Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trouble Removing Malware/trojans


  • This topic is locked This topic is locked
18 replies to this topic

#1 Shyntwyss

Shyntwyss

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Manchester
  • Local time:11:56 AM

Posted 16 March 2008 - 01:23 PM

My computer has been infested with Trojans for quite a while now, but it didn't bother me much. I've been using Kaspersky Anti-Virus since I got my PC, it was what my uncle recommended to me. It has already deleted numerous Trojans but they keep returning. The files infected that kept appearing were named ??exhmrgml_?.exe, in place of the question marks were random numbers.
Here's a list of what has been deleted by Kaspersky:

deleted: adware not-a-virus:AdWare.Win32.NewDotNetdeleted: adware not-a-virus:AdWare.Win32.Relevant.a
deleted: adware not-a-virus:AdWare.Win32.Shopper.l
deleted: adware not-a-virus:AdWare.Win32.Shopper.l
deleted: adware not-a-virus:AdWare.Win32.Webdir.d
deleted: malware SpamTool.Win32.Agent.cq
deleted: malware SpamTool.Win32.Agent.da
deleted: malware SpamTool.Win32.Agent.dg File: C:\Documents and Settings\Camilla\Local Settings\Temp\30exhmunml30dl.exe
deleted: malware SpamTool.Win32.Agent.er
deleted: Trojan program Backdoor.Win32.Agent.ekz File: C:\Documents and Settings\Camilla\Local Settings\Temp\87exmdnk23.exe/UPX
deleted: Trojan program Backdoor.Win32.Agent.ely File: C:\Documents and Settings\Camilla\Local Settings\Temp\61exmdnk24.exe/UPX
deleted: Trojan program Backdoor.Win32.Agent.emz File: C:\DOCUME~1\Camilla\LOCALS~1\Temp\76exmdnk25.exe
deleted: Trojan program Backdoor.Win32.Agent.epn File: C:\Documents and Settings\Camilla\Local Settings\Temp\92exmdnk26.exe
deleted: Trojan program Backdoor.Win32.Agent.epn
deleted: Trojan program Backdoor.Win32.Agent.epn
deleted: Trojan program Backdoor.Win32.Agent.epn
deleted: Trojan program Trojan-Clicker.HTML.IFrame.df
deleted: Trojan program Trojan-Downloader.JS.Psyme.hz
deleted: Trojan program Trojan-Downloader.Win32.Agent.fbe File: C:\Documents and Settings\Camilla\Local Settings\Temp\62extest.4.exe
deleted: Trojan program Trojan-Downloader.Win32.Calac.b Running module: 36exinjs.ab.exe\36exinjs.ab.exe
deleted: Trojan program Trojan-Downloader.Win32.Calac.b Running module: 74exinjs.ab.exe\74exinjs.ab.exe
deleted: Trojan program Trojan-Downloader.Win32.Calac.b Running module: 31exinjs.ab.exe\31exinjs.ab.exe
deleted: Trojan program Trojan-Downloader.Win32.Horst.ba
deleted: Trojan program Trojan-Downloader.Win32.Small.hzd File: c:\windows\system\smvss.exe
deleted: Trojan program Trojan-Proxy.Win32.Horst.aae File: C:\Documents and Settings\Camilla\Local Settings\Temp\17exinjs.ab.exe/UPX
deleted: Trojan program Trojan.Win32.Agent.fcg File: C:\Documents and Settings\Camilla\Local Settings\Temp\13exgmrgml5.exe
deleted: Trojan program Trojan.Win32.Agent.fyo File: C:\DOCUME~1\Camilla\LOCALS~1\Temp\32exgmrgml19.exe/UPX
deleted: Trojan program Trojan.Win32.Zapchast.ef File: C:\Documents and Settings\Camilla\Local Settings\Temp\95exhmunml41.exe
deleted: Trojan program Trojan.Win32.Zapchast.ek File: C:\DOCUME~1\Camilla\LOCALS~1\Temp\23exhmrgas.exe/UPX
deleted: Trojan program Trojan.Win32.Zapchast.el File: C:\DOCUME~1\Camilla\LOCALS~1\Temp\77exhmrgas2.exe/UPX
deleted: Trojan program Trojan.Win32.Zapchast.el File: C:\DOCUME~1\Camilla\LOCALS~1\Temp\8exhmrgas2.exe/UPX
deleted: Trojan program Trojan.Win32.Zapchast.er
deleted: Trojan program Trojan.Win32.Zapchast.es File: C:\Documents and Settings\Camilla\Local Settings\Temp\46exhmrgas4.exe/UPX
detected: malware SpamTool.Win32.Agent.cq URL: hxxp://d2.statadd.com/d/hmrgml_10.exe
detected: malware SpamTool.Win32.Agent.dg URL: hxxp://d2.statadd.com/d/hmunml30dl.exe
detected: malware SpamTool.Win32.Agent.er URL: hxxp://rel.statadd.com/d/hmunml40dl.exe
detected: Trojan program Trojan-Clicker.Win32.Agent.lw Script: hxxp://www.fajne-laski.pornomix.pl/[1]
detected: Trojan program Trojan-Downloader.JS.Agent.nw URL: hxxp://protriochki.com/check/n1404-9.htm
detected: Trojan program Trojan-Downloader.JS.Agent.nw URL: hxxp://protriochki.com/check/n1404-2.htm
detected: Trojan program Trojan-Downloader.JS.Agent.nw URL: hxxp://protriochki.com/check/n1404-8.htm
detected: Trojan program Trojan-Downloader.JS.Agent.nw URL: hxxp://protriochki.com/check/n1404-5.htm
detected: Trojan program Trojan-Downloader.JS.Agent.zz URL: hxxp://xanjan.info/rent/index.php
detected: Trojan program Trojan-Downloader.JS.IESlice.c Script: hxxp://www.fajne-laski.pornomix.pl/[2]
detected: Trojan program Trojan-Downloader.JS.Psyme.lg URL: hxxp://81.95.150.82/tr/index.php/Crypt.DCScript
detected: Trojan program Trojan-Downloader.JS.Psyme.mf URL: hxxp://protriochki.com/check/n1404-4.htm
detected: Trojan program Trojan-Downloader.JS.Psyme.mf URL: hxxp://protriochki.com/check/n1404-3.htm
detected: Trojan program Trojan-Downloader.JS.Psyme.mf URL: hxxp://protriochki.com/check/n1404-7.htm
detected: Trojan program Trojan-Downloader.JS.Psyme.mf URL: hxxp://protriochki.com/check/n1404-1.htm
detected: Trojan program Trojan-Downloader.JS.Psyme.mf URL: hxxp://protriochki.com/check/n1404-6.htm
detected: Trojan program Trojan-Proxy.Win32.Horst.aae URL: hxxp://ads6.opernuz.com/up/injs.ab.exe?jfaf-1_8290_1585/UPX
detected: Trojan program Trojan-Proxy.Win32.Horst.aae URL: hxxp://ads6.opernuz.com/up/injs.ab.exe?jfaf-1_1785_1860/UPX
detected: Trojan program Trojan-Proxy.Win32.Horst.aae URL: hxxp://ads6.opernuz.com/up/injs.ab.exe?jfaf-1_9589_1860/UPX
detected: Trojan program Trojan-Proxy.Win32.Horst.aae URL: hxxp://ads6.opernuz.com/up/injs.ab.exe?jfaf-1_2647_1585/UPX
detected: Trojan program Trojan-Proxy.Win32.Horst.aae URL: hxxp://ads6.opernuz.com/up/injs.ab.exe?jfaf-1_1461_1871/UPX
detected: Trojan program Trojan-Proxy.Win32.Horst.aae URL: hxxp://ads6.opernuz.com/up/injs.ab.exe?jfaf-1_2387_1169/UPX
detected: Trojan program Trojan-Proxy.Win32.Horst.aae URL: hxxp://ads6.opernuz.com/up/injs.ab.exe?jfaf-1_5896_1860/UPX
detected: Trojan program Trojan.Java.ClassLoader.ap URL: hxxp://fethard-best.com/forum/java.php/jav...92;Baaaaa.class

