"Administrator" - 2007-05-21 16:48:08 Service Pack 2 [SAFE MODE]
ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\Andy\Desktop\"
((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-21 ))))))))))))))))))))))))))))))))))
2007-05-21 14:24 d-------- C:\!KillBox
2007-05-20 13:03 d-------- C:\DOCUME~1\Andy\APPLIC~1\InstallShield Installation Information
2007-05-20 09:09 d-------- C:\Program Files\vcmm
2007-05-18 18:25 d-------- C:\Program Files\TVUPlayer
2007-05-18 07:50 d-------- C:\DOCUME~1\Andy\APPLIC~1\WinRAR
2007-05-14 07:52 d-------- C:\Program Files\A-one DVD Ripper
2007-05-13 15:14 d-------- C:\Program Files\Delta Virtual
2007-05-12 16:24 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-05-12 14:07 C:\WINDOWS\PMDG 747-400 All In One 747-400F CARGO
2007-05-11 16:38 245,760 --a------ C:\Program Files\Uninstall Ask Toolbar.dll
2007-05-11 07:52 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-11 07:51 d-------- C:\WINDOWS\system32\ActiveScan
2007-05-11 07:46 d-------- C:\Program Files\Trymedia
2007-05-11 07:45 d-------- C:\Program Files\Valusoft
2007-05-10 03:08 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-09 16:09 d-------- C:\Program Files\WhatPulse
2007-05-09 11:55 d-------- C:\Program Files\VRC
2007-05-08 19:58 d-------- C:\DOCUME~1\Scot\APPLIC~1\OpenOffice.org2
2007-05-08 10:37 d-------- C:\DOCUME~1\Agatha\APPLIC~1\AdobeUM
2007-05-07 19:25 d-------- C:\Program Files\Common Files\ODBC
2007-05-06 11:42 d-------- C:\Program Files\KH Blocker
2007-05-05 18:08 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
2007-05-05 18:08 d-------- C:\Program Files\GeoVid
2007-05-05 18:08 d-------- C:\DOCUME~1\Andy\APPLIC~1\GeoVid
2007-04-30 18:55 d-------- C:\Program Files\EasyPHP1-7
2007-04-30 18:30 d-------- C:\Program Files\EasyPHP 2.0b1
2007-04-28 19:59 d-------- C:\JBLS
2007-04-27 18:28 d-------- C:\WINDOWS\.jagex_cache_32
2007-04-25 19:09 d-------- C:\Program Files\Whiz Kid Technomagic
2007-04-23 20:05 d-------- C:\DOCUME~1\Andy\APPLIC~1\MusicIP
2007-04-23 20:04 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-04-23 20:04 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-23 20:04 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-04-23 20:04 d-------- C:\Program Files\Winamp
2007-04-22 18:41 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-21 21:45:40 -------- d-----w C:\Program Files\FlashGet
2007-05-21 20:06:47 -------- d-----w C:\Program Files\StarCraft
2007-05-21 14:03:24 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-21 14:02:44 -------- d-----w C:\Program Files\Microsoft Games
2007-05-21 02:37:18 -------- d-----w C:\Program Files\EA Games
2007-05-20 18:02:55 -------- d-----w C:\Program Files\Rockstar Games
2007-05-16 14:51:57 -------- d-----w C:\Program Files\Windows Defender
2007-05-16 14:50:42 -------- d-----w C:\Program Files\SUPERAntiSpyware
2007-05-16 14:24:03 -------- d-----w C:\Program Files\Google
2007-05-16 14:21:43 -------- d-----w C:\Program Files\DellSupport
2007-05-16 14:19:45 -------- d-----w C:\Program Files\DAEMON Tools
2007-05-16 14:14:56 -------- d-----w C:\Program Files\Bonjour
2007-05-16 12:34:38 -------- d-----w C:\Program Files\Ares
2007-05-16 02:05:02 -------- d-----w C:\Program Files\iTunes
2007-05-15 01:25:38 -------- d-----w C:\DOCUME~1\Administrator.DD4M5L91\Application Data\Talkback
2007-05-12 21:29:21 -------- d-----w C:\Program Files\Azureus
2007-05-11 14:38:20 -------- d-----w C:\Program Files\SmartFTP Client 2.0
2007-05-11 14:34:50 -------- d-----w C:\Program Files\MSN Messenger
2007-05-11 14:20:40 -------- d-----w C:\Program Files\Messenger
2007-05-11 14:06:25 -------- d-----w C:\Program Files\AIM
2007-05-09 20:53:46 -------- d-----w C:\Program Files\ASRC
2007-05-07 12:23:57 -------- d-----w C:\Program Files\PeerGuardian2
2007-05-06 16:49:42 -------- d-----w C:\Program Files\Common Files\Corel
2007-05-06 16:47:33 -------- d-----w C:\Program Files\Ahead
2007-05-06 16:46:57 -------- d-----w C:\Program Files\Yahoo!
