Here is my log file for Combofix.
ComboFix 08-01-09.2 - Owner 2008-01-09 16:06:48.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.363 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\
011F2278.bin
C:\Program Files\MyWebSearch\bar\Cache\
011F2F49.bin
C:\Program Files\MyWebSearch\bar\Cache\
011F3024.bin
C:\Program Files\MyWebSearch\bar\Cache\
011F30FF.bin
C:\Program Files\MyWebSearch\bar\Cache\
011F31D9.bin
C:\Program Files\MyWebSearch\bar\Cache\
018813A4
C:\Program Files\MyWebSearch\bar\Cache\
01881971
C:\Program Files\MyWebSearch\bar\Cache\
01881C7E.bin
C:\Program Files\MyWebSearch\bar\Cache\
01882EAE.bin
C:\Program Files\MyWebSearch\bar\Cache\
018830E1.bin
C:\Program Files\MyWebSearch\bar\Cache\
018832E4.bin
C:\Program Files\MyWebSearch\bar\Cache\
018834A9.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\nsy39.dll
C:\WINDOWS\system32\sprt_ads.dll
.
((((((((((((((((((((((((( Files Created from 2007-12-09 to 2008-01-09 )))))))))))))))))))))))))))))))
.
2008-01-09 16:05 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 22:15 . 2008-01-08 22:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-07 17:48 . 2008-01-07 17:48 <DIR> d-------- C:\Program Files\Virtual Villagers - The Lost Children
2008-01-06 22:11 . 2008-01-06 22:11 <DIR> d-------- C:\Program Files\Dcads Games Collection
2008-01-06 22:11 . 2008-01-06 22:12 80,097 --a------ C:\WINDOWS\system32\dcads-remove.exe
2008-01-06 22:11 . 2008-01-09 16:02 77,379 --a------ C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
2008-01-06 22:11 . 2008-01-07 13:53 40,734 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2008-01-06 21:45 . 2008-01-06 21:45 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Zylom
2008-01-06 21:17 . 2008-01-07 18:58 <DIR> d-------- C:\Program Files\Virtual Villagers
2008-01-03 20:31 . 2008-01-03 20:31 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-01-03 20:26 . 2007-12-24 08:57 <DIR> d-------- C:\Program Files\Mystery Case Files - Ravenhearst
2008-01-03 20:26 . 2007-12-23 16:20 <DIR> d-------- C:\Program Files\BFG
2008-01-02 19:35 . 2008-01-02 19:59 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\GARMIN
2008-01-02 19:15 . 2008-01-02 19:35 <DIR> d----c--- C:\Garmin
2008-01-01 14:06 . 2008-01-01 14:11 <DIR> d-------- C:\Documents and Settings\Kid's\Contacts
2007-12-31 18:23 . 2007-12-31 18:23 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2007-12-31 11:43 . 2007-12-30 10:42 <DIR> d-------- C:\Program Files\bfgclient
2007-12-31 11:43 . 2007-12-31 11:43 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2007-12-30 00:29 . 2007-12-30 00:29 <DIR> d-------- C:\Program Files\TryMedia
2007-12-29 22:36 . 2007-12-29 22:36 <DIR> d-------- C:\Program Files\iTunes
2007-12-29 22:36 . 2007-12-29 22:36 <DIR> d-------- C:\Program Files\iPod
2007-12-29 22:33 . 2007-12-29 22:34 <DIR> d-------- C:\Program Files\QuickTime
2007-12-29 22:31 . 2007-12-29 22:31 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-29 22:29 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-12-28 19:17 . 2007-12-28 19:17 <DIR> d----c--- C:\Documents and Settings\All Users\Symantec Temporary Files
2007-12-27 17:54 . 2007-12-27 17:54 <DIR> d-------- C:\Program Files\Google
2007-12-26 18:33 . 2008-01-06 21:04 <DIR> d-------- C:\Program Files\Jewel Quest 2
2007-12-26 18:31 . 2008-01-01 19:56 <DIR> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-24 18:43 . 2007-12-24 18:43 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-12-24 17:57 . 2007-12-24 17:57 <DIR> d-------- C:\Documents and Settings\Owner\Saved Games
2007-12-24 17:56 . 2007-12-24 17:56 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\iWin
2007-12-24 17:55 . 2008-01-07 18:58 <DIR> d-------- C:\Program Files\Yahoo! Games
2007-12-24 14:28 . 2008-01-01 19:57 <DIR> d-------- C:\Program Files\Oberon Media
2007-12-23 16:23 . 2007-12-23 16:24 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Magic Academy
