Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie Popups While Firefox Is Running


  • This topic is locked This topic is locked
16 replies to this topic

#1 JTIMMY712

JTIMMY712

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 18 June 2008 - 02:52 PM

whenever i start firefox ie7 starts and pop ups appear everywhere here is a copy of my latest log from hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:44:42 PM, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.yahoo.com/search?p=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: (no name) - {236bd960-2fab-4645-9bc1-dae85904734e} - (no file)
O3 - Toolbar: (no name) - {236bd960-2fab-4645-9bc1-dae85904734e} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Rapget] E:\PROGRAMS\rapget140\rapget.exe
O4 - HKLM\..\Run: [3c4c3495] rundll32.exe "C:\WINDOWS\system32\eikvgehk.dll",b
O4 - HKLM\..\Run: [{ebe4ab53-fdc6-248a-6bd4-1d3b4f18d3bd}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{4ffaf537-341d-b639-d638-73642dbc5849}.dll" DllStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Giganews Accelerator.lnk = C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
O4 - Global Startup: Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
O4 - Global Startup: Shortcut to sidebar.lnk = C:\Program Files\Windows Sidebar\sidebar.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download with Rapget - E:\PROGRAMS\rapget140\rapget.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: RoboForm TaskBar Icon - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra 'Tools' menuitem: RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

thanks in advance

BC AdBot (Login to Remove)

 


m

#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:24 AM

Posted 18 June 2008 - 04:31 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 JTIMMY712

JTIMMY712
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 18 June 2008 - 06:30 PM

Thanks for the help here are my new logs

Deckard's System Scanner v20071014.68
Run by Admin on 2008-06-17 19:08:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
45: 2008-06-17 23:08:57 UTC - RP47 - Deckard's System Scanner Restore Point
44: 2008-06-17 03:35:08 UTC - RP46 - System Checkpoint
43: 2008-06-16 03:04:41 UTC - RP45 - System Checkpoint
42: 2008-06-14 18:20:55 UTC - RP44 - System Checkpoint
41: 2008-06-12 22:35:07 UTC - RP43 - System Checkpoint


-- First Restore Point --
1: 2008-06-04 02:39:11 UTC - RP3 - Installed Adobe Reader 8.1.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:49 PM, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\ClipCache\clipc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Admin\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.yahoo.com/search?p=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: (no name) - {236bd960-2fab-4645-9bc1-dae85904734e} - (no file)
O2 - BHO: (no name) - {0fd31f8c-67b0-4b86-9215-0fb31db109de} - C:\WINDOWS\system32\jlswyxmt.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {34D2D9EA-C457-4984-8472-C00C3FD563D3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5D39E5DE-292B-4A21-894C-C460A6E74EDD} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7CA2AA2B-7446-4B5D-870A-EEF0597D25C5} - (no file)
O2 - BHO: (no name) - {81EA3F36-357A-435A-8741-52C27CCC9F21} - C:\WINDOWS\system32\fccaXPfg.dll
O2 - BHO: targetedbanner browser optimizer - {823381fc-ebdb-af68-0a47-ec249c726c63} - C:\WINDOWS\system32\{4ffaf537-341d-b639-d638-73642dbc5849}.dll
O2 - BHO: (no name) - {91F35D00-14C5-4730-AAEB-893954CA0FC2} - (no file)
O2 - BHO: {5fcc0c1a-98bf-a569-8224-7a4c5b5eb93a} - {a39be5b5-c4a7-4228-965a-fb89a1c0ccf5} - C:\WINDOWS\system32\cbglnikf.dll
O2 - BHO: (no name) - {C26B3885-45F0-41D8-BD31-6500D8937DEF} - C:\WINDOWS\system32\efcBuuSk.dll
O2 - BHO: SBBho Class - {c9803b12-f0a0-11dc-95ff-0800200c9a66} - C:\WINDOWS\TinyBHO.dll
O2 - BHO: (no name) - {DA62446E-02CB-43FD-945D-3F3CDA177661} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {236bd960-2fab-4645-9bc1-dae85904734e} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [3c4c3495] rundll32.exe "C:\WINDOWS\system32\eikvgehk.dll",b
O4 - HKLM\..\Run: [{ebe4ab53-fdc6-248a-6bd4-1d3b4f18d3bd}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{4ffaf537-341d-b639-d638-73642dbc5849}.dll" DllStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Giganews Accelerator.lnk = C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
O4 - Global Startup: Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
O4 - Global Startup: Shortcut to sidebar.lnk = C:\Program Files\Windows Sidebar\sidebar.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download with Rapget - E:\PROGRAMS\rapget141\rapget.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: RoboForm TaskBar Icon - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra 'Tools' menuitem: RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: fccaXPfg - C:\WINDOWS\SYSTEM32\fccaXPfg.dll
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

--
End of file - 11545 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 arp13944 - c:\windows\system32\drivers\arp13944.sys
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R1 sdpiosys - c:\windows\system32\drivers\sdpiosys.sys
R3 cmuda (C-Media WDM Audio Interface) - c:\windows\system32\drivers\cmuda.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 neokdss - c:\windows\system32\drivers\neokdss.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 MsSecurity1.209.4 (MsSecurity Updated) - c:\windows\444.470 service
S4 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: SiS 900 PCI Fast Ethernet Adapter
Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_09001039&REV_90\3&61AAA01&0&20
Manufacturer: SiS
Name: SiS 900 PCI Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_09001039&REV_90\3&61AAA01&0&20
Service: SISNICXP