2007-05-06 16:46:55 -------- d-----w C:\Program Files\WordPerfect Office 12
2007-05-06 16:46:53 -------- d-----w C:\Program Files\UltraVNC
2007-05-06 16:46:53 -------- d-----w C:\Program Files\UltraISO
2007-05-06 16:46:51 -------- d-----w C:\Program Files\QuickTime
2007-05-06 16:46:47 -------- d-----w C:\Program Files\mIRC
2007-05-06 16:46:45 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-05-06 16:46:42 -------- d-----w C:\Program Files\Intel
2007-05-06 16:46:22 -------- d-----w C:\Program Files\HP
2007-05-06 16:46:11 -------- d-----w C:\Program Files\Dell
2007-05-06 16:46:11 -------- d-----w C:\Program Files\DAP
2007-05-06 16:46:03 -------- d-----w C:\Program Files\AOL 9.0
2007-05-06 13:06:49 -------- d-----w C:\Program Files\lg_fwupdate
2007-04-29 01:06:01 -------- d-----w C:\Program Files\StealthBot
2007-04-28 17:43:37 1,328 ----a-w C:\FSUIPC_reg.bin
2007-04-26 00:35:47 -------- d-----w C:\Program Files\SquawkBox3
2007-04-25 22:18:02 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-04-21 00:51:19 -------- d-----w C:\Program Files\lolifox
2007-04-19 02:43:08 -------- d-----w C:\Program Files\LucasArts
2007-04-18 21:56:18 -------- d-----w C:\Program Files\SystemRequirementsLab
2007-04-17 01:57:55 -------- d-----w C:\Program Files\Internal Workings
2007-04-16 23:19:36 -------- d-----w C:\Program Files\BayGenie
2007-04-16 21:49:17 -------- d-----w C:\Program Files\Microsoft Calculator Plus
2007-04-16 00:42:02 -------- d-----w C:\Program Files\Avi2Dvd
2007-04-13 17:06:51 -------- d-s---w C:\Program Files\Xfire
2007-04-13 16:18:29 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-04-08 18:47:24 -------- d-----w C:\Program Files\Vstplugins
2007-04-08 18:46:53 -------- d-----w C:\Program Files\Image-Line
2007-04-07 19:38:47 -------- d-----w C:\Program Files\Warcraft III
2007-04-07 16:41:35 23,042 ----a-w C:\WINDOWS\War3Unin.dat
2007-04-07 16:40:52 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2007-04-07 16:40:52 126,976 ----a-w C:\WINDOWS\War3Unin.exe
2007-04-06 17:44:42 -------- d-----w C:\Program Files\Veoh Networks
2007-04-06 13:13:18 -------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-04-06 00:31:50 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-04-06 00:31:49 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2007-04-06 00:31:48 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2007-04-03 02:23:55 11,708 ----a-w C:\WINDOWS\scunin.dat
2007-04-03 02:23:52 967 ----a-w C:\WINDOWS\ScUnin.pif
2007-04-03 02:23:52 68,096 ----a-w C:\WINDOWS\ScUnin.exe
2007-04-03 00:14:31 -------- d-----w C:\Program Files\Starcraft Shareware(ED)
2007-04-02 13:23:36 6,150 ----a-w C:\WINDOWS\scedunin.dat
2007-04-02 13:23:34 967 ----a-w C:\WINDOWS\ScEdUnin.pif
2007-04-02 13:23:34 68,608 ----a-w C:\WINDOWS\ScEdUnin.exe
2007-04-02 13:05:22 286,720 ----a-w C:\WINDOWS\iun503.exe
2007-04-01 21:50:35 -------- d-----w C:\Program Files\TCE 1997
2007-04-01 21:11:30 -------- d-----w C:\Program Files\Bus Driver
2007-04-01 13:35:30 -------- d-----w C:\Program Files\Vopt8
2007-03-31 20:01:10 -------- d-----w C:\Program Files\LimeWire
2007-03-30 23:06:21 -------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-03-30 17:29:06 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-03-30 15:00:19 -------- d-----w C:\Program Files\Napster
2007-03-29 21:39:45 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-03-28 02:05:02 -------- d-----w C:\Program Files\ConsoleClassix.com
2007-03-27 00:23:17 -------- d-----w C:\Program Files\Microsoft SQL Server
2007-03-27 00:20:26 -------- d-----w C:\Program Files\Sony
2007-03-27 00:18:06 -------- d-----w C:\Program Files\Sony Setup
2007-03-26 14:13:51 -------- d-----w C:\Program Files\Common Files\AOL
2007-03-25 19:42:39 -------- d-----w C:\Program Files\CureROM
2007-03-24 15:12:59 -------- d-----w C:\Program Files\AV Vcs 4.0 DIAMOND
2007-03-23 03:10:43 4,012 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-03-23 01:52:46 -------- d-----w C:\Program Files\HistoricalScreensavers.com
2007-03-23 01:52:38 13,636,529 ----a-w C:\WINDOWS\system32\Old Time Baseball Screensaver.scr
2007-03-22 02:09:15 -------- d-----w C:\Program Files\Dell Support Center
