I can't quite figure out how I got nailed with avenger, but I did.. Here's the HJT log after Cleaning.. Please Digest this for me, as I've stared too long at the screen, Please!!!
Thank you in advance.
------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 00:05, on 2007-06-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
c:\program files\sitedevelopers.com\dynamic dns client .net edition - service\dyndnswinservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\YPOPs\YPOPs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\RunOnce: [TIF-Clean] c:\windows\TIF-CLN.BAT
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Startup: re-tif.bat
O4 - Startup: YPOPs.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: re-tif.bat
O4 - Global Startup: YPOPs.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Trillian - {2ef50289-0ea7-482e-a30b-4947a81e44cf} - C:\Program Files\Trillian\Trillian (file missing)
O9 - Extra 'Tools' menuitem: Trillian - {2ef50289-0ea7-482e-a30b-4947a81e44cf} - C:\Program Files\Trillian\Trillian (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1176917361203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1176917355296
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host-d.oddcast.com/hostClientIE.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA Personal Firewall ASEM - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Dynamic DNS Client for Windows (service) (dyndnsWin) - Mike Hacker - c:\program files\sitedevelopers.com\dynamic dns client .net edition - service\dyndnswinservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
------------------------------------------------------------------------------------------------------
Combo Fix Logs...
"gjdunga" - 2007-06-09 0:17:41 Service Pack 2 NTFS
ComboFix 07-06-3B - Running from: "C:\files\"
((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 )))))))))))))))))))))))))))))))
2007-06-08 23:55 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-08 00:15 d----c--- C:\Program Files\Lavasoft
2007-06-08 00:15 d----c--- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-08 00:15 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-07 22:24 81,024 --a--c--- C:\WINDOWS\system32\drivers\msfwdrv.sys
2007-06-07 22:24 105,856 --a--c--- C:\WINDOWS\system32\drivers\msfwhlpr.sys
2007-06-07 22:23 67,784 --a--c--- C:\WINDOWS\system32\drivers\MpFilter.sys
2007-06-07 22:21 d----c--- C:\Program Files\Microsoft Windows OneCare Live
2007-06-07 11:57 d----c--- C:\Program Files\Windows Live Safety Center
2007-06-07 01:29 86,056 --a--c--- C:\WINDOWS\system32\build_dol.exe
2007-06-04 15:18 9,344 --a--c--- C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a--c--- C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a--c--- C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-04 13:58 d----c--- C:\Program Files\autofind
2007-06-03 18:21 25,856 --a--c--- C:\WINDOWS\system32\drivers\usbprint.sys
2007-06-02 12:06 d----c--- C:\DOCUME~1\Guest\APPLIC~1\Palo Alto Software
2007-06-02 11:53 d----c--- C:\DOCUME~1\Guest\APPLIC~1\Talkback
2007-06-02 06:05 1,310,720 --ah----- C:\DOCUME~1\Guest\NTUSER.DAT
2007-05-27 21:48 20,992 --a--c--- C:\WINDOWS\jestertb.dll
2007-05-27 20:46 d----c--- C:\DOCUME~1\Gabriel\APPLIC~1\MobileAction
2007-05-27 20:40 d----c--- C:\Program Files\Mobile Action
2007-05-27 20:36 52,565 --a--c--- C:\WINDOWS\system32\drivers\mam4410u.sys
2007-05-27 20:36 49,867 --a--c--- C:\WINDOWS\system32\drivers\mardp2k.sys
2007-05-27 20:36 49,484 --a--c--- C:\WINDOWS\system32\drivers\mardpnp.sys