I'm very sorry that the list is quite messy.

I thought I'd be better off dealing with it before anything bad happens. I have followed the instructions posted in Preparation Guide For Use Before Posting A HiJackthis Log.
AdAware has found tracking cookies (have been removed) and Win32.Trojan.BHO, Win32.Backdoor.Medbot and Virtumonde (under quarantine).
Spybot - Search & Destroy found and fixed the follwing problems (I have no idea what most of them are, except for bearshare, which I've deleted a long time ago because lots of the files contained viruses):
Ask.MyGlobalSearch
Virtumonde.generic
Bearshare
FunWeb
FunWebProducts
MyWay.MyWebSearch
MyWebSearch
Virtumonde

I couldn't launch Housecall Anti Virus, Panda Anti Virus, nor Bit Defender, the browser kept blocking the ActiveX control and when I tried to tell it to install it. I kept getting a pop-up saying ''To display the webpage again, Internet Explorer needs to resend the information you've previously submitted. If you were making a purchase, you should click cancel to avoid duplication. Otherwise, click retry to display the webpage again.'' I selected Retry and the page refreshed. I tried to install the control again but kept getting the same error. My patience is short so I decided to leave it at that.

Stinger didn't find anything.



So here's the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:18:10, on 16/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.be/spbasic.htm?lang=nl-BE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ig?hl=pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 80.239.180.111 eu.logon.worldofwarcraft.com
O1 - Hosts: 80.239.180.112 eu.logon.worldofwarcraft.com
O1 - Hosts: 80.239.180.113 eu.logon.worldofwarcraft.com
O1 - Hosts: 80.239.180.114 eu.logon.worldofwarcraft.com
O1 - Hosts: 80.239.180.115 eu.logon.worldofwarcraft.com
O1 - Hosts: 80.239.180.116 eu.logon.worldofwarcraft.com
O1 - Hosts: 80.239.180.117 eu.logon.worldofwarcraft.com
O1 - Hosts: 80.239.178.109 eu.logon.worldofwarcraft.com
O1 - Hosts: 80.239.178.110 eu.logon.worldofwarcraft.com
O1 - Hosts: 80.239.178.111 eu.logon.worldofwarcraft.com
O1 - Hosts: 80.239.178.112 eu.logon.worldofwarcraft.com
O1 - Hosts: 80.239.178.113 eu.logon.worldofwarcraft.com
O1 - Hosts: 80.239.178.114 eu.logon.worldofwarcraft.com
O1 - Hosts: 80.239.178.115 eu.logon.worldofwarcraft.com
O1 - Hosts: 80.239.178.116 eu.logon.worldofwarcraft.com
O1 - Hosts: 80.239.180.110 eu.logon.worldofwarcraft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: (no name) - {E38787E4-E6D9-4CEA-A87C-2EA4B7E929C6} - C:\WINDOWS\system32\awtqq.dll (file missing)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: desktop_minion4260671805.lnk = C:\Program Files\Codemasters Overlord Desktop Minion\desktop_minion.exe
O8 - Extra context menu item: &Search -
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Camilla\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activ...nfosFinder2.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: awtqq - C:\WINDOWS\system32\awtqq.dll (file missing)
O20 - Winlogon Notify: fccaxww - fccaxww.dll (file missing)
O21 - SSODL: rdihost - {B95671E3-4DBA-4D27-9D1D-E52BFF838A03} - rdihost.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 12622 bytes


So many people have been on my computer since it's been bought that I have no idea how much random crap I have on it.
( :thumbsup: excuse the random list of WoW hosts!)



Mod Edit: Links disabled, to preclude possible infection.~ TMacK

Edited by TMacK, 16 March 2008 - 01:37 PM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:56 PM

Posted 17 March 2008 - 08:36 AM

Hi,

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.
After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").
Doubleclick ResetTeaTimer.bat and let it run.
This will only take a few seconds.

Then, * Download SDFix and save it to your Desktop.

* Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Windows Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times.
Choose Safe Mode from the menu that will appear and press Enter.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Shyntwyss

Shyntwyss
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Manchester
  • Local time:11:56 AM

Posted 17 March 2008 - 11:37 AM

When I tried running ResetTeaTimer.bat, notepad popped up saying:
''Windows Script Host access is disabled on this machine.
Post this in the forum please. ''

Should I go ahead and start SDFix.exe?

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:56 PM

Posted 17 March 2008 - 11:52 AM

Hi,

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings]
"Enabled"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings]
"Enabled"=dword:00000001

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

That should enable Windows Script Host access
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Shyntwyss

Shyntwyss
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Manchester
  • Local time:11:56 AM

Posted 17 March 2008 - 12:50 PM

For strange reason after I ran ResetTeaTimer I lost connection with the internet on the other machine (although it's probably got nothing to do with that). I hope it's okay if I carry on once the connection issue is fixed.
I really am sorry.

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:56 PM

Posted 17 March 2008 - 12:59 PM

This is somewhat unclear here... Don't see how this would affect your Internet Connection on your other computer.

Anyway, can you proceed with the rest of the instructions please? Because your system is severly infected and we need to get if fixed asap.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Shyntwyss

Shyntwyss
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Manchester
  • Local time:11:56 AM

Posted 17 March 2008 - 04:16 PM

I did as you instructed.