-- Files created between 2008-05-17 and 2008-06-17 -----------------------------

2008-06-17 17:33:00 0 d-------- C:\roscoe
2008-06-17 08:22:11 98816 --a------ C:\WINDOWS\system32\cbglnikf.dll
2008-06-17 08:19:12 80896 --a------ C:\WINDOWS\system32\eikvgehk.dll
2008-06-17 08:16:12 89600 --a------ C:\WINDOWS\system32\vvpgcqcs.dll
2008-06-16 08:19:11 99328 --a------ C:\WINDOWS\system32\mlpigegd.dll
2008-06-16 08:16:11 90112 --a------ C:\WINDOWS\system32\ejmkqvlb.dll
2008-06-15 08:16:11 99328 --a------ C:\WINDOWS\system32\uooukbno.dll
2008-06-15 08:13:17 90112 --a------ C:\WINDOWS\system32\sxummnsj.dll
2008-06-14 08:15:38 99840 --a------ C:\WINDOWS\system32\owelvkle.dll
2008-06-14 08:12:44 90112 --a------ C:\WINDOWS\system32\owffxvfl.dll
2008-06-13 08:14:57 98304 --a------ C:\WINDOWS\system32\ifglmvkk.dll
2008-06-13 08:12:10 89600 --a------ C:\WINDOWS\system32\namrnsnp.dll
2008-06-12 13:10:17 0 d-------- C:\WINDOWS\Easy CD-DA Extractor 11.1
2008-06-12 13:10:17 0 d-------- C:\Program Files\Easy CD-DA Extractor 11
2008-06-12 08:12:13 98304 --a------ C:\WINDOWS\system32\jlswyxmt.dll
2008-06-12 08:11:58 89600 --a------ C:\WINDOWS\system32\snkbrkgy.dll
2008-06-11 08:10:55 98816 --a------ C:\WINDOWS\system32\iwwdttyh.dll
2008-06-11 08:10:50 80896 --a------ C:\WINDOWS\system32\yiumaxsq.dll
2008-06-11 08:10:37 89600 --a------ C:\WINDOWS\system32\sgkkjiij.dll
2008-06-11 07:10:29 0 d-------- C:\Program Files\FlashGet
2008-06-10 08:18:00 91648 --a------ C:\WINDOWS\system32\yspgnkkl.dll
2008-06-10 08:14:25 109056 --a------ C:\WINDOWS\system32\vvjeohjr.dll
2008-06-10 08:11:25 89489 --a------ C:\WINDOWS\system32\iljfwjcn.dll
2008-06-09 06:41:57 109056 --a------ C:\WINDOWS\system32\agqinowv.dll
2008-06-09 06:38:55 100352 --a------ C:\WINDOWS\system32\wuiqxgnw.dll
2008-06-09 06:27:28 0 d-------- C:\Program Files\FDRLab
2008-06-08 06:41:55 109056 --a------ C:\WINDOWS\system32\rkqjvupr.dll
2008-06-08 06:36:36 100864 --a------ C:\WINDOWS\system32\qljslueo.dll
2008-06-07 06:37:57 108544 --a------ C:\WINDOWS\system32\xtcdvocr.dll
2008-06-07 06:37:38 100352 --a------ C:\WINDOWS\system32\dypwmqie.dll
2008-06-06 12:39:46 108544 --a------ C:\WINDOWS\system32\faniqort.dll
2008-06-06 12:36:46 92160 --a------ C:\WINDOWS\system32\dgxjekyh.dll
2008-06-06 12:30:47 101376 --a------ C:\WINDOWS\system32\ahaijbct.dll
2008-06-05 12:30:17 136192 --a------ C:\WINDOWS\system32\dtyskfap.dll
2008-06-05 12:28:05 125952 --a------ C:\WINDOWS\system32\sjojdyks.dll
2008-06-04 19:25:39 691545 --a------ C:\WINDOWS\unins000.exe
2008-06-04 19:25:38 2538 --a------ C:\WINDOWS\unins000.dat
2008-06-04 17:10:59 34 --ah----- C:\WINDOWS\system32\OkokerIESecurityPopUpBlocker_sysquicts.dat
2008-06-04 12:37:50 133120 --a------ C:\WINDOWS\system32\wmrxoras.dll
2008-06-04 12:34:50 117248 --a------ C:\WINDOWS\system32\aldqbxtm.dll
2008-06-04 12:28:50 2560 --a------ C:\WINDOWS\system32\sokleiru.exe
2008-06-04 12:26:33 126976 --a------ C:\WINDOWS\system32\rfcweabu.dll
2008-06-04 00:58:39 66 --a------ C:\WINDOWS\äCĂ
2008-06-04 00:29:42 0 d-------- C:\Program Files\Common Files\NSV
2008-06-03 22:48:57 260 --a------ C:\WINDOWS\17PHolmes1000106.exe
2008-06-03 22:48:36 86144 --a------ C:\WINDOWS\system32\drivers\arp13944.sys
2008-06-03 22:48:33 0 d-------- C:\WINDOWS\system32\Vco1
2008-06-03 22:48:33 0 d-------- C:\WINDOWS\system32\sTMP
2008-06-03 22:48:33 0 d-------- C:\WINDOWS\system32\fIE
2008-06-03 22:48:33 0 d-------- C:\WINDOWS\system32\Dev3
2008-06-03 22:48:33 0 d-------- C:\WINDOWS\system32\a053
2008-06-03 22:48:33 0 d-------- C:\WINDOWS\system32\6026c
2008-06-03 22:48:02 0 d-------- C:\WINDOWS\system32\vntiho06
2008-06-03 22:47:49 0 d-------- C:\Temp
2008-06-03 22:46:17 0 d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2008-06-03 22:45:37 260 --a------ C:\WINDOWS\17PHolmes1868.exe
2008-06-03 22:45:23 57344 --a------ C:\WINDOWS\system32\mlJYropQ.dll
2008-06-03 22:40:07 0 d-------- C:\Program Files\Winamp Toolbar
2008-06-03 22:40:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-06-03 22:39:41 0 d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-06-03 22:39:32 0 d-------- C:\Program Files\Winamp Remote
2008-06-03 22:39:00 689415 --ahs---- C:\WINDOWS\system32\kSuuBcfe.ini2
2008-06-03 22:38:53 371712 --a------ C:\WINDOWS\system32\efcBuuSk.dll
2008-06-03 22:36:03 0 d-------- C:\Program Files\Winamp
2008-06-03 22:36:03 0 d-------- C:\Documents and Settings\Admin\Application Data\Winamp
2008-06-03 22:33:37 58880 --a------ C:\WINDOWS\system32\fccaXPfg.dll
2008-06-03 03:04:19 0 d-------- C:\Program Files\Magic Image Resizer
2008-06-02 20:56:28 0 d-------- C:\Program Files\Chapura
2008-06-02 04:10:15 0 d-------- C:\Documents and Settings\Admin\Application Data\dvdcss
2008-06-02 00:20:41 0 d-------- C:\Documents and Settings\Admin\Application Data\LimeWire
2008-06-02 00:20:20 0 d-------- C:\WINDOWS\Sun
2008-06-02 00:20:20 0 d-------- C:\Documents and Settings\Admin\Application Data\Sun
2008-06-02 00:19:09 0 d-------- C:\Program Files\Java
2008-06-02 00:15:55 0 d-------- C:\Program Files\Common Files\Java
2008-06-02 00:01:38 0 d-------- C:\Documents and Settings\Admin\Application Data\kantaris
2008-06-02 00:00:53 0 d-------- C:\Program Files\Haali
2008-06-01 23:57:58 0 d-------- C:\Program Files\QO Developments
2008-06-01 23:55:02 0 d-------- C:\Program Files\LimeWire
2008-06-01 23:53:33 0 d-------- C:\Program Files\Kantaris
2008-06-01 22:53:10 0 d-------- C:\Program Files\Fantastic Flame Screensaver
2008-06-01 22:53:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Laconic Software
2008-06-01 08:04:02 0 d-------- C:\Documents and Settings\Admin\Application Data\ieSpell
2008-06-01 05:57:27 0 d-------- C:\Program Files\DVDInfoPro
2008-06-01 03:52:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\PCToolsSpamMonitorPlus