2007-05-27 20:36 36,586 --a--c--- C:\WINDOWS\system32\drivers\mavcomm.sys
2007-05-27 20:36 25,044 --a--c--- C:\WINDOWS\system32\drivers\mam4410m.sys
2007-05-27 20:36 24,789 --a--c--- C:\WINDOWS\system32\drivers\MaVctrl.sys
2007-05-27 20:36 24,784 --a--c--- C:\WINDOWS\system32\drivers\mam4410c.sys
2007-05-27 20:36 11,473 --a--c--- C:\WINDOWS\system32\drivers\MaVc2K.sys
2007-05-26 16:57 d----c--- C:\DOCUME~1\Gabriel\APPLIC~1\Palo Alto Software
2007-05-26 16:56 d----c--- C:\Program Files\Common Files\Intuit
2007-05-26 16:55 d----c--- C:\Program Files\Palo Alto Software
2007-05-26 16:55 d----c--- C:\Program Files\Common Files\Palo Alto Software
2007-05-26 16:55 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PAS
2007-05-26 16:55 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Palo Alto Software
2007-05-25 21:39 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
2007-05-25 21:38 57,344 -----c--- C:\WINDOWS\system32\mfc70enu.dll
2007-05-25 21:31 d----c--- C:\Program Files\Common Files\Macromedia Shared
2007-05-24 02:33 d----c--- C:\DOCUME~1\Gabriel\APPLIC~1\AdobeUM
2007-05-24 01:12 d----c--- C:\DOCUME~1\Gabriel\APPLIC~1\acccore
2007-05-24 01:12 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-05-24 01:12 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-05-24 01:11 d----c--- C:\Program Files\Viewpoint
2007-05-24 01:11 d----c--- C:\Program Files\Common Files\AOL
2007-05-24 01:11 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-05-24 01:10 d----c--- C:\Program Files\AIM6
2007-05-24 01:09 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-05-24 00:15 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-05-24 00:14 d----c--- C:\Program Files\Common Files\Adobe Systems Shared
2007-05-22 23:18 d----c--- C:\Program Files\Common Files\eEye Digital Security
2007-05-17 04:09 d----c--- C:\Grampas
2007-05-17 00:04 d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
2007-05-17 00:04 d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\DivX
2007-05-17 00:03 d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
2007-05-16 23:46 d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\Azureus
2007-05-16 17:18 d----c--- C:\Program Files\MagicISO
2007-05-16 15:10 d----c--- C:\Winxp
2007-05-16 15:10 d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR
2007-05-16 15:08 d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
2007-05-16 14:54 d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
2007-05-16 14:49 221,184 --a--c--- C:\WINDOWS\system32\wmpns.dll
2007-05-16 14:49 d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\Windows Desktop Search
2007-05-16 14:23 1,572,864 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-05-15 02:19 d----c--- C:\Program Files\Windows Installer Clean Up
2007-05-15 02:18 d----c--- C:\Program Files\MSECACHE
2007-05-15 01:53 d--hs---- C:\WINDOWS\CSC
2007-05-14 23:55 d----c--- C:\WINDOWS\system32\appmgmt
2007-05-14 22:28 d----c--- C:\DOCUME~1\Gabriel\Contacts
2007-05-14 22:27 d----c--- C:\WINDOWS\system32\DRVSTORE
2007-05-14 22:27 d----c--- C:\Program Files\MSN Messenger
2007-05-11 22:48 d----c--- C:\Program Files\MSXML 6.0
2007-05-11 12:10 8 --a--c--- C:\WINDOWS\system32\winsusrx.dll
2007-05-11 12:10 136 --a--c--- C:\WINDOWS\system32\winsusrm.dll
2007-05-11 12:10 d----c--- C:\WINDOWS\5374-8831-2029-7643-5722
2007-05-09 12:28 d----c--- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-09 11:00 d--h-c--- C:\WINDOWS\$hf_mig$
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-09 06:14:38 -------- dc----w C:\Program Files\YPOPs
2007-06-09 05:49:23 -------- dc----w C:\Program Files\Torrent-Search