Here the report.txt


Rebooting


Checking Files :

Trojan Files Found:

C:\DOCUME~1\Camilla\LOCALS~1\Temp\10exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\11exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\14exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\15exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\17exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\24exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\25exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\27exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\28exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\2exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\31exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\32exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\33exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\35exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\39exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\3exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\41exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\42exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\43exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\45exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\46exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\49exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\4exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\52exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\53exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\57exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\58exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\59exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\62exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\65exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\68exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\70exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\71exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\74exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\75exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\77exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\78exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\80exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\81exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\82exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\83exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\85exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\86exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\87exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\89exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\8exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\90exgmrgml19.exe - Deleted
C:\DOCUME~1\Camilla\LOCALS~1\Temp\97exgmrgml19.exe - Deleted
C:\WINDOWS\photo album.zip - Deleted
C:\WINDOWS\system\smss.exe - Deleted
C:\WINDOWS\system\smvss.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 21:01:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:c693b7fa
"s1"=dword:1ff8c7b1
"s2"=dword:8f811cab
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:a7,06,bd,b4,57,a6,68,55,e0,c6,4d,b2,a2,61,46,cf,02,ed,60,a7,6e,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7f,25,f9,0c,94,45,23,f2,03,c8,ec,86,41,3a,d8,84,e1,..
"khjeh"=hex:5e,76,f0,8f,8f,2e,c1,50,8b,f9,a4,bc,17,fe,37,55,8c,e6,2e,0c,ce,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d7,28,c1,2d,73,d1,cc,fe,5e,d8,26,10,9f,ae,78,79,6d,5b,85,b8,2a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:a7,06,bd,b4,57,a6,68,55,e0,c6,4d,b2,a2,61,46,cf,02,ed,60,a7,6e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7f,25,f9,0c,94,45,23,f2,03,c8,ec,86,41,3a,d8,84,e1,..
"khjeh"=hex:5e,76,f0,8f,8f,2e,c1,50,8b,f9,a4,bc,17,fe,37,55,8c,e6,2e,0c,ce,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d7,28,c1,2d,73,d1,cc,fe,5e,d8,26,10,9f,ae,78,79,6d,5b,85,b8,2a,..

