxp://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = http=127.0.0.1:6711
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: E&xport to Microsoft Excel - c:\micros~1\Office10\EXCEL.EXE/3000
IE: {{3CB10829-C0BC-468a-AE91-E88AC48CB345} - c:\program files\PokerNow.net\PokerNownet.exe
O16 -: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\llong\Application Data\Mozilla\Firefox\Profiles\8yor3ehh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 09:48:12
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(496)
c:\windows\system32\avgrsstx.dll
- - - - - - - > 'lsass.exe'(560)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2009-01-14 9:52:01
ComboFix-quarantined-files.txt 2009-01-14 16:52:00
ComboFix2.txt 2009-01-09 00:04:58
Pre-Run: 7,702,020,096 bytes free
Post-Run: 7,689,830,400 bytes free
262
*****************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:34 PM, on 1/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\raiyneofgailin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/...//my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\LLONG\Application Data\Mozilla\Profiles\default\1gez0o44.slt\prefs.js)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: PokerNow.net - {3CB10829-C0BC-468a-AE91-E88AC48CB345} - C:\Program Files\PokerNow.net\PokerNownet.exe (file missing)
O9 - Extra 'Tools' menuitem: PokerNow.net - {3CB10829-C0BC-468a-AE91-E88AC48CB345} - C:\Program Files\PokerNow.net\PokerNownet.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Graffiti - http://download2.games.yahoo.com/gam...s/y/grt5_x.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1137730996369
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://worldkids.net/girl/girl9.gif
--
End of file - 5425 bytes