2007-06-08 04:21:13 -------- dc----w C:\Program Files\DAEMON Tools
2007-06-07 17:51:03 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\Azureus
2007-06-02 19:05:54 -------- dc----w C:\Program Files\iTunes
2007-06-02 19:05:50 -------- dc----w C:\Program Files\iPod
2007-06-02 18:55:42 -------- dc----w C:\Program Files\Trillian
2007-06-02 07:29:04 -------- dc----w C:\Program Files\Azureus
2007-05-26 03:38:26 -------- dc-h--w C:\Program Files\InstallShield Installation Information
2007-05-24 07:10:43 335 -c--a-w C:\WINDOWS\nsreg.dat
2007-05-17 05:45:37 1,606 -c--a-w C:\WINDOWS\mozver.dat
2007-05-16 22:57:05 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-05-15 05:55:26 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\Apple Computer
2007-05-08 04:48:48 -------- dc----w C:\Program Files\Microsoft Office Outlook Connector
2007-05-03 13:45:36 -------- dc----w C:\Program Files\QuickTime
2007-05-03 13:42:10 -------- dc----w C:\Program Files\Apple Software Update
2007-04-30 02:01:57 2,560 -c--a-w C:\WINDOWS\_MSRSTRT.EXE
2007-04-29 19:08:02 -------- dc----w C:\Program Files\Smart Projects
2007-04-29 17:56:49 -------- dc----w C:\Program Files\SiteDevelopers.com
2007-04-29 04:18:30 3,919 -c--a-w C:\WINDOWS\tif-cln.bat
2007-04-28 21:41:58 -------- dc----w C:\Program Files\FileZilla
2007-04-22 09:40:54 57 -c--a-w C:\WINDOWS\sysdefrag.bat
2007-04-22 09:32:02 139 -c--a-w C:\WINDOWS\re-tif.bat
2007-04-22 07:30:59 -------- dc----w C:\Program Files\SysInternals
2007-04-20 23:06:28 -------- dc----w C:\Program Files\xwinlogon
2007-04-20 22:40:00 280,184 -c--a-w C:\WINDOWS\system32\DebugRpt.dll
2007-04-20 22:40:00 194,168 -c--a-w C:\WINDOWS\system32\LocalStorage.dll
2007-04-20 22:31:01 -------- dc----w C:\Program Files\WinSCP
2007-04-20 22:29:43 -------- dc----w C:\Program Files\PuTTY
2007-04-20 22:11:34 -------- dc----w C:\Program Files\CA
2007-04-18 22:22:26 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\Ahead
2007-04-18 16:12:23 2,854,400 -c--a-w C:\WINDOWS\system32\msi.dll
2007-04-17 04:47:36 33,624 -c--a-w C:\WINDOWS\system32\wups.dll
2007-04-17 04:45:54 1,710,936 -c--a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 04:45:48 549,720 -c--a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 04:45:42 325,976 -c--a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 04:45:36 203,096 -c--a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 04:45:28 92,504 -c--a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 04:45:20 53,080 -c--a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 04:45:20 43,352 -c--a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 04:44:20 271,224 -c--a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 04:44:18 208,248 -c--a-w C:\WINDOWS\system32\muweb.dll
2007-04-14 23:44:54 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\Windows Desktop Search
2007-04-14 23:43:11 -------- dc----w C:\Program Files\Windows Desktop Search
2007-04-14 23:30:22 -------- dc----w C:\Program Files\Common Files\Ahead
2007-04-14 23:29:29 -------- dc----w C:\Program Files\Nero
2007-04-14 23:05:04 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\Media Player Classic
2007-04-14 23:02:28 -------- dc----w C:\Program Files\K-Lite Codec Pack
2007-04-14 22:19:42 -------- dc----w C:\Program Files\Alcohol Soft
2007-04-14 21:54:16 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\WinRAR
2007-04-14 18:30:17 -------- dc----w C:\Program Files\Microsoft Works
2007-04-14 18:27:31 -------- dc----w C:\Program Files\Microsoft.NET
2007-04-14 18:22:55 -------- dc----w C:\Program Files\Microsoft Visual Studio 8