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 13


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled:PANDORA"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Disabled:Gadu-Gadu - program gl˘wny"
"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule Plus"
"C:\\WINDOWS\\system32\\mdbgqlom.exe"="C:\\WINDOWS\\system32\\mdb"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\NeverwinterNights\\NWN\\nwmain.exe"="C:\\NeverwinterNights\\NWN\\nwmain.exe:*:Enabled:Neverwinter Nights"
"C:\\Program Files\\NAPI-PROJEKT\\napisy.exe"="C:\\Program Files\\NAPI-PROJEKT\\napisy.exe:*:Enabled:www.napiprojekt.pl"
"C:\\Program Files\\Zapu\\Zapu\\wDivi.exe"="C:\\Program Files\\Zapu\\Zapu\\wDivi.exe:*:Disabled:Zapu Control"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"c:\\apps\\skype\\phone\\Skype.exe"="c:\\apps\\skype\\phone\\Skype.exe:*:Enabled:Skype"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\78exinjs.aa.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\78exinjs.aa.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\70exinjs.aa.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\70exinjs.aa.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\2exinjs.aa.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\2exinjs.aa.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\59exinjs.aa.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\59exinjs.aa.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\22exinjs.aa.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\22exinjs.aa.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\83exinjs.aa.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\83exinjs.aa.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\3exinjs.aa.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\3exinjs.aa.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\64exinjs.aa.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\64exinjs.aa.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\47exinjs.aa.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\47exinjs.aa.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\11exinjs.aa.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\11exinjs.aa.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\12exinjs.aa.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\12exinjs.aa.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\67exinjs.aa.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\67exinjs.aa.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\91exinjs.aa.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\91exinjs.aa.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\55exinjs.aa.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\55exinjs.aa.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\86exinjs.aa.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\86exinjs.aa.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\27exinjs.aa.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\27exinjs.aa.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\84exinjs.aa.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\84exinjs.aa.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\19exinjs.aa.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\19exinjs.aa.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\30exinjs.aa.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\30exinjs.aa.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\94exinjs.aa.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\94exinjs.aa.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\93exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\93exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\11exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\11exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\80exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\80exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\48exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\48exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\15exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\15exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\51exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\51exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\17exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\17exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\55exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\55exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\97exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\97exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\5exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\5exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\77exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\77exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\98exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\98exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\42exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\42exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\67exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\67exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\22exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\22exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\49exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\49exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\20exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\20exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\52exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\52exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\76exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\76exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\4exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\4exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\29exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\29exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\3exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\3exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\75exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\75exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\47exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\47exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\19exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\19exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\31exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\31exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\63exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\63exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\43exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\43exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\87exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\87exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\91exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\91exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\64exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\64exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\99exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\99exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\96exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\96exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\1exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\1exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\0exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\0exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\84exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\84exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\94exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\94exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\59exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\59exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\10exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\10exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\13exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\13exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\12exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\12exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\53exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\53exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\56exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\56exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\40exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\40exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\23exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\23exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\36exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\36exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\60exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\60exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\9exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\9exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\50exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\50exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\95exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\95exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\39exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\39exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\30exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\30exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\65exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\65exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\7exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\7exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\33exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\33exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\14exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\14exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\89exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\89exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\44exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\44exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\78exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\78exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\46exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\46exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\66exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\66exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\18exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\18exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\69exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\69exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\6exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\6exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\90exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\90exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\79exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\79exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\92exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\92exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\86exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\86exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\2exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\2exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\58exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\58exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\27exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\27exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\28exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\28exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\74exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\74exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:Last.fm"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Free Download Manager\\fdm.exe"="C:\\Program Files\\Free Download Manager\\fdm.exe:*:Enabled:Free Download Manager"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\43ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\43ex:*:Enabled:Microsoft Update"
"C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\82ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\82ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\84ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\84ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\20ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\20ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\74ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\74ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\28ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\28ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\21ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\21ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\2ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\2ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\76ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\76ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\17ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\17ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\18ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\18ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\10ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\10ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\65ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\65ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\77ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\77ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\85ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\85ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\54ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\54ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\61ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\61ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\13ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\13ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\52ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\52ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\68ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\68ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\58ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\58ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\78ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\78ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\98ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\98ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\0ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\0ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\53ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\53ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\16ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\16ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\81ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\81ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\69ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\69ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\5ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\5ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\50ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\50ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\27ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\27ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\90ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\90ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\95ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\95ex:*:Enabled:Microsoft Update"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\56ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\56ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\49ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\49ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\23ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\23ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\75ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\75ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\4ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\4ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\14ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\14ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\26ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\26ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\57ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\57ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\70ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\70ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\71ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\71ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\66ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\66ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\42ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\42ex:*:Enabled:Microsoft Update"
"C:\\Documents and Settings\\Camilla\\Desktop\\WoW-BurningCrusade-enGB-Installer-downloader.exe"="C:\\Documents and Settings\\Camilla\\Desktop\\WoW-BurningCrusade-enGB-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\39ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\39ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\15ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\15ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\45ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\45ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\38ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\38ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\97ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\97ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\96ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\96ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\59ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\59ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\63ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\63ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\55ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\55ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\25ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\25ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\86ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\86ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\93ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\93ex:*:Enabled:Microsoft Update"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\6ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\6ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\47ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\47ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\11ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\11ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\34ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\34ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\33ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\33ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\46ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\46ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\80ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\80ex:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\51ex"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\51ex:*:Enabled:Microsoft Update"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\87exmdnk23.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\87exmdnk23.exe:*:Disabled:87exmdnk23"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\52exmdnk24.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\52exmdnk24.exe:*:Disabled:52exmdnk24"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\43exmdnk24.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\43exmdnk24.exe:*:Disabled:43exmdnk24"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\81exmdnk24.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\81exmdnk24.exe:*:Disabled:81exmdnk24"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\27exmdnk24.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\27exmdnk24.exe:*:Disabled:27exmdnk24"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\85exmdnk24.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\85exmdnk24.exe:*:Disabled:85exmdnk24"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\93exmdnk24.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\93exmdnk24.exe:*:Disabled:93exmdnk24"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\61exmdnk24.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\61exmdnk24.exe:*:Disabled:61exmdnk24"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\17exmdnk26.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\17exmdnk26.exe:*:Disabled:17exmdnk26"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\57exmdnk26.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\57exmdnk26.exe:*:Disabled:57exmdnk26"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\63exmdnk26.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\63exmdnk26.exe:*:Disabled:63exmdnk26"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\92exmdnk26.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\92exmdnk26.exe:*:Disabled:92exmdnk26"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\62exmdnk26.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\62exmdnk26.exe:*:Disabled:62exmdnk26"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\20exmdnk28.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\20exmdnk28.exe:*:Disabled:20exmdnk28"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\18exmdnk28.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\18exmdnk28.exe:*:Disabled:18exmdnk28"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\23exmdnk28.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\23exmdnk28.exe:*:Disabled:23exmdnk28"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\78exmdnk28.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\78exmdnk28.exe:*:Disabled:78exmdnk28"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\39exmdnk28.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\39exmdnk28.exe:*:Disabled:39exmdnk28"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\34exmdnk28.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\34exmdnk28.exe:*:Disabled:34exmdnk28"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\50exmdnk28.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\50exmdnk28.exe:*:Disabled:50exmdnk28"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\28exmdnk28.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\28exmdnk28.exe:*:Disabled:28exmdnk28"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\29exmdnk28.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\29exmdnk28.exe:*:Disabled:29exmdnk28"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\80exmdnk28.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\80exmdnk28.exe:*:Disabled:80exmdnk28"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\60exmdnk28.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\60exmdnk28.exe:*:Disabled:60exmdnk28"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\55exmdnk28.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\55exmdnk28.exe:*:Disabled:55exmdnk28"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\96exmdnk28.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\96exmdnk28.exe:*:Disabled:96exmdnk28"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\51exmdnk28.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\51exmdnk28.exe:*:Disabled:51exmdnk28"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\71exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\71exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\16exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\16exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\88exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\88exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\57exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\57exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\34exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\34exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\36exmdnk28.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\36exmdnk28.exe:*:Disabled:36exmdnk28"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\95exmdnk28.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\95exmdnk28.exe:*:Disabled:95exmdnk28"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\9exmdnk28.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\9exmdnk28.exe:*:Disabled:9exmdnk28"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\16exmdnk28.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\16exmdnk28.exe:*:Disabled:16exmdnk28"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\37exmdnk30.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\37exmdnk30.exe:*:Disabled:37exmdnk30"