2007-12-23 16:19 . 2007-12-23 11:57 <DIR> d-------- C:\Program Files\Hidden Expedition Titanic
2007-12-23 16:15 . 2007-12-23 17:41 <DIR> d-------- C:\Program Files\Cradle of Rome
2007-12-23 16:13 . 2007-12-23 16:14 <DIR> d-------- C:\Program Files\Magic Academy
2007-12-23 14:15 . 2007-12-23 14:15 <DIR> dr-h----- C:\Documents and Settings\Owner\Application Data\SecuROM
2007-12-23 14:15 . 2007-12-23 14:15 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-12-23 14:13 . 2007-12-23 14:13 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-12-23 14:13 . 2007-12-23 14:13 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-12-23 14:13 . 2007-12-23 14:13 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-12-23 14:13 . 2007-12-23 14:13 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-23 14:10 . 2007-12-23 14:10 <DIR> d-------- C:\Program Files\Focus & CDV
2007-12-22 17:39 . 2007-12-22 17:39 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
2007-12-22 17:37 . 2007-12-22 17:38 <DIR> d-------- C:\Program Files\The Rise of Atlantis
2007-12-18 08:54 . 2007-12-18 08:54 319,488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
2007-12-16 11:30 . 2007-12-25 10:17 <DIR> d-------- C:\Program Files\Sqirlz Morph
2007-12-12 18:01 . 2007-12-12 18:01 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Nokia
2007-12-12 18:00 . 2007-12-12 18:00 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-12-12 18:00 . 2007-12-12 18:00 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-12-12 17:59 . 2007-12-12 17:59 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 11:02 . 2007-12-09 11:02 24 --a------ C:\WINDOWS\AM_D8.PRF
2007-12-09 10:37 . 2007-12-09 11:01 <DIR> d-------- C:\Program Files\Ubi Soft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-08 00:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-06 23:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-06 22:30 --------- d-----w C:\Program Files\Java
2008-01-04 23:24 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-04 23:24 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-04 23:24 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-04 23:24 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-04 23:24 --------- d-----w C:\Program Files\Symantec
2008-01-04 01:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-01-04 01:51 --------- d-----w C:\Program Files\Lavasoft
2007-12-30 16:42 --------- d-----w C:\Program Files\LimeWire
2007-12-30 06:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-12-29 01:55 --------- d-----w C:\Program Files\MyHeritage
2007-12-29 01:49 --------- d-----w C:\Program Files\Insaniquarium Deluxe
2007-12-28 22:19 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-28 22:19 --------- d-----w C:\Program Files\Windows Live
2007-12-23 20:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-22 22:51 --------- d-----w C:\Documents and Settings\Owner\Application Data\PC Suite
2007-12-22 22:51 --------- d-----w C:\Documents and Settings\Owner\Application Data\Nokia
2007-12-13 23:16 --------- d-----w C:\Program Files\Advanced System Optimizer
2007-12-12 23:58 --------- d-----w C:\Program Files\Nokia
2007-12-12 18:28 --------- dc----w C:\Documents and Settings\All Users\Application Data\Installations
2007-12-10 23:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-09 16:36 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-09 00:30 --------- d-----w C:\Program Files\Norton SystemWorks
2007-12-01 05:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 05:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 05:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 05:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 05:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 05:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 05:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-25 20:10 --------- d-----w C:\Documents and Settings\Kid's\Application Data\Yahoo!