2007-04-14 07:17:32 -------- dc----w C:\Program Files\MSXML 4.0
2007-04-14 07:12:26 -------- dc----w C:\Program Files\Debugging Tools for Windows
2007-04-14 06:55:04 124,288 -c--a-w C:\WINDOWS\Contig.exe
2007-04-14 06:54:16 25,992 -c--a-w C:\WINDOWS\system32\pgdfgsvc.exe
2007-04-14 05:57:26 -------- dc----w C:\Program Files\MSBuild
2007-04-14 05:52:05 -------- dc----w C:\Program Files\Reference Assemblies
2007-04-14 05:51:05 -------- dc----w C:\Program Files\Windows Media Connect 2
2007-04-14 05:42:30 -------- dc----w C:\Program Files\Messenger
2007-04-14 05:11:15 -------- dc----w C:\Program Files\Movie Maker
2007-04-14 05:10:03 -------- dc----w C:\Program Files\Windows NT
2007-04-14 04:33:58 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\Talkback
2007-04-14 03:51:58 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\Creative
2007-04-14 03:51:57 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\Help
2007-04-14 03:50:17 -------- dc----w C:\Program Files\Creative
2007-04-14 03:41:22 -------- dc----w C:\Program Files\Common Files\InstallShield
2007-04-14 03:39:15 -------- dc----w C:\Program Files\Windows Media Components
2007-04-14 03:38:36 -------- dc----w C:\Program Files\Common Files\CyberLink
2007-04-14 03:33:57 -------- dc----w C:\Program Files\ATI Technologies
2007-04-14 02:02:54 -------- dc----w C:\Program Files\microsoft frontpage
2007-04-14 02:02:26 0 -csha-r C:\MSDOS.SYS
2007-04-14 02:02:26 0 -csha-r C:\IO.SYS
2007-04-14 02:02:26 0 -c--a-w C:\CONFIG.SYS
2007-04-14 02:02:26 0 -c--a-w C:\AUTOEXEC.BAT
2007-04-14 01:59:58 -------- dc----w C:\Program Files\Common Files\MSSoap
2007-04-14 01:59:06 21,640 -c--a-w C:\WINDOWS\system32\emptyregdb.dat
2007-04-14 01:58:41 -------- dc-h--w C:\Program Files\WindowsUpdate
2007-04-14 01:58:29 -------- dc----w C:\Program Files\MSN Gaming Zone
2007-04-13 21:19:52 7,680 -c--a-w C:\WINDOWS\system32\lsdelete.exe
2007-04-13 19:49:35 -------- dc----w C:\Program Files\Common Files\ODBC
2007-04-13 19:49:32 -------- dc----w C:\Program Files\Common Files\SpeechEngines
2007-04-05 21:00:06 119,296 -c--a-w C:\WINDOWS\system32\zlibwapi.dll
2007-04-05 21:00:06 119,296 -c--a-w C:\WINDOWS\system32\zlib.dll
2007-03-23 12:07:56 1,683,280 -c--a-w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 12:07:54 583,504 -c--a-w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-23 02:25:02 124,928 -c--a-w C:\WINDOWS\system32\prntvpt.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 01:27:58 972,336 -c--a-w C:\WINDOWS\UNRecode.exe
2007-03-15 01:19:56 95,864 -c--a-w C:\WINDOWS\system32\NeroCo.dll
2007-03-15 01:19:26 972,336 -c--a-w C:\WINDOWS\UNNeroBackItUp.exe
2007-03-12 19:51:08 972,336 -c--a-w C:\WINDOWS\UNNeroMediaHome.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 00:48]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 16:10]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
"@"="" []
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-05-16 09:35]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 16:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"TIF-Clean"=c:\windows\TIF-CLN.BAT
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"="C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\OneCareMP]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun\splash.hta
Contents of the 'Scheduled Tasks' folder
2007-06-07 02:12:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
**************************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-09 00:19:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-09 0:20:47
--- E O F ---
Thank you in advance.