"C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\38exinjs.ab.exe"="C:\\DOCUME~1\\Camilla\\LOCALS~1\\Temp\\38exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\24exmdnk31.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\24exmdnk31.exe:*:Disabled:24exmdnk31"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\36exmdnk31.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\36exmdnk31.exe:*:Disabled:36exmdnk31"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\70exmdnk31.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\70exmdnk31.exe:*:Disabled:70exmdnk31"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\0exmdnk32.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\0exmdnk32.exe:*:Disabled:0exmdnk32"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\32exmdnk32.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\32exmdnk32.exe:*:Disabled:32exmdnk32"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\47exmdnk32.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\47exmdnk32.exe:*:Disabled:47exmdnk32"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\55exmdnk33.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\55exmdnk33.exe:*:Disabled:55exmdnk33"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\59exmdnk33.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\59exmdnk33.exe:*:Disabled:59exmdnk33"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\11exmdnk33.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\11exmdnk33.exe:*:Disabled:11exmdnk33"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\17exmdnk33.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\17exmdnk33.exe:*:Disabled:17exmdnk33"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\77exmdnk33.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\77exmdnk33.exe:*:Disabled:77exmdnk33"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\53exmdnk33.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\53exmdnk33.exe:*:Disabled:53exmdnk33"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\49exmdnk34.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\49exmdnk34.exe:*:Disabled:49exmdnk34"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\94exmdnk34.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\94exmdnk34.exe:*:Disabled:94exmdnk34"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\58exmdnk35.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\58exmdnk35.exe:*:Disabled:58exmdnk35"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\17exmdnk35.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\17exmdnk35.exe:*:Disabled:17exmdnk35"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\22exmdnk35.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\22exmdnk35.exe:*:Disabled:22exmdnk35"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\52exmdnk35.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\52exmdnk35.exe:*:Disabled:52exmdnk35"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\43exmdnk35.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\43exmdnk35.exe:*:Disabled:43exmdnk35"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\63exmdnk35.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\63exmdnk35.exe:*:Disabled:63exmdnk35"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\47exmdnk35.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\47exmdnk35.exe:*:Disabled:47exmdnk35"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\56exmdnk35.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\56exmdnk35.exe:*:Disabled:56exmdnk35"
"C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\53exmdnk35.exe"="C:\\Documents and Settings\\Camilla\\Local Settings\\Temp\\53exmdnk35.exe:*:Disabled:53exmdnk35"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 30 Oct 2006 208 A.SHR --- "C:\BOOT.BAK"
Thu 20 Dec 2007 672,814,543 A..H. --- "C:\Downloads\Software\WoW-2.2.0-enGB-patch.exe"
Thu 20 Dec 2007 182,708,080 A..H. --- "C:\Downloads\Software\WoW-2.3.0-enGB-patch.exe"
Tue 8 Mar 2005 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Tue 8 Mar 2005 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Tue 8 Mar 2005 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 13 Jun 2007 1,221,030 A.SH. --- "C:\WINDOWS\system32\qqtwa.tmp"
Wed 6 Jun 2007 1,215,961 A.SH. --- "C:\WINDOWS\system32\qqtwa.bak1"
Wed 13 Jun 2007 1,244,263 A.SH. --- "C:\WINDOWS\system32\qqtwa.bak2"
Sat 16 Jun 2007 1,700,544 ..SH. --- "C:\WINDOWS\system32\ygjgngvg.tmp"
Tue 18 Dec 2007 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP260\A0164803.sys"
Wed 19 Dec 2007 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP260\A0165803.sys"
Wed 19 Dec 2007 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP262\A0166386.sys"
Thu 20 Dec 2007 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP262\A0166560.sys"
Fri 21 Dec 2007 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP263\A0166590.sys"
Sat 22 Dec 2007 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP264\A0166642.sys"
Sun 23 Dec 2007 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP266\A0166902.sys"
Tue 25 Dec 2007 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP266\A0166957.sys"
Wed 26 Dec 2007 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP267\A0166973.sys"
Wed 26 Dec 2007 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP267\A0166996.sys"
Thu 27 Dec 2007 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP268\A0167056.sys"
Fri 28 Dec 2007 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP268\A0167065.sys"
Fri 28 Dec 2007 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP268\A0167142.sys"
Sat 29 Dec 2007 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP269\A0167224.sys"
Sun 30 Dec 2007 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP270\A0167249.sys"
Mon 31 Dec 2007 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP271\A0168249.sys"
Mon 31 Dec 2007 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP271\A0168267.sys"
Tue 1 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP271\A0168291.sys"
Wed 2 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP271\A0168335.sys"
Thu 3 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP271\A0168355.sys"
Thu 3 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP272\A0168441.sys"
Sat 5 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP272\A0168481.sys"
Sun 6 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP272\A0168495.sys"
Mon 7 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP272\A0168504.sys"
Mon 7 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP273\A0168528.sys"
Mon 7 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP273\A0168544.sys"
Tue 8 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP273\A0168549.sys"
Tue 8 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP274\A0168625.sys"
Tue 8 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP274\A0168652.sys"
Wed 9 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP274\A0168667.sys"
Wed 9 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP274\A0168673.sys"
Wed 9 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP275\A0168688.sys"
Wed 9 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP276\A0168721.sys"
Thu 10 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP276\A0168726.sys"
Thu 10 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP276\A0168760.sys"
Thu 10 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP276\A0168776.sys"
Fri 11 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP276\A0168785.sys"
Fri 11 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP277\A0168861.sys"
Sun 13 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP277\A0168898.sys"
Mon 14 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP277\A0168904.sys"
Mon 14 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP278\A0168913.sys"
Mon 14 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP278\A0168937.sys"
Tue 15 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP278\A0168945.sys"
Tue 15 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP279\A0168981.sys"
Wed 16 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP279\A0168996.sys"
Wed 16 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP279\A0169106.sys"
Wed 16 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP279\A0169137.sys"
Thu 17 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP279\A0169150.sys"
Thu 17 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP279\A0169169.sys"
Thu 17 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP279\A0169183.sys"
Fri 18 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP279\A0169188.sys"
Fri 18 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP279\A0169204.sys"
Sat 19 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP279\A0169576.sys"
Sun 20 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP280\A0169617.sys"
Mon 21 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP280\A0169625.sys"
Mon 21 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP281\A0169640.sys"
Tue 22 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP281\A0169645.sys"
Tue 22 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP281\A0169668.sys"
Wed 23 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP281\A0169687.sys"
Wed 23 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP282\A0169730.sys"
Wed 23 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP282\A0169786.sys"
Thu 24 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP282\A0169793.sys"
Thu 24 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP282\A0169805.sys"
Fri 25 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP282\A0169822.sys"
Fri 25 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP282\A0169862.sys"
Sat 26 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP282\A0170862.sys"
Sat 26 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP282\A0170872.sys"
Sat 26 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP282\A0170880.sys"
Sat 26 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP283\A0170890.sys"
Sat 26 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP283\A0170915.sys"
Sun 27 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP284\A0170967.sys"
Mon 28 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP284\A0170972.sys"
Mon 28 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP284\A0171001.sys"
Tue 29 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP284\A0171010.sys"
Tue 29 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP284\A0171034.sys"
Tue 29 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP284\A0171047.sys"
Tue 29 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP284\A0172047.sys"
Tue 29 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP284\A0172066.sys"
Wed 30 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP284\A0172079.sys"
Wed 30 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP284\A0172091.sys"
Wed 30 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP285\A0172121.sys"
Thu 31 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP285\A0172134.sys"
Thu 31 Jan 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP285\A0172164.sys"
Fri 1 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP286\A0172188.sys"
Fri 1 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP286\A0172200.sys"
Fri 1 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP286\A0172208.sys"
Fri 1 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP286\A0172214.sys"
Fri 1 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP286\A0172230.sys"
Sat 2 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP286\A0172263.sys"
Sat 2 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP286\A0172310.sys"
Sat 2 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP286\A0172317.sys"
Sat 2 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP286\A0172329.sys"
Sun 3 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP287\A0172371.sys"
Mon 4 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP287\A0172382.sys"
Mon 4 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP287\A0172400.sys"
Tue 5 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP287\A0172412.sys"
Tue 5 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP287\A0172430.sys"
Wed 6 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP287\A0172436.sys"
Wed 6 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP287\A0172441.sys"
Wed 6 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP288\A0172497.sys"
Thu 7 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP288\A0172565.sys"
Fri 8 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP288\A0172592.sys"
Fri 8 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP289\A0172878.sys"
Sat 9 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP289\A0173878.sys"
Sat 9 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP289\A0173895.sys"
Sat 9 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP289\A0173905.sys"
Sun 10 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP289\A0173920.sys"
Sun 10 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP290\A0173960.sys"
Mon 11 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP291\A0174136.sys"
Tue 12 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP292\A0174162.sys"
Wed 13 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP293\A0174261.sys"
Thu 14 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP293\A0174282.sys"
Fri 15 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP293\A0174306.sys"
Fri 15 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP293\A0174336.sys"
Sat 16 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP294\A0174394.sys"
Sun 17 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP295\A0174428.sys"
Mon 18 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP295\A0175627.sys"
Tue 19 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP296\A0175699.sys"
Wed 20 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP297\A0175759.sys"
Thu 21 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP297\A0175803.sys"
Fri 22 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP298\A0175841.sys"
Sat 23 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP299\A0175871.sys"
Sun 24 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP299\A0175885.sys"
Mon 25 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP299\A0175899.sys"
Mon 25 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP299\A0175925.sys"
Mon 25 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP299\A0175942.sys"
Tue 26 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP299\A0175954.sys"
Tue 26 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP299\A0175962.sys"
Tue 26 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP300\A0175978.sys"
Wed 27 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP300\A0176013.sys"
Thu 28 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP300\A0176024.sys"
Thu 28 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP300\A0176041.sys"
Fri 29 Feb 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP300\A0176070.sys"
Sat 1 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP300\A0176077.sys"
Sat 1 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP301\A0176086.sys"
Sat 1 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP301\A0176135.sys"
Sun 2 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP302\A0176190.sys"
Mon 3 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP302\A0176195.sys"
Mon 3 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP303\A0176242.sys"
Tue 4 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP303\A0177242.sys"
Tue 4 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP303\A0177257.sys"
Wed 5 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP303\A0178257.sys"
Wed 5 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP303\A0179257.sys"
Wed 5 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP304\A0179281.sys"
Thu 6 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP304\A0179298.sys"
Fri 7 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP304\A0179308.sys"
Fri 7 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP304\A0179324.sys"
Sat 8 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP305\A0179373.sys"
Sun 9 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP305\A0179386.sys"
Sun 9 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP305\A0179391.sys"
Sun 9 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP306\A0179436.sys"
Mon 10 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP306\A0179486.sys"
Mon 10 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP306\A0179503.sys"
Tue 11 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP307\A0179522.sys"
Wed 12 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP307\A0179531.sys"
Wed 12 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP307\A0179563.sys"
Thu 13 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP308\A0179578.sys"
Fri 14 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP308\A0179599.sys"
Sat 15 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP310\A0179648.sys"
Sat 15 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP311\A0179666.sys"
Sun 16 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP311\A0179680.sys"
Sun 16 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP313\A0181400.sys"
Sun 16 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP313\A0182399.sys"
Sun 16 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP313\A0182410.sys"
Sun 16 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP314\A0182428.sys"
Sun 16 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP314\A0182647.sys"
Sun 16 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP314\A0182659.sys"
Mon 17 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP314\A0182665.sys"
Mon 17 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP314\A0182727.sys"
Mon 17 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP314\A0182736.sys"
Mon 17 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP315\A0182800.sys"
Mon 17 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP315\A0182805.sys"
Mon 17 Mar 2008 108 A..H. --- "C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP315\A0184844.sys"
Wed 28 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 17 Mar 2008 108 A..H. --- "C:\Program Files\Common Files\X10\Common\x10prod.sys"
Fri 1 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT3.tmp"
Tue 16 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fe95c915e785c18bf9cc0792fb5a73df\BIT3.tmp"
Fri 8 Feb 2008 1,301 ...HR --- "C:\Documents and Settings\Camilla\Application Data\SecuROM\UserData\securom_v7_01.bak"
Sun 18 Nov 2007 268 A..H. --- "C:\Documents and Settings\Camilla\Local Settings\Temp\Free Download Manager\tic24E.tmp"
Sun 18 Nov 2007 745 A..H. --- "C:\Documents and Settings\Camilla\Local Settings\Temp\Free Download Manager\tic24F.tmp"
Sun 18 Nov 2007 883 A..H. --- "C:\Documents and Settings\Camilla\Local Settings\Temp\Free Download Manager\tic251.tmp"
Sat 9 Feb 2008 123 A..H. --- "C:\Documents and Settings\Camilla\Local Settings\Temp\Free Download Manager\tic33A.tmp"
Fri 26 Oct 2007 76 A..H. --- "C:\Documents and Settings\Camilla\Local Settings\Temp\Free Download Manager\tic85.tmp"
Mon 17 Mar 2008 5,692 A.SH. --- "C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE3.tmp"
Mon 17 Mar 2008 5,946 A.SH. --- "C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE4.tmp"