2008-06-01 03:52:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\PCToolsFirewallPlus
2008-05-31 22:52:54 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-31 20:53:40 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-31 20:53:23 0 d-------- C:\Program Files\VIA
2008-05-31 20:46:08 110602 --a------ C:\WINDOWS\system32\xcdsfx32.bin
2008-05-31 20:46:08 0 d-------- C:\Program Files\Driver Magician
2008-05-31 20:21:09 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-05-31 20:21:09 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-05-31 17:21:01 0 d-------- C:\Documents and Settings\Admin\Application Data\DivX
2008-05-31 04:33:32 0 d-------- C:\Program Files\SlySoft
2008-05-31 02:54:22 0 d-------- C:\Documents and Settings\Admin\Application Data\ImgBurn
2008-05-31 02:51:10 0 d-------- C:\Program Files\ImgBurn
2008-05-31 01:29:18 0 d-------- C:\Program Files\iPrep 101
2008-05-31 00:46:12 0 d-------- C:\Documents and Settings\Admin\Application Data\Xbins
2008-05-30 22:16:35 0 d-------- C:\Program Files\Absolute Sound Recorder
2008-05-30 17:13:26 0 d-------- C:\sun
2008-05-30 03:13:05 0 d-------- C:\Documents and Settings\Admin\Application Data\PCToolsFirewallPlus
2008-05-30 03:13:04 0 d-------- C:\Documents and Settings\Admin\Application Data\PCToolsSpamMonitorPlus
2008-05-30 03:09:01 0 d-------- C:\Program Files\PC Tools Internet Security
2008-05-30 02:41:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-05-30 02:26:21 0 d-------- C:\Documents and Settings\All Users\Application Data\SRSLabs
2008-05-30 02:19:11 0 d-------- C:\Program Files\SRSLabs
2008-05-30 02:19:11 0 d-------- C:\Program Files\Common Files\SRS
2008-05-30 00:05:39 0 d-------- C:\WINDOWS\CAVTemp
2008-05-30 00:00:46 0 d-------- C:\Documents and Settings\Default User\Application Data\CallingID
2008-05-29 23:56:28 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-05-29 05:09:53 0 d-------- C:\Documents and Settings\Admin\Application Data\F-Secure
2008-05-29 04:59:21 0 d-------- C:\Program Files\F-Secure Internet Security
2008-05-29 04:59:14 0 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-05-29 04:58:54 0 d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-05-29 04:47:40 0 d-------- C:\Program Files\Alcohol Soft
2008-05-29 04:35:14 0 d--h----- C:\WINDOWS\PIF
2008-05-29 04:21:43 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-29 03:50:00 0 d-------- C:\Documents and Settings\Admin\Application Data\vlc
2008-05-29 03:42:02 715248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-29 03:42:00 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-29 02:03:27 0 d-------- C:\Program Files\VeryPDF PDF2Word v3.0
2008-05-28 19:11:13 0 d-------- C:\Program Files\VideoLAN
2008-05-28 19:01:58 0 d-------- C:\LIFE
2008-05-28 18:34:03 14 --a------ C:\WINDOWS\system32\SysEngineDrive1.sys
2008-05-28 18:32:43 354816 --a------ C:\WINDOWS\system32\psisdecd.dll
2008-05-28 18:32:34 0 d-------- C:\Program Files\BlazeVideo
2008-05-28 17:55:50 0 d-------- C:\Program Files\DVDFab 5
2008-05-28 16:54:03 0 d-------- C:\Documents and Settings\Admin\Application Data\Pioneer
2008-05-28 16:33:15 0 d-------- C:\WINDOWS\system32\ipp20
2008-05-28 16:32:48 0 d-------- C:\Program Files\Pioneer
2008-05-28 16:28:24 0 d-------- C:\Documents and Settings\Admin\Application Data\Media Player Classic
2008-05-28 02:17:31 0 d-------- C:\Documents and Settings\Admin\Application Data\Intermedia Software
2008-05-28 02:16:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Intermedia Software
2008-05-28 02:16:17 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-05-28 02:16:16 0 d-------- C:\Program Files\Intermedia Software
2008-05-28 01:45:40 0 d-------- C:\Documents and Settings\Admin\Application Data\Ashampoo
2008-05-28 01:42:46 0 d-------- C:\Documents and Settings\Admin\Application Data\foobar2000
2008-05-28 01:29:04 0 d-------- C:\Documents and Settings\Admin\Application Data\Thunderbird
2008-05-28 01:28:24 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-05-28 01:28:22 0 d-------- C:\Program Files\dlDone
2008-05-28 01:23:56 0 d-------- C:\Program Files\SABnzbd
2008-05-27 22:44:30 0 d-------- C:\Program Files\foobar2000
2008-05-27 15:38:26 0 d-------- C:\Program Files\DVD Decrypter
2008-05-27 15:31:22 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-27 15:31:14 0 d-------- C:\Program Files\DVD Shrink
2008-05-27 02:45:23 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-05-27 02:45:23 47360 --a------ C:\Documents and Settings\Admin\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-05-27 02:45:22 0 d-------- C:\Documents and Settings\Admin\Application Data\Vso
2008-05-27 02:45:11 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-05-27 02:45:11 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-05-27 02:45:11 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-05-27 02:45:11 65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-05-27 02:45:10 626688 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-05-27 02:45:07 0 d-------- C:\Program Files\VSO
2008-05-27 02:45:04 0 dr-h----- C:\Documents and Settings\Admin\Recent
2008-05-27 02:19:39 0 d-------- C:\Documents and Settings\Admin\Application Data\Uniblue
2008-05-26 23:37:20 0 d-------- C:\Program Files\Sportsbook Poker
2008-05-26 23:35:39 0 d-------- C:\Program Files\Sportsbook.com Casino
2008-05-26 23:31:08 0 d-------- C:\Documents and Settings\Admin\Application Data\Opera
2008-05-26 23:04:06 155648 --a------ C:\WINDOWS\system32\libssl32.dll
2008-05-26 23:03:53 0 d-------- C:\OpenSSL
2008-05-26 23:00:25 0 d-------- C:\Documents and Settings\Admin\Application Data\GoodSync
2008-05-26 22:40:11 0 d-------- C:\Documents and Settings\Admin\Application Data\ExplorerPlus