------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 00:05, on 2007-06-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
c:\program files\sitedevelopers.com\dynamic dns client .net edition - service\dyndnswinservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\YPOPs\YPOPs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\RunOnce: [TIF-Clean] c:\windows\TIF-CLN.BAT
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Startup: re-tif.bat
O4 - Startup: YPOPs.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: re-tif.bat
O4 - Global Startup: YPOPs.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Trillian - {2ef50289-0ea7-482e-a30b-4947a81e44cf} - C:\Program Files\Trillian\Trillian (file missing)
O9 - Extra 'Tools' menuitem: Trillian - {2ef50289-0ea7-482e-a30b-4947a81e44cf} - C:\Program Files\Trillian\Trillian (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1176917361203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1176917355296
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host-d.oddcast.com/hostClientIE.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA Personal Firewall ASEM - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Dynamic DNS Client for Windows (service) (dyndnsWin) - Mike Hacker - c:\program files\sitedevelopers.com\dynamic dns client .net edition - service\dyndnswinservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
------------------------------------------------------------------------------------------------------
Combo Fix Logs...
"gjdunga" - 2007-06-09 0:17:41 Service Pack 2 NTFS
ComboFix 07-06-3B - Running from: "C:\files\"
((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 )))))))))))))))))))))))))))))))
2007-06-08 23:55 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-08 00:15 d----c--- C:\Program Files\Lavasoft
2007-06-08 00:15 d----c--- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-08 00:15 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-07 22:24 81,024 --a--c--- C:\WINDOWS\system32\drivers\msfwdrv.sys
2007-06-07 22:24 105,856 --a--c--- C:\WINDOWS\system32\drivers\msfwhlpr.sys
2007-06-07 22:23 67,784 --a--c--- C:\WINDOWS\system32\drivers\MpFilter.sys
2007-06-07 22:21 d----c--- C:\Program Files\Microsoft Windows OneCare Live
2007-06-07 11:57 d----c--- C:\Program Files\Windows Live Safety Center
2007-06-07 01:29 86,056 --a--c--- C:\WINDOWS\system32\build_dol.exe
2007-06-04 15:18 9,344 --a--c--- C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a--c--- C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a--c--- C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-04 13:58 d----c--- C:\Program Files\autofind
2007-06-03 18:21 25,856 --a--c--- C:\WINDOWS\system32\drivers\usbprint.sys
2007-06-02 12:06 d----c--- C:\DOCUME~1\Guest\APPLIC~1\Palo Alto Software
2007-06-02 11:53 d----c--- C:\DOCUME~1\Guest\APPLIC~1\Talkback
2007-06-02 06:05 1,310,720 --ah----- C:\DOCUME~1\Guest\NTUSER.DAT
2007-05-27 21:48 20,992 --a--c--- C:\WINDOWS\jestertb.dll
2007-05-27 20:46 d----c--- C:\DOCUME~1\Gabriel\APPLIC~1\MobileAction
2007-05-27 20:40 d----c--- C:\Program Files\Mobile Action
2007-05-27 20:36 52,565 --a--c--- C:\WINDOWS\system32\drivers\mam4410u.sys
2007-05-27 20:36 49,867 --a--c--- C:\WINDOWS\system32\drivers\mardp2k.sys
2007-05-27 20:36 49,484 --a--c--- C:\WINDOWS\system32\drivers\mardpnp.sys
2007-05-27 20:36 36,586 --a--c--- C:\WINDOWS\system32\drivers\mavcomm.sys
2007-05-27 20:36 25,044 --a--c--- C:\WINDOWS\system32\drivers\mam4410m.sys