Finished!


And Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:15, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.be/spbasic.htm?lang=nl-BE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ig?hl=pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)
O2 - BHO: (no name) - {E38787E4-E6D9-4CEA-A87C-2EA4B7E929C6} - C:\WINDOWS\system32\awtqq.dll (file missing)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3005531133-749170791-1580215723-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: desktop_minion4260671805.lnk = C:\Program Files\Codemasters Overlord Desktop Minion\desktop_minion.exe
O8 - Extra context menu item: &Search -
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Camilla\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activ...nfosFinder2.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: awtqq - C:\WINDOWS\system32\awtqq.dll (file missing)
O20 - Winlogon Notify: fccaxww - fccaxww.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10892 bytes

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:56 PM

Posted 17 March 2008 - 04:34 PM

Hi,

We still have a lot to clean here...

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Shyntwyss

Shyntwyss
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Manchester
  • Local time:11:56 AM

Posted 18 March 2008 - 01:38 PM

Hey again.

I have successfully run ComboFix, here is the log:


ComboFix 08-03-17.1 - Camilla 2008-03-18 18:12:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1408 [GMT 0:00]
Running from: C:\Documents and Settings\Camilla\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))
.

2008-03-17 19:11 . 2008-03-17 19:12 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-17 18:28 . 2008-03-17 21:09 <DIR> d-------- C:\SDFix
2008-03-16 18:10 . 2008-03-16 18:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-16 17:41 . 2008-03-16 17:42 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-16 17:41 . 2008-03-16 17:55 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-16 17:41 . 2008-03-16 17:55 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-16 16:03 . 2008-03-16 16:03 <DIR> d-------- C:\Program Files\Sygate
2008-03-16 16:03 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-03-16 16:03 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-03-16 16:03 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-03-16 16:03 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-03-16 16:03 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-03-16 16:03 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-03-16 16:03 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-03-16 14:42 . 2008-03-16 14:42 <DIR> d-------- C:\Documents and Settings\Camilla\.housecall6.6
2008-03-16 14:35 . 2008-03-16 14:36 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-16 14:35 . 2008-03-16 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-16 13:14 . 2008-03-16 13:14 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-16 13:14 . 2008-03-16 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-16 13:07 . 2008-03-16 13:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-15 21:00 . 2008-03-16 18:00 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-03-09 15:09 . 2008-03-09 15:09 332 --a------ C:\WINDOWS\desctemp.dat
2008-03-09 14:58 . 2008-03-09 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-03-09 14:56 . 2008-03-09 14:56 <DIR> d-------- C:\Program Files\IVT Corporation
2008-03-09 14:56 . 2008-03-09 14:57 32 --a------ C:\WINDOWS\0
2008-03-09 14:56 . 2008-03-09 14:56 0 --a------ C:\WINDOWS\system32\0
2008-03-01 18:54 . 2008-03-01 18:54 <DIR> d-------- C:\Program Files\Common Files\INCA Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 18:21 84,471,328 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-18 18:18 3,395,104 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-18 18:18 261,848 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-18 18:18 1,140,668 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-16 21:19 --------- d-----w C:\Program Files\World of Warcraft
2008-03-16 18:15 --------- d-----w C:\Program Files\Free Download Manager
2008-03-16 12:44 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-03-16 12:43 --------- d-----w C:\Program Files\Bridge Building Game
2008-03-15 21:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-10 06:18 --------- d-----w C:\Documents and Settings\Camilla\Application Data\LimeWire
2008-03-08 22:35 --------- d-----w C:\Documents and Settings\Camilla\Application Data\Skype
2008-03-02 14:42 --------- d-----w C:\Documents and Settings\Camilla\Application Data\Azureus
2008-02-28 16:51 --------- d-----w C:\Documents and Settings\Camilla\Application Data\Image Zone Express
2008-02-19 13:12 --------- d-----w C:\Program Files\LimeWire
2008-02-17 20:47 --------- d-----w C:\Program Files\Illustrate
2008-02-17 20:47 --------- d-----w C:\Documents and Settings\Camilla\Application Data\AccurateRip
2008-02-17 20:45 4,230,520 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-02-16 10:34 --------- d-----w C:\Program Files\Google
2008-02-08 19:30 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-07 09:13 542 ----a-w C:\Documents and Settings\Camilla\Application Data\wklnhst.dat
2008-02-03 11:27 --------- d-----w C:\Documents and Settings\Camilla\Application Data\Qtrax1
2008-02-03 11:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-01-29 22:23 --------- d-----w C:\Program Files\Gadu-Gadu
2008-01-27 18:06 --------- d-----w C:\Program Files\iTunes
2008-01-26 20:54 --------- d-----w C:\Program Files\IDoser v4
2008-01-19 22:52 --------- d-----w C:\Program Files\iPod
2008-01-19 22:51 --------- d-----w C:\Program Files\QuickTime
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 23:28 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
1999-07-07 00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
2007-06-06 20:43 1,215,961 --sha-w C:\WINDOWS\system32\qqtwa.bak1
2007-06-13 10:05 1,244,263 --sha-w C:\WINDOWS\system32\qqtwa.bak2
2007-06-13 11:17 1,221,030 --sha-w C:\WINDOWS\system32\qqtwa.ini2
2007-06-16 16:06 1,698,479 --sh--w C:\WINDOWS\system32\ygjgngvg.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E38787E4-E6D9-4CEA-A87C-2EA4B7E929C6}]
C:\WINDOWS\system32\awtqq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-03 13:21 3461120]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00 455168]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
"ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 14:00 208952]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-01 15:53 185896]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 13:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 18:09 139367]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 14:57 133016]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 00:05 200704]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqq]
C:\WINDOWS\system32\awtqq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaxww]
fccaxww.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
--a------ 2003-05-02 10:31 24576 c:\apps\ABoard\ABoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyWhere]
C:\Program Files\InfoKing\InfoPen-AnyWhere\AnyWhere.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 14:57 133016 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DetectorApp]
--a------ 2005-10-20 06:15 102400 C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-05-18 13:27 16207872 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
--a------ 2005-11-17 09:51 975360 C:\APPS\SMP\SmpSys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-04-01 15:53 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vade Retro Outlook Express]
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\NeverwinterNights\\NWN\\nwmain.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"6112:TCP"= 6112:TCP:Blizzard Downloader