2007-03-22 02:09:02 -------- d-----w C:\Program Files\Common Files\supportsoft
2007-03-21 01:14:49 -------- d-----w C:\Program Files\Audacity
2007-03-19 23:06:26 -------- d-----w C:\Program Files\InternetCalls.com
2007-03-19 04:17:13 -------- d-----w C:\Program Files\AskTBar
2007-03-18 19:43:47 -------- d-----w C:\Program Files\SopCast
2007-03-18 19:24:06 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-03-18 19:23:57 -------- d-----w C:\Program Files\vso
2007-03-18 02:00:27 -------- d-----w C:\Program Files\AviSynth 2.5
2007-03-18 01:57:36 -------- d-----w C:\Program Files\K-Lite Codec Pack
2007-03-18 00:28:53 -------- d-----w C:\Program Files\Common Files\Ahead
2007-03-18 00:27:56 -------- d-----w C:\Program Files\CyberLink DVD Solution
2007-03-18 00:26:22 -------- d-----w C:\Program Files\CyberLink
2007-03-18 00:25:29 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 01:21:48 -------- d-----w C:\Program Files\Teamspeak2_RC2
2007-03-16 00:38:10 -------- d-----w C:\Program Files\Actual Zip Repair
2007-03-15 22:15:27 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2007-03-14 23:25:32 61 --sh--w C:\WINDOWS\cnerolf.dat
2007-03-14 21:08:16 -------- d-----w C:\Program Files\Qualcomm
2007-03-14 18:29:41 -------- d-----w C:\Program Files\AOD
2007-03-14 12:55:55 -------- d-----w C:\Program Files\High Quality Photo Resizer
2007-03-14 00:18:20 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-03-13 22:29:18 -------- d-----w C:\Program Files\Bodrag
2007-03-11 19:18:12 -------- d-----w C:\Program Files\WinAVIVideoConverter
2007-03-11 19:17:55 3,082 ----a-w C:\WINDOWS\system32\affv208325p1now.sys
2007-03-11 18:31:06 -------- d-----w C:\Program Files\Common Files\EZB Systems
2007-03-11 17:08:03 -------- d-----w C:\Program Files\Nero
2007-03-11 03:30:48 -------- d-----w C:\Program Files\Webroot
2007-03-10 19:20:42 1,697 ----a-w C:\WINDOWS\mozver.dat
2007-03-10 19:20:00 -------- d-----w C:\Program Files\Common Files\xing shared
2007-03-10 19:19:52 -------- d-----w C:\Program Files\Common Files\Real
2007-03-10 16:00:48 -------- d-----w C:\Program Files\Alcohol Soft
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-07 23:51:00 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-03-07 23:43:47 -------- d-----w C:\Program Files\Replay Converter
2007-03-07 23:36:26 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-03-07 13:30:39 -------- d-----w C:\Program Files\Skype
2007-03-07 13:30:39 -------- d-----w C:\Program Files\Common Files\Skype
2007-03-07 00:44:34 -------- d-----w C:\Program Files\Multi Theft Auto
2007-03-05 03:29:06 -------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-03-04 11:55:48 1,936,528 ----a-w C:\WINDOWS\system32\ltmm15.dll
2007-03-04 11:55:41 135,168 ----a-w C:\WINDOWS\system32\DSKernel2.dll
2007-03-04 02:33:35 14 ----a-w C:\WINDOWS\system32\SystemInfo32.sys
2007-03-03 21:32:04 615 ----a-w C:\WINDOWS\eReg.dat
2007-02-22 02:00:28 10,752 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 15:17]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-01-29 04:46]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-03-15 17:41]
{F156768E-81EF-470C-9057-481BA8380DBA}=C:\Program Files\FlashGet\getflash.dll [2007-01-14 22:40]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-10 14:19]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 07:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"NeroHomeFirstStart"=C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="C:\Program Files\Qualcomm\Eudora\EuShlExt.dll" [2005-11-14 16:15]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 09:13]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20070228-175546-682
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Andy\LOCALS~1\Temp\2007221192315_mcinfo.exe /insfin
backup-20070228-175546-952
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
backup-20070228-175546-461
O4 - HKLM\..\Run: [Windows NetConfig] WINHOST.EXE
Contents of the 'Scheduled Tasks' folder
2007-05-21 21:50:20 C:\WINDOWS\tasks\MP Scheduled Scan.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-05-21 16:53:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 2007-05-21 16:53:46
--- E O F ---