2008-05-26 22:22:38 0 d-------- C:\Documents and Settings\Admin\Application Data\XRayz
2008-05-26 22:21:11 0 d-------- C:\Program Files\ClipCache
2008-05-26 21:50:21 0 d-------- C:\Documents and Settings\Admin\Application Data\Arcsoft
2008-05-26 21:44:38 0 d-------- C:\Program Files\PalmTether
2008-05-26 21:44:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Sprint
2008-05-26 21:44:35 0 d-------- C:\Program Files\Sprint
2008-05-26 21:44:35 0 d-------- C:\Program Files\Common Files\Sprint
2008-05-26 21:30:42 0 d-------- C:\Program Files\Sprint music manager
2008-05-26 20:35:27 0 d-------- C:\WINDOWS\system32\oodag
2008-05-26 20:32:20 0 d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2008-05-26 20:31:41 0 d-------- C:\Program Files\Palm
2008-05-26 20:26:43 0 d-------- C:\Documents and Settings\Admin\Application Data\HotSync
2008-05-26 20:26:34 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-26 20:05:43 0 d-------- C:\Documents and Settings\LocalService\Application Data\VMware
2008-05-26 20:05:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\Acronis
2008-05-26 19:51:00 0 d-------- C:\WINDOWS\pss
2008-05-26 19:43:42 0 d-------- C:\WINDOWS\WINDOWS
2008-05-26 19:43:36 0 d-------- C:\Program Files\Siber Systems
2008-05-26 19:42:30 0 d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2008-05-26 19:38:32 0 d-------- C:\Program Files\Collectorz.com
2008-05-26 19:38:01 0 d-------- C:\Documents and Settings\Admin\Application Data\WinRAR
2008-05-26 17:50:29 0 d-------- C:\Documents and Settings\Admin\Application Data\Adobe
2008-05-26 16:59:59 0 d-------- C:\Documents and Settings\Admin\dwhelper
2008-05-26 15:12:20 0 d-------- C:\WINDOWS\My Video Downloader
2008-05-26 15:12:20 0 d-------- C:\Program Files\My Video Downloader
2008-05-26 15:10:11 0 d-------- C:\Program Files\ieSpell
2008-05-26 11:54:48 365568 --a------ C:\WINDOWS\system32\{4ffaf537-341d-b639-d638-73642dbc5849}.dll
2008-05-26 07:27:49 0 d-------- C:\Program Files\PowerDataRecovery
2008-05-26 07:22:00 0 d-------- C:\Program Files\QuickPar
2008-05-26 06:41:32 0 d-------- C:\NZB Auto Import Folder
2008-05-26 06:39:22 0 d-------- C:\NEWSLEECHER
2008-05-26 06:31:29 0 d-------- C:\Program Files\Giganews Accelerator
2008-05-26 06:22:07 0 d-------- C:\Documents and Settings\Admin\Downloads
2008-05-26 06:22:01 0 d-------- C:\Documents and Settings\Admin\Application Data\NewsLeecher
2008-05-26 06:17:34 0 d-------- C:\Program Files\NewsLeecher
2008-05-26 06:14:28 0 d-------- C:\Documents and Settings\Admin\Application Data\Avant Profiles
2008-05-26 06:11:54 0 d-------- C:\Program Files\Avant Browser
2008-05-26 06:08:40 0 d-------- C:\Documents and Settings\Admin\Application Data\Macromedia
2008-05-26 06:04:24 0 d-------- C:\Documents and Settings\Admin\Application Data\VMware
2008-05-26 06:03:45 0 d-------- C:\Documents and Settings\NetworkService\Application Data\VMware
2008-05-26 06:02:03 0 d-------- C:\Documents and Settings\All Users\Application Data\VMware
2008-05-26 06:02:01 0 d-------- C:\Program Files\VMware
2008-05-26 06:02:01 0 d-------- C:\Program Files\Common Files\VMware
2008-05-26 05:59:52 0 d-------- C:\Documents and Settings\Admin\Application Data\ESET
2008-05-26 05:58:42 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-05-26 05:57:54 0 d-------- C:\Program Files\InstallShield Installation Information
2008-05-26 05:57:47 0 d-------- C:\Program Files\Symantec
2008-05-26 05:57:38 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-26 05:57:30 0 d-------- C:\Program Files\Kingdia Software
2008-05-26 05:57:26 0 d-------- C:\Program Files\Dvd-cloner
2008-05-26 05:56:14 0 d-------- C:\WINDOWS\system32\URTTEMP
2008-05-26 05:48:39 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-05-26 05:48:17 0 d-------- C:\Program Files\Reference Assemblies
2008-05-26 05:47:42 0 d-------- C:\Program Files\MSXML 6.0
2008-05-26 05:46:34 124416 -----n--- C:\WINDOWS\system32\prntvpt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-26 05:45:53 0 d-------- C:\Program Files\My Company Name
2008-05-26 05:45:34 0 d-------- C:\Program Files\Quick Batch File Compiler
2008-05-26 05:45:27 0 d-------- C:\Program Files\OO Software
2008-05-26 05:45:19 0 d-------- C:\Program Files\Notepad++
2008-05-26 05:45:19 0 d-------- C:\Documents and Settings\Admin\Application Data\Notepad++
2008-05-26 05:40:14 0 d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-05-26 05:40:10 0 d-------- C:\Program Files\Ashampoo
2008-05-26 05:40:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Acronis
2008-05-26 05:39:35 0 d-------- C:\Program Files\Common Files\Acronis
2008-05-26 05:39:35 0 d-------- C:\Program Files\Acronis
2008-05-26 05:34:27 0 d-------- C:\Program Files\Microsoft Works
2008-05-26 05:34:17 0 d-------- C:\Program Files\MSBuild
2008-05-26 05:30:06 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-26 05:29:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-26 05:29:17 0 dr-h----- C:\MSOCache
2008-05-26 05:27:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-26 05:27:54 0 d-------- C:\Program Files\Common Files\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-06-17 14:29:20 0 d-------- C:\Documents and Settings\Admin\Application Data\Mozilla
2008-06-05 19:28:33 0 d-------- C:\Program Files\Online Services
2008-06-04 00:29:42 0 d-------- C:\Program Files\Common Files
2008-05-30 00:53:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 01:44:56 0 d-------- C:\Program Files\nLite
2008-05-27 02:45:32 34 --a------ C:\Documents and Settings\Admin\Application Data\pcouffin.log
2008-05-27 02:45:23 1144 --a------ C:\Documents and Settings\Admin\Application Data\pcouffin.inf
2008-05-27 02:45:23 7887 --a------ C:\Documents and Settings\Admin\Application Data\pcouffin.cat
2008-05-26 06:10:36 0 d-------- C:\Program Files\BlackXP