R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 15:34]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 10:45]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5B5C4767-D8DE-AB3B-7ED0-86C27EE5D2BE}]
F:\Adobe Photoshop CS3 Crack+Keygen\Keygen.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-15 22:41:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-16 18:00:08 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 18:21:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-03-18 18:27:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-18 18:27:12
.
2008-03-15 23:05:34 --- E O F ---


Also, here is the new HijackThis log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:35:34, on 18/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ig?hl=pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: (no name) - {E38787E4-E6D9-4CEA-A87C-2EA4B7E929C6} - C:\WINDOWS\system32\awtqq.dll (file missing)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: desktop_minion4260671805.lnk = C:\Program Files\Codemasters Overlord Desktop Minion\desktop_minion.exe
O8 - Extra context menu item: &Search -
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Camilla\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activ...nfosFinder2.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: awtqq - C:\WINDOWS\system32\awtqq.dll (file missing)
O20 - Winlogon Notify: fccaxww - fccaxww.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10129 bytes

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:56 PM

Posted 18 March 2008 - 01:50 PM

Hi,

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
F:\Adobe Photoshop CS3 Crack+Keygen\Keygen.exe
C:\WINDOWS\0
C:\WINDOWS\system32\0
C:\WINDOWS\system32\SpoonUninstall.exe
C:\WINDOWS\system32\qqtwa.bak1
C:\WINDOWS\system32\qqtwa.bak2
C:\WINDOWS\system32\qqtwa.ini2
C:\WINDOWS\system32\ygjgngvg.ini2
Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E38787E4-E6D9-4CEA-A87C-2EA4B7E929C6}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqq]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaxww]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5B5C4767-D8DE-AB3B-7ED0-86C27EE5D2BE}]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 Shyntwyss

Shyntwyss
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Manchester
  • Local time:11:56 AM

Posted 18 March 2008 - 02:00 PM

ComboFix 08-03-17.1 - Camilla 2008-03-18 18:56:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1469 [GMT 0:00]
Running from: C:\Documents and Settings\Camilla\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Camilla\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\0
C:\WINDOWS\system32\0
C:\WINDOWS\system32\qqtwa.bak1
C:\WINDOWS\system32\qqtwa.bak2
C:\WINDOWS\system32\qqtwa.ini2
C:\WINDOWS\system32\SpoonUninstall.exe
C:\WINDOWS\system32\ygjgngvg.ini2
F:\Adobe Photoshop CS3 Crack+Keygen\Keygen.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\0
C:\WINDOWS\system32\0
C:\WINDOWS\system32\qqtwa.bak1
C:\WINDOWS\system32\qqtwa.bak2
C:\WINDOWS\system32\qqtwa.ini2
C:\WINDOWS\system32\SpoonUninstall.exe
C:\WINDOWS\system32\ygjgngvg.ini2

.
((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))
.

2008-03-17 19:11 . 2008-03-17 19:12 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-17 18:28 . 2008-03-17 21:09 <DIR> d-------- C:\SDFix
2008-03-16 18:10 . 2008-03-16 18:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-16 17:41 . 2008-03-16 17:42 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-16 17:41 . 2008-03-16 17:55 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-16 17:41 . 2008-03-16 17:55 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-16 16:03 . 2008-03-16 16:03 <DIR> d-------- C:\Program Files\Sygate
2008-03-16 16:03 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-03-16 16:03 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-03-16 16:03 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-03-16 16:03 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-03-16 16:03 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-03-16 16:03 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-03-16 16:03 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-03-16 14:42 . 2008-03-16 14:42 <DIR> d-------- C:\Documents and Settings\Camilla\.housecall6.6
2008-03-16 14:35 . 2008-03-16 14:36 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-16 14:35 . 2008-03-16 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-16 13:14 . 2008-03-16 13:14 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-16 13:14 . 2008-03-16 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-16 13:07 . 2008-03-16 13:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-15 21:00 . 2008-03-16 18:00 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-03-09 15:09 . 2008-03-09 15:09 332 --a------ C:\WINDOWS\desctemp.dat
2008-03-09 14:58 . 2008-03-09 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-03-09 14:56 . 2008-03-09 14:56 <DIR> d-------- C:\Program Files\IVT Corporation
2008-03-01 18:54 . 2008-03-01 18:54 <DIR> d-------- C:\Program Files\Common Files\INCA Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 18:57 84,534,048 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-18 18:18 3,395,104 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-18 18:18 261,848 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-18 18:18 1,140,668 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-16 21:19 --------- d-----w C:\Program Files\World of Warcraft
2008-03-16 18:15 --------- d-----w C:\Program Files\Free Download Manager
2008-03-16 12:44 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-03-16 12:43 --------- d-----w C:\Program Files\Bridge Building Game
2008-03-15 21:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-10 06:18 --------- d-----w C:\Documents and Settings\Camilla\Application Data\LimeWire
2008-03-08 22:35 --------- d-----w C:\Documents and Settings\Camilla\Application Data\Skype
2008-03-02 14:42 --------- d-----w C:\Documents and Settings\Camilla\Application Data\Azureus
2008-02-28 16:51 --------- d-----w C:\Documents and Settings\Camilla\Application Data\Image Zone Express
2008-02-19 13:12 --------- d-----w C:\Program Files\LimeWire
2008-02-17 20:47 --------- d-----w C:\Program Files\Illustrate
2008-02-17 20:47 --------- d-----w C:\Documents and Settings\Camilla\Application Data\AccurateRip
2008-02-16 10:34 --------- d-----w C:\Program Files\Google
2008-02-08 19:30 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-07 09:13 542 ----a-w C:\Documents and Settings\Camilla\Application Data\wklnhst.dat
2008-02-03 11:27 --------- d-----w C:\Documents and Settings\Camilla\Application Data\Qtrax1
2008-02-03 11:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-01-29 22:23 --------- d-----w C:\Program Files\Gadu-Gadu
2008-01-27 18:06 --------- d-----w C:\Program Files\iTunes
2008-01-26 20:54 --------- d-----w C:\Program Files\IDoser v4
2008-01-19 22:52 --------- d-----w C:\Program Files\iPod
2008-01-19 22:51 --------- d-----w C:\Program Files\QuickTime
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 23:28 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
1999-07-07 00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
.