2007-05-27 20:36 24,789 --a--c--- C:\WINDOWS\system32\drivers\MaVctrl.sys
2007-05-27 20:36 24,784 --a--c--- C:\WINDOWS\system32\drivers\mam4410c.sys
2007-05-27 20:36 11,473 --a--c--- C:\WINDOWS\system32\drivers\MaVc2K.sys
2007-05-26 16:57 d----c--- C:\DOCUME~1\Gabriel\APPLIC~1\Palo Alto Software
2007-05-26 16:56 d----c--- C:\Program Files\Common Files\Intuit
2007-05-26 16:55 d----c--- C:\Program Files\Palo Alto Software
2007-05-26 16:55 d----c--- C:\Program Files\Common Files\Palo Alto Software
2007-05-26 16:55 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PAS
2007-05-26 16:55 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Palo Alto Software
2007-05-25 21:39 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
2007-05-25 21:38 57,344 -----c--- C:\WINDOWS\system32\mfc70enu.dll
2007-05-25 21:31 d----c--- C:\Program Files\Common Files\Macromedia Shared
2007-05-24 02:33 d----c--- C:\DOCUME~1\Gabriel\APPLIC~1\AdobeUM
2007-05-24 01:12 d----c--- C:\DOCUME~1\Gabriel\APPLIC~1\acccore
2007-05-24 01:12 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-05-24 01:12 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-05-24 01:11 d----c--- C:\Program Files\Viewpoint
2007-05-24 01:11 d----c--- C:\Program Files\Common Files\AOL
2007-05-24 01:11 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-05-24 01:10 d----c--- C:\Program Files\AIM6
2007-05-24 01:09 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-05-24 00:15 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-05-24 00:14 d----c--- C:\Program Files\Common Files\Adobe Systems Shared
2007-05-22 23:18 d----c--- C:\Program Files\Common Files\eEye Digital Security
2007-05-17 04:09 d----c--- C:\Grampas
2007-05-17 00:04 d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
2007-05-17 00:04 d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\DivX
2007-05-17 00:03 d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
2007-05-16 23:46 d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\Azureus
2007-05-16 17:18 d----c--- C:\Program Files\MagicISO
2007-05-16 15:10 d----c--- C:\Winxp
2007-05-16 15:10 d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR
2007-05-16 15:08 d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
2007-05-16 14:54 d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
2007-05-16 14:49 221,184 --a--c--- C:\WINDOWS\system32\wmpns.dll
2007-05-16 14:49 d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\Windows Desktop Search
2007-05-16 14:23 1,572,864 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-05-15 02:19 d----c--- C:\Program Files\Windows Installer Clean Up
2007-05-15 02:18 d----c--- C:\Program Files\MSECACHE
2007-05-15 01:53 d--hs---- C:\WINDOWS\CSC
2007-05-14 23:55 d----c--- C:\WINDOWS\system32\appmgmt
2007-05-14 22:28 d----c--- C:\DOCUME~1\Gabriel\Contacts
2007-05-14 22:27 d----c--- C:\WINDOWS\system32\DRVSTORE
2007-05-14 22:27 d----c--- C:\Program Files\MSN Messenger
2007-05-11 22:48 d----c--- C:\Program Files\MSXML 6.0
2007-05-11 12:10 8 --a--c--- C:\WINDOWS\system32\winsusrx.dll
2007-05-11 12:10 136 --a--c--- C:\WINDOWS\system32\winsusrm.dll
2007-05-11 12:10 d----c--- C:\WINDOWS\5374-8831-2029-7643-5722
2007-05-09 12:28 d----c--- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-09 11:00 d--h-c--- C:\WINDOWS\$hf_mig$
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-09 06:14:38 -------- dc----w C:\Program Files\YPOPs
2007-06-09 05:49:23 -------- dc----w C:\Program Files\Torrent-Search
2007-06-08 04:21:13 -------- dc----w C:\Program Files\DAEMON Tools