2008-05-14 14:13:54 77824 --a------ C:\WINDOWS\h8907435.exe <Not Verified; ; h8907435>
2008-05-14 13:08:04 217088 --a------ C:\WINDOWS\TinyBHO.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0fd31f8c-67b0-4b86-9215-0fb31db109de}]
06/12/2008 08:12 AM 98304 --a------ C:\WINDOWS\system32\jlswyxmt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34D2D9EA-C457-4984-8472-C00C3FD563D3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D39E5DE-292B-4A21-894C-C460A6E74EDD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CA2AA2B-7446-4B5D-870A-EEF0597D25C5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81EA3F36-357A-435A-8741-52C27CCC9F21}]
06/03/2008 10:33 PM 58880 --a------ C:\WINDOWS\system32\fccaXPfg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{823381fc-ebdb-af68-0a47-ec249c726c63}]
05/26/2008 11:54 AM 365568 --a------ C:\WINDOWS\system32\{4ffaf537-341d-b639-d638-73642dbc5849}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91F35D00-14C5-4730-AAEB-893954CA0FC2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a39be5b5-c4a7-4228-965a-fb89a1c0ccf5}]
06/17/2008 08:22 AM 98816 --a------ C:\WINDOWS\system32\cbglnikf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C26B3885-45F0-41D8-BD31-6500D8937DEF}]
06/03/2008 10:38 PM 371712 --a------ C:\WINDOWS\system32\efcBuuSk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c9803b12-f0a0-11dc-95ff-0800200c9a66}]
05/14/2008 01:08 PM 217088 --a------ C:\WINDOWS\TinyBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA62446E-02CB-43FD-945D-3F3CDA177661}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [12/21/2007 08:21 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"3c4c3495"="C:\WINDOWS\system32\eikvgehk.dll" [06/17/2008 08:19 AM]
"{ebe4ab53-fdc6-248a-6bd4-1d3b4f18d3bd}"="C:\WINDOWS\system32\{4ffaf537-341d-b639-d638-73642dbc5849}.dll" [05/26/2008 11:54 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 04:00 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Giganews Accelerator.lnk - C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe [12/18/2007 8:49:40 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Shortcut to RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe [10/18/2002 3:52:09 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81EA3F36-357A-435A-8741-52C27CCC9F21}"= C:\WINDOWS\system32\fccaXPfg.dll [06/03/2008 10:33 PM 58880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaXPfg]
fccaXPfg.dll 06/03/2008 10:33 PM 58880 C:\WINDOWS\system32\fccaXPfg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap C:\WINDOWS\system32\efcBuuSk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^ClipCache Pro.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\Startup\ClipCache Pro.lnk
backup=C:\WINDOWS\pss\ClipCache Pro.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^MEMonitor.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\Startup\MEMonitor.lnk
backup=C:\WINDOWS\pss\MEMonitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fantastic Flame Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Fantastic Flame Agent.lnk
backup=C:\WINDOWS\pss\Fantastic Flame Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to RocketDock.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to RocketDock.lnk
backup=C:\WINDOWS\pss\Shortcut to RocketDock.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to sidebar.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to sidebar.lnk
backup=C:\WINDOWS\pss\Shortcut to sidebar.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^vmnet.exe.lnk]
backup=C:\WINDOWS\pss\vmnet.exe.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\vmnet.exe.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3c4c3495]
rundll32.exe "C:\WINDOWS\system32\yspgnkkl.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
"C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
"C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM3f7f0709]
Rundll32.exe "C:\WINDOWS\system32\wuiqxgnw.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
"C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
"C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooccctrl.exe]
C:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
"C:\Program Files\Agnitum\Outpost Security Suite Pro\feedback.exe" /dump:os_startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PalmTether]
"C:\Program Files\PalmTether\TetherApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rapget]
E:\PROGRAMS\rapget141\rapget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
"C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
"C:\Program Files\RocketDock\RocketDock.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaDrive]
C:\WINDOWS\VistaDrive.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmnet]
C:\WINDOWS\WINDOWS\vmnet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
"C:\Program Files\VMware\VMware Workstation\hqtray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
"C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{ebe4ab53-fdc6-248a-6bd4-1d3b4f18d3bd}]
C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{4ffaf537-341d-b639-d638-73642dbc5849}.dll" DllStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"VMAuthdService"=2 (0x2)
"ufad-ws60"=3 (0x3)
"TuneUp.Defrag"=3 (0x3)
"TryAndDecideService"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"ose"=3 (0x3)
"OOCleverCacheAgent"=2 (0x2)
"odserv"=3 (0x3)
"O&O Defrag"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
"VMware NAT Service"=2 (0x2)
"vmount2"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"NVSvc"=2 (0x2)
"NMIndexingService"=3 (0x3)
"MsSecurity1.209.4"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"EhttpSrv"=3 (0x3)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