((((((((((((((((((((((((((((( snapshot@2008-03-18_18.26.56.70 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-18 18:08:00 12,331 ----a-w C:\WINDOWS\system32\Tablet.dat
+ 2008-03-18 18:23:41 12,331 ----a-w C:\WINDOWS\system32\Tablet.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-03 13:21 3461120]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00 455168]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
"ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 14:00 208952]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-01 15:53 185896]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 13:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 18:09 139367]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 14:57 133016]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 00:05 200704]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
--a------ 2003-05-02 10:31 24576 c:\apps\ABoard\ABoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyWhere]
C:\Program Files\InfoKing\InfoPen-AnyWhere\AnyWhere.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 14:57 133016 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DetectorApp]
--a------ 2005-10-20 06:15 102400 C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-05-18 13:27 16207872 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
--a------ 2005-11-17 09:51 975360 C:\APPS\SMP\SmpSys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-04-01 15:53 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vade Retro Outlook Express]
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\NeverwinterNights\\NWN\\nwmain.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"6112:TCP"= 6112:TCP:Blizzard Downloader

R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 15:34]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 10:45]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-15 22:41:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-16 18:00:08 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 18:57:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-03-18 18:58:02
ComboFix-quarantined-files.txt 2008-03-18 18:58:00
ComboFix2.txt 2008-03-18 18:27:16
.
2008-03-15 23:05:34 --- E O F ---




HijackThis Log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:00:29, on 18/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ig?hl=pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: desktop_minion4260671805.lnk = C:\Program Files\Codemasters Overlord Desktop Minion\desktop_minion.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Camilla\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activ...nfosFinder2.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9501 bytes

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:56 PM

Posted 18 March 2008 - 02:28 PM

Hi,

Almost done :thumbsup:

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Then, as a final cleanup..

* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply and also let me know how things are now.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 Shyntwyss

Shyntwyss
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Manchester
  • Local time:11:56 AM

Posted 18 March 2008 - 03:50 PM

The ESET online scanner is still running right now. Although it's been about an hour, it's still only less than half way through the scan.
In the meantime Kaspersky has also been scanning in the background and while I was drinking tea I got that horrible noise that Kaspersky makes when it finds threats hit my ears really loudly.
detected: Trojan program Trojan.Win32.Zapchast.fm File: C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP312\A0180267.exe/UPX
I will post the log of what ESET found when it has finished. Until now it says it found 60 threats

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:56 PM

Posted 18 March 2008 - 03:53 PM

and while I was drinking tea I got that horrible noise that Kaspersky makes when it finds threats hit my ears really loudly.
detected: Trojan program Trojan.Win32.Zapchast.fm File: C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP312\A0180267.exe/UPX

Hi, That's nothing really to worry about as this is only in your System restore points. We will deal with this afterwards.
Did you uninstall Combofix as requested? Beause it actually flushes your System restore points (except for the latest one).

Anyway, we'll see afterwards :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 Shyntwyss

Shyntwyss
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Manchester
  • Local time:11:56 AM

Posted 18 March 2008 - 04:44 PM

Yeah, I've uninstalled ComboFix and it seems Kaspersky was still detecting all those trojan files (they've been deleted)

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2957 (20080318)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=944fe52044273245b78f6cc3316889f9
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-03-18 09:37:50
# local_time=2008-03-18 09:37:50 (+0000, GMT Standard Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 2
# scanned=579904
# found=115
# scan_time=6711
C:\SDFix\backups_old\10exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\11exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\14exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\15exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\17exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\24exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\25exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\27exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\28exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\2exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\31exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\32exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\33exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\35exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\39exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\3exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\41exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\42exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\43exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\45exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\46exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\49exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\4exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\52exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\53exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\57exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\58exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\59exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\62exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\65exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\68exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\70exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\71exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\74exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\75exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\77exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\78exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\80exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\81exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\82exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\83exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\85exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\86exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\87exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\89exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\8exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\90exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\97exgmrgml19.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP312\A0180310.exe probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP312\A0180326.exe Win32/TrojanProxy.Horst.AAE trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP312\A0180332.exe Win32/TrojanProxy.Horst.AAE trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP312\A0180347.exe Win32/TrojanProxy.Horst.AAE trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP312\A0180356.exe Win32/TrojanProxy.Horst.AAE trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP312\A0180374.exe Win32/TrojanProxy.Horst.AAE trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP312\A0180382.exe Win32/TrojanProxy.Horst.AAE trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP312\A0180389.exe Win32/TrojanProxy.Horst.AAE trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP312\A0180393.exe Win32/TrojanProxy.Horst.AAE trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP312\A0180397.exe Win32/TrojanProxy.Horst.AAE trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP312\A0180526.exe Win32/Zapchast.EL trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP312\A0180798.exe Win32/Zapchast.EL trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP312\A0181065.exe probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP312\A0181318.exe Win32/Zapchast.EL trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0184982.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0184983.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0184984.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0184985.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0184986.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0184987.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0184988.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0184989.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0184990.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0184991.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0184992.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0184993.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0184994.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0184995.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0184996.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0184997.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0184998.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0184999.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185000.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185001.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185002.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185003.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185004.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185005.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185006.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185007.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185008.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185009.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185010.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185011.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185012.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185013.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185014.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185015.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185016.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185017.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185018.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185019.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185020.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185021.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185022.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185023.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185024.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185025.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185026.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185027.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185028.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP317\A0185029.exe Win32/Medbot.IT trojan (unable to clean - deleted) 00000000000000000000000000000000



HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44:39, on 18/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ig?hl=pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3005531133-749170791-1580215723-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: desktop_minion4260671805.lnk = C:\Program Files\Codemasters Overlord Desktop Minion\desktop_minion.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Camilla\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activ...nfosFinder2.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9927 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users