2007-06-07 17:51:03 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\Azureus
2007-06-02 19:05:54 -------- dc----w C:\Program Files\iTunes
2007-06-02 19:05:50 -------- dc----w C:\Program Files\iPod
2007-06-02 18:55:42 -------- dc----w C:\Program Files\Trillian
2007-06-02 07:29:04 -------- dc----w C:\Program Files\Azureus
2007-05-26 03:38:26 -------- dc-h--w C:\Program Files\InstallShield Installation Information
2007-05-24 07:10:43 335 -c--a-w C:\WINDOWS\nsreg.dat
2007-05-17 05:45:37 1,606 -c--a-w C:\WINDOWS\mozver.dat
2007-05-16 22:57:05 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-05-15 05:55:26 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\Apple Computer
2007-05-08 04:48:48 -------- dc----w C:\Program Files\Microsoft Office Outlook Connector
2007-05-03 13:45:36 -------- dc----w C:\Program Files\QuickTime
2007-05-03 13:42:10 -------- dc----w C:\Program Files\Apple Software Update
2007-04-30 02:01:57 2,560 -c--a-w C:\WINDOWS\_MSRSTRT.EXE
2007-04-29 19:08:02 -------- dc----w C:\Program Files\Smart Projects
2007-04-29 17:56:49 -------- dc----w C:\Program Files\SiteDevelopers.com
2007-04-29 04:18:30 3,919 -c--a-w C:\WINDOWS\tif-cln.bat
2007-04-28 21:41:58 -------- dc----w C:\Program Files\FileZilla
2007-04-22 09:40:54 57 -c--a-w C:\WINDOWS\sysdefrag.bat
2007-04-22 09:32:02 139 -c--a-w C:\WINDOWS\re-tif.bat
2007-04-22 07:30:59 -------- dc----w C:\Program Files\SysInternals
2007-04-20 23:06:28 -------- dc----w C:\Program Files\xwinlogon
2007-04-20 22:40:00 280,184 -c--a-w C:\WINDOWS\system32\DebugRpt.dll
2007-04-20 22:40:00 194,168 -c--a-w C:\WINDOWS\system32\LocalStorage.dll
2007-04-20 22:31:01 -------- dc----w C:\Program Files\WinSCP
2007-04-20 22:29:43 -------- dc----w C:\Program Files\PuTTY
2007-04-20 22:11:34 -------- dc----w C:\Program Files\CA
2007-04-18 22:22:26 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\Ahead
2007-04-18 16:12:23 2,854,400 -c--a-w C:\WINDOWS\system32\msi.dll
2007-04-17 04:47:36 33,624 -c--a-w C:\WINDOWS\system32\wups.dll
2007-04-17 04:45:54 1,710,936 -c--a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 04:45:48 549,720 -c--a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 04:45:42 325,976 -c--a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 04:45:36 203,096 -c--a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 04:45:28 92,504 -c--a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 04:45:20 53,080 -c--a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 04:45:20 43,352 -c--a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 04:44:20 271,224 -c--a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 04:44:18 208,248 -c--a-w C:\WINDOWS\system32\muweb.dll
2007-04-14 23:44:54 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\Windows Desktop Search
2007-04-14 23:43:11 -------- dc----w C:\Program Files\Windows Desktop Search
2007-04-14 23:30:22 -------- dc----w C:\Program Files\Common Files\Ahead
2007-04-14 23:29:29 -------- dc----w C:\Program Files\Nero
2007-04-14 23:05:04 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\Media Player Classic
2007-04-14 23:02:28 -------- dc----w C:\Program Files\K-Lite Codec Pack
2007-04-14 22:19:42 -------- dc----w C:\Program Files\Alcohol Soft
2007-04-14 21:54:16 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\WinRAR
2007-04-14 18:30:17 -------- dc----w C:\Program Files\Microsoft Works
2007-04-14 18:27:31 -------- dc----w C:\Program Files\Microsoft.NET
2007-04-14 18:22:55 -------- dc----w C:\Program Files\Microsoft Visual Studio 8
2007-04-14 07:17:32 -------- dc----w C:\Program Files\MSXML 4.0