2007-11-25 16:42 --------- dc----w C:\Documents and Settings\All Users\Application Data\Autodesk
2007-11-25 16:27 18,816 ----a-w C:\WINDOWS\system32\drivers\dvd43llh.sys
2007-11-25 16:27 --------- d-----w C:\Program Files\dvd43
2007-11-25 16:23 --------- d-----w C:\Program Files\ICopyDVDs2
2007-11-25 16:18 35,936 ----a-w C:\WINDOWS\system32\drivers\Pcouffin.sys
2007-11-25 00:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\ZoomBrowser EX
2007-11-21 23:12 4 -c--a-w C:\WINDOWSRegDefrag.dat
2007-11-21 23:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\Systweak
2007-11-21 22:29 --------- d-----w C:\Documents and Settings\Owner\Application Data\Uniblue
2007-11-21 00:50 --------- d-----w C:\Program Files\Rekenwonder Software
2007-11-21 00:49 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-11-20 22:37 --------- d-----w C:\Documents and Settings\Default User\Application Data\Apple Computer
2007-11-18 16:39 --------- d-----w C:\Program Files\Shockwave.com
2007-11-17 18:59 --------- d-----w C:\Documents and Settings\Owner\Application Data\Move Networks
2007-11-17 17:13 --------- dc----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 02:23 --------- d-----w C:\Documents and Settings\Owner\Application Data\GetRightToGo
2007-11-11 02:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\3M
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-06 15:20 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
2007-10-31 19:03 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-10-31 01:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-31 01:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-10-10 22:43 584,704 ----a-w C:\WINDOWS\WLXPGSS.SCR
2005-05-12 04:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2007-12-18 08:54 319488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]
C:\WINDOWS\system32\spads.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43 4670704]
"gStart"="C:\Garmin\gStart.exe" [2007-08-23 05:58 1891416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 12:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 20:22 26248]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2007-11-20 16:40 731136]
"NSWosCheck"="C:\Program Files\Norton SystemWorks\osCheck.exe" [2007-12-03 01:41 25472]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44 61440]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 01:33 8720384]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"PCSuite.exe"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]
"PcSync2.exe"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]
"GetConnected.exe"="C:\Program Files\Nokia\Nokia PC Suite 6\GetConnected.exe" [2007-10-30 09:10 182272]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-it® Digital Notes.lnk]
backup=C:\WINDOWS\pss\Post-it® Digital Notes.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 18:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
C:\Program Files\Windows Live\Family Safety\fssui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 22:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-03-20 16:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 12:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 10:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-08-16 15:19 5728112 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 10:12 695808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
C:\PROGRA~1\SHOCKW~1.COM\PHOTOJ~1\data\product\xtras\mssysmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 16:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
--a------ 2007-06-08 08:59 224248 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
R3 LVHybrid;LVHybrid service;C:\WINDOWS\system32\DRIVERS\LVHybrid.sys [2007-01-30 15:20]
R3 NPDriver;Norton UnErase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2006-10-10 07:17]
S3 SDdriver;SDdriver;C:\WINDOWS\system32\Drivers\sddriver.sys [2005-11-03 20:43]
S3 USBVSP;USBVSP;C:\WINDOWS\system32\drivers\Usbvsp.sys [2003-09-08 13:43]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa26630b-4080-11dc-9c6d-0013d4599164}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-05 20:17:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-09 04:23:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-05 02:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job"
- C:\PROGRA~1\NORTON~2\Navw32.exeh/TASK:
"2007-12-24 18:00:00 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-09 16:12:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-09 16:13:15
ComboFix-quarantined-files.txt 2008-01-09 22:13:00
.
2008-01-08 23:14:05 --- E O F ---
Here is my new Hijack this log file.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:21:21 PM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [osCheck] C:\Program Files\Norton AntiVirus\osCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks\osCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [PCSuite.exe] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe -onlytray (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [PCSuite.exe] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe -onlytray (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search -
http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm021YYUSO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) -
http://www.symantec.com/techsupp/activedata/nprdtinf.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace.com/upload/MySpaceUploader1005.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebook.com/controls/Facebo...otoUploader.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windowsupd...b?1185996966171O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) -
https://webdl.symantec.com/activex/symdlmgr.cabO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cabO16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) -
http://memory-of.com/Uploads/ImageUploader3.cabO16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} -
http://download.games.yahoo.com/games/web_...itched/main.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{0D51CBF4-DA0D-46AC-838E-BF8EB8A39BDF}: NameServer = 208.38.65.37,208.38.65.35
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D51CBF4-DA0D-46AC-838E-BF8EB8A39BDF}: NameServer = 208.38.65.37,208.38.65.35
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 11570 bytes