6223 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-17 19:13:39 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.00GHz
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 1023.48 MiB / 429.23 MiB
Pagefile Memory (total/avail): 2460.68 MiB / 2023.24 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.36 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 230.93 GiB total, 78.83 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 279.47 GiB total, 30.62 GiB free.
F: is CDROM (UDF)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - Maxtor 6L300R0 - 279.47 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 279.47 GiB - E:

\\.\PHYSICALDRIVE0 - ST3250620A - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 230.93 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 2000.28 MiB



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: ESET Personal firewall v3.0.621.0 (ESET, spol. s r. o.)
AV: ESET Smart Security 3.0 v3.0 (ESET, spol. s r. o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Avant Browser\\avant.exe"="C:\\Program Files\\Avant Browser\\avant.exe:*:Enabled:Avant Browser"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"E:\\NEWSLEECHER DOWNLOADS\\xbins.exe"="E:\\NEWSLEECHER DOWNLOADS\\xbins.exe:*:Enabled:xbins"
"E:\\PROGRAMS\\XBO 360 PROGRAMS\\xbins.exe"="E:\\PROGRAMS\\XBO 360 PROGRAMS\\xbins.exe:*:Enabled:xbins"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"


-- Environment Variables -------------------------------------------------------

ALKY=C:\Program Files\Alky for Applications\Libraries\
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Admin\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PAL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Admin
LOGONSERVER=\\PAL
NUMBER_OF_PROCESSORS=1
OPENSSL_CONF=C:\OpenSSL\bin\openssl.cnf
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Alky for Applications\Libraries\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Admin\LOCALS~1\Temp
TMP=C:\DOCUME~1\Admin\LOCALS~1\Temp
USERDOMAIN=PAL
USERNAME=Admin
USERPROFILE=C:\Documents and Settings\Admin
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Admin (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {471159EB-BECC-453C-B6F2-FE4FAB29B3F3}
--> MsiExec.exe /x{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Absolute Sound Recorder version 3.3.9 --> "C:\Program Files\Absolute Sound Recorder\unins000.exe"
Acronis True Image Home --> MsiExec.exe /X{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
AI RoboForm --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AI RoboForm for Palm --> C:\Program Files\Siber Systems\AI RoboForm for Palm\uninstall.exe
Alky for Applications (Windows XP) --> MsiExec.exe /X{BB05D173-9681-4812-A7FA-BD4042A3DA00}
Ashampoo Burning Studio 7.10 --> "C:\Program Files\Ashampoo\Ashampoo Burning Studio 7\unins000.exe"
Ashampoo Music Studio 3 --> "C:\Program Files\Ashampoo\Ashampoo Music Studio 3\Uninstall\0230_Uninstall.EXE"
Avant Browser (remove only) --> "C:\Program Files\Avant Browser\uninst.exe"
BlackXP Toolbar --> C:\PROGRA~1\BlackXP\UNWISE.EXE C:\PROGRA~1\BlackXP\INSTALL.LOG
BlazeDVD 5.0 Professional --> "C:\Program Files\BlazeVideo\BlazeDVD 5 Professional\unins000.exe"
C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
ClipCache Pro 3.1.3 --> "C:\Program Files\ClipCache\unins000.exe"
CloneCD --> "C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
Collectorz.com Movie Collector --> C:\PROGRA~1\COLLEC~1.COM\MOVIEC~1\UNWISE.EXE C:\PROGRA~1\COLLEC~1.COM\MOVIEC~1\install.log
ConvertXtoDVD 3.0.0.13 --> "C:\Program Files\VSO\ConvertX\3\unins000.exe"
DJS Trial --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{178B8741-18FA-4CCD-B17F-1B9E36D55AC3} /l1033
dlDone --> C:\WINDOWS\iun6002.exe "C:\Program Files\dlDone\irunin.ini"
Driver Detective --> C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
Driver Genius Professional Edition 2007 --> "C:\Program Files\Driver-Soft\DriverGenius\unins000.exe"
Driver Magician 3.27 --> "C:\Program Files\Driver Magician\unins000.exe"
DVD-CLONER V5.00 Build 965 --> "C:\Program Files\Dvd-cloner\unins000.exe"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.2.5 --> "C:\Program Files\DVDFab 5\unins000.exe"
DVDInfoPro --> "C:\Program Files\DVDInfoPro\uninstall.exe"
Easy CD-DA Extractor 11 --> "C:\WINDOWS\Easy CD-DA Extractor 11.1\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 11\irunin.xml"
Encoders for Helium Music Manager 2008 --> "C:\Program Files\Intermedia Software\Encoders\unins000.exe"
Enhancement Browser Tools Targetedbanner --> C:\WINDOWS\system32\{4ffaf537-341d-b639-d638-73642dbc5849}.dll-uninst.exe
ESET Smart Security --> MsiExec.exe /I{A1350B64-1AF8-497B-AC07-307DF67FB8D4}
Fantastic Flame Screensaver --> C:\Program Files\Fantastic Flame Screensaver\uninstall.exe
FlashGet(Jetcar) 1.80 --> C:\PROGRA~1\FlashGet\_UNWISE.EXE
foobar2000 v0.9.5.3 --> "C:\Program Files\foobar2000\uninstall.exe"
FoxyTunes for Firefox --> "C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Giganews Accelerator --> MsiExec.exe /I{E7300AF3-DD5B-4E86-A291-7631BE0C62C7}
GoodSync --> "C:\Program Files\Siber Systems\GoodSync\uninstall.exe"
Haali Media Splitter --> "C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
Helium Music Manager 2008 (build 6004) --> "C:\Program Files\Intermedia Software\Helium 2008\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\HijackThis\HijackThis.exe" /uninstall
ieSpell --> "C:\Program Files\ieSpell\uninst.exe"
ImgBurn --> "C:\Program Files\ImgBurn\uninstall.exe"
Intel® Integrated Performance Primitives RTI 4.0 --> MsiExec.exe /X{51C91B84-7B46-4FE7-8999-8228CFA75F89}
iPrep 101 v0.0.6.2 Beta --> C:\Program Files\iPrep 101\uninst.exe
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
K-Lite Mega Codec Pack 3.6.2 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kantaris Media Player 0.3.4 --> "C:\Program Files\Kantaris\unins000.exe"
Kingdia DVD Ripper V3.0.12 --> "C:\Program Files\Kingdia Software\Kingdia DVD Ripper\unins000.exe"
Lightroom --> MsiExec.exe /I{6297F8EC-D821-4B33-B845-8A8D1A0DF472}
LimeWire PRO 4.17.9 --> "C:\Program Files\LimeWire\uninstall.exe"
Magic Image Resizer 1.4 (remove only) --> "C:\Program Files\Magic Image Resizer\uninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
My Video Downloader --> "C:\WINDOWS\My Video Downloader\uninstall.exe" "/U:C:\Program Files\My Video Downloader\Uninstall\uninstall.xml"
Nero 8 --> MsiExec.exe /X{90AABED0-25A8-41FC-B738-224889E31033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Neuview Standard and Professional 6.08 --> "C:\Program Files\QO Developments\Neuview Media Player\unins000.exe"
NewsLeecher v3.91 Beta 1 --> "C:\Program Files\NewsLeecher\unins000.exe"
NOD32 FiX --> "E:\RAPIDSHARE FILES\nod32\Obsolete\unins000.exe"
Norton PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
O&O CleverCache --> MsiExec.exe /X{53480390-0EC4-429E-BBEE-78E19EEB03BD}
O&O Defrag Professional Edition --> MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
O&O DiskRecovery --> MsiExec.exe /X{53480880-18E0-4097-A460-F22DD3AC6D70}
OpenSSL 0.9.6m --> C:\OpenSSL\unins000.exe
Opera 9.24 --> MsiExec.exe /X{4676DB43-A5E5-40AD-ACBB-5D80AFD2AFC4}
Palm --> MsiExec.exe /X{32EF6F81-583E-4127-918D-D3768A8957C4}
PocketCopy 2.0 --> "C:\Program Files\Chapura\PocketCopy\unins000.exe"
Power Data Recovery 3.1.1 --> "C:\Program Files\PowerDataRecovery\unins000.exe"
Quick Batch File Compiler 2.1.7.0 --> "C:\Program Files\Quick Batch File Compiler\unins000.exe"
QuickPar 0.9 --> C:\Program Files\QuickPar\uninst.exe
SABnzbd (remove only) --> "C:\Program Files\SABnzbd\uninstall.exe"
save2pc Pro 3.31 --> "C:\Program Files\FDRLab\save2pc\unins000.exe"
Shockwave Player --> MsiExec.exe /X{103906AD-C60E-4E65-BC84-CE980D19CE41}
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\WINDOWS\SiS\900\Uninst.exe
Sportsbook.com --> "C:\Program Files\Sportsbook.com Casino\Install.exe" -u
Sportsbook.com Poker --> C:\Program Files\Sportsbook Poker\uninstall.exe
Sprint Mobile Broadband --> MsiExec.exe /I{93356AC9-C222-4547-B743-FF1903ACCE04}
Sprint music manager --> C:\PROGRA~1\SPRINT~1\Setup.exe /remove /q0
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Uniblue SpeedUpMyPC 3 --> "C:\Program Files\Uniblue\SpeedUpMyPC 3\unins000.exe"
Uniblue SpyEraser --> "C:\Program Files\Uniblue\SpyEraser\unins000.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VeryPDF PDF2Word v3.0 --> "C:\Program Files\VeryPDF PDF2Word v3.0\unins000.exe"
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VMware Workstation Lite --> MsiExec.exe /I{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Remote --> "C:\Program Files\Winamp Remote\uninstall.exe"
Winamp Toolbar for Firefox --> "C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\9dyysim0.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe"
Winamp Toolbar for Internet Explorer --> "C:\Program Files\Winamp Toolbar\uninstall.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Vista Games All In One --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\NR_VGame.inf,RemoveGames
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRar\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type475 / Error
Event Submitted/Written: 06/17/2008 04:27:08 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rapget.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [rapget.exe!ws!]

Event Record #/Type473 / Error
Event Submitted/Written: 06/14/2008 06:47:59 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rapget.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [rapget.exe!ws!]

Event Record #/Type472 / Error
Event Submitted/Written: 06/13/2008 10:03:41 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rapget.exe, version 0.0.0.0, faulting module rapget.exe, version 0.0.0.0, fault address 0x0002596c.
Processing media-specific event for [rapget.exe!ws!]

Event Record #/Type471 / Error
Event Submitted/Written: 06/13/2008 10:03:10 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rapget.exe, version 0.0.0.0, faulting module rapget.exe, version 0.0.0.0, fault address 0x0002596c.
Processing media-specific event for [rapget.exe!ws!]

Event Record #/Type470 / Error
Event Submitted/Written: 06/13/2008 09:15:51 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application avant.exe, version 11.6.0.18, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [avant.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2286 / Error
Event Submitted/Written: 06/17/2008 03:24:02 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type2269 / Error
Event Submitted/Written: 06/17/2008 02:20:32 PM
Event ID/Source: 34 / W32Time
Event Description:
The time service has detected that the system time needs to be
changed by +86472 seconds. The time service will not change the system
time by more than +54000 seconds. Verify that your time and time zone
are correct, and that the time source time.windows.com (ntp.m|0x1|68.225.44.117:123->207.46.232.182:123) is working properly.

Event Record #/Type2261 / Error
Event Submitted/Written: 06/17/2008 01:43:34 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type2260 / Error
Event Submitted/Written: 06/17/2008 05:19:09 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service vmount2 with arguments "-Service"
in order to run the server:
{F91031A3-644F-46F1-8ED5-B91F0E160879}

Event Record #/Type2259 / Error
Event Submitted/Written: 06/17/2008 05:19:08 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service vmount2 with arguments "-Service"
in order to run the server:
{F91031A3-644F-46F1-8ED5-B91F0E160879}



-- End of Deckard's System Scanner: finished at 2008-06-17 19:13:39 ------------

again thanks for the help

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:24 AM

Posted 19 June 2008 - 08:42 AM

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\cbglnikf.dll
    C:\WINDOWS\system32\eikvgehk.dll
    C:\WINDOWS\system32\vvpgcqcs.dll
    C:\WINDOWS\system32\mlpigegd.dll
    C:\WINDOWS\system32\ejmkqvlb.dll
    C:\WINDOWS\system32\uooukbno.dll
    C:\WINDOWS\system32\sxummnsj.dll
    C:\WINDOWS\system32\owelvkle.dll
    C:\WINDOWS\system32\owffxvfl.dll
    C:\WINDOWS\system32\ifglmvkk.dll
    C:\WINDOWS\system32\namrnsnp.dll
    C:\WINDOWS\system32\jlswyxmt.dll
    C:\WINDOWS\system32\snkbrkgy.dll
    C:\WINDOWS\system32\iwwdttyh.dll
    C:\WINDOWS\system32\yiumaxsq.dll
    C:\WINDOWS\system32\sgkkjiij.dll
    C:\WINDOWS\system32\yspgnkkl.dll
    C:\WINDOWS\system32\vvjeohjr.dll
    C:\WINDOWS\system32\iljfwjcn.dll
    C:\WINDOWS\system32\agqinowv.dll
    C:\WINDOWS\system32\wuiqxgnw.dll
    C:\WINDOWS\system32\rkqjvupr.dll
    C:\WINDOWS\system32\qljslueo.dll
    C:\WINDOWS\system32\xtcdvocr.dll
    C:\WINDOWS\system32\dypwmqie.dll
    C:\WINDOWS\system32\faniqort.dll
    C:\WINDOWS\system32\dgxjekyh.dll
    C:\WINDOWS\system32\ahaijbct.dll
    C:\WINDOWS\system32\dtyskfap.dll
    C:\WINDOWS\system32\sjojdyks.dll
    C:\WINDOWS\system32\wmrxoras.dll
    C:\WINDOWS\system32\aldqbxtm.dll
    C:\WINDOWS\system32\sokleiru.exe
    C:\WINDOWS\system32\rfcweabu.dll
    C:\WINDOWS\17PHolmes1000106.exe
    C:\WINDOWS\system32\drivers\arp13944.sys
    C:\WINDOWS\system32\Vco1
    C:\WINDOWS\system32\sTMP
    C:\WINDOWS\system32\fIE
    C:\WINDOWS\system32\Dev3
    C:\WINDOWS\system32\a053
    C:\WINDOWS\system32\6026c
    C:\WINDOWS\system32\vntiho06
    C:\WINDOWS\17PHolmes1868.exe
    C:\WINDOWS\system32\mlJYropQ.dll
    C:\WINDOWS\system32\kSuuBcfe.ini2
    C:\WINDOWS\system32\efcBuuSk.dll
    C:\WINDOWS\system32\fccaXPfg.dll
    C:\WINDOWS\h8907435.exe 
    C:\WINDOWS\TinyBHO.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\3c4c3495
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\{ebe4ab53-fdc6-248a-6bd4-1d3b4f18d3bd}
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaXPfg
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3c4c3495
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM3f7f0709
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{ebe4ab53-fdc6-248a-6bd4-1d3b4f18d3bd}
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


After rebooting, please post a new log from DSS.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 JTIMMY712

JTIMMY712
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 25 June 2008 - 05:22 PM

move log

DllUnregisterServer procedure not found in C:\WINDOWS\system32\cbglnikf.dll
C:\WINDOWS\system32\cbglnikf.dll NOT unregistered.
C:\WINDOWS\system32\cbglnikf.dll moved successfully.
File/Folder C:\WINDOWS\system32\eikvgehk.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vvpgcqcs.dll
C:\WINDOWS\system32\vvpgcqcs.dll NOT unregistered.
C:\WINDOWS\system32\vvpgcqcs.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mlpigegd.dll
C:\WINDOWS\system32\mlpigegd.dll NOT unregistered.
C:\WINDOWS\system32\mlpigegd.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ejmkqvlb.dll
C:\WINDOWS\system32\ejmkqvlb.dll NOT unregistered.
C:\WINDOWS\system32\ejmkqvlb.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\uooukbno.dll
C:\WINDOWS\system32\uooukbno.dll NOT unregistered.
C:\WINDOWS\system32\uooukbno.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\sxummnsj.dll
C:\WINDOWS\system32\sxummnsj.dll NOT unregistered.
C:\WINDOWS\system32\sxummnsj.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\owelvkle.dll
C:\WINDOWS\system32\owelvkle.dll NOT unregistered.
C:\WINDOWS