2007-04-14 07:12:26 -------- dc----w C:\Program Files\Debugging Tools for Windows
2007-04-14 06:55:04 124,288 -c--a-w C:\WINDOWS\Contig.exe
2007-04-14 06:54:16 25,992 -c--a-w C:\WINDOWS\system32\pgdfgsvc.exe
2007-04-14 05:57:26 -------- dc----w C:\Program Files\MSBuild
2007-04-14 05:52:05 -------- dc----w C:\Program Files\Reference Assemblies
2007-04-14 05:51:05 -------- dc----w C:\Program Files\Windows Media Connect 2
2007-04-14 05:42:30 -------- dc----w C:\Program Files\Messenger
2007-04-14 05:11:15 -------- dc----w C:\Program Files\Movie Maker
2007-04-14 05:10:03 -------- dc----w C:\Program Files\Windows NT
2007-04-14 04:33:58 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\Talkback
2007-04-14 03:51:58 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\Creative
2007-04-14 03:51:57 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\Help
2007-04-14 03:50:17 -------- dc----w C:\Program Files\Creative
2007-04-14 03:41:22 -------- dc----w C:\Program Files\Common Files\InstallShield
2007-04-14 03:39:15 -------- dc----w C:\Program Files\Windows Media Components
2007-04-14 03:38:36 -------- dc----w C:\Program Files\Common Files\CyberLink
2007-04-14 03:33:57 -------- dc----w C:\Program Files\ATI Technologies
2007-04-14 02:02:54 -------- dc----w C:\Program Files\microsoft frontpage
2007-04-14 02:02:26 0 -csha-r C:\MSDOS.SYS
2007-04-14 02:02:26 0 -csha-r C:\IO.SYS
2007-04-14 02:02:26 0 -c--a-w C:\CONFIG.SYS
2007-04-14 02:02:26 0 -c--a-w C:\AUTOEXEC.BAT
2007-04-14 01:59:58 -------- dc----w C:\Program Files\Common Files\MSSoap
2007-04-14 01:59:06 21,640 -c--a-w C:\WINDOWS\system32\emptyregdb.dat
2007-04-14 01:58:41 -------- dc-h--w C:\Program Files\WindowsUpdate
2007-04-14 01:58:29 -------- dc----w C:\Program Files\MSN Gaming Zone
2007-04-13 21:19:52 7,680 -c--a-w C:\WINDOWS\system32\lsdelete.exe
2007-04-13 19:49:35 -------- dc----w C:\Program Files\Common Files\ODBC
2007-04-13 19:49:32 -------- dc----w C:\Program Files\Common Files\SpeechEngines
2007-04-05 21:00:06 119,296 -c--a-w C:\WINDOWS\system32\zlibwapi.dll
2007-04-05 21:00:06 119,296 -c--a-w C:\WINDOWS\system32\zlib.dll
2007-03-23 12:07:56 1,683,280 -c--a-w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 12:07:54 583,504 -c--a-w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-23 02:25:02 124,928 -c--a-w C:\WINDOWS\system32\prntvpt.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 01:27:58 972,336 -c--a-w C:\WINDOWS\UNRecode.exe
2007-03-15 01:19:56 95,864 -c--a-w C:\WINDOWS\system32\NeroCo.dll
2007-03-15 01:19:26 972,336 -c--a-w C:\WINDOWS\UNNeroBackItUp.exe
2007-03-12 19:51:08 972,336 -c--a-w C:\WINDOWS\UNNeroMediaHome.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 00:48]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 16:10]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
"@"="" []
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-05-16 09:35]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 16:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"TIF-Clean"=c:\windows\TIF-CLN.BAT
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"="C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\OneCareMP]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun\splash.hta
Contents of the 'Scheduled Tasks' folder
2007-06-07 02:12:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
**************************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-09 00:19:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-09 0:20:47
--- E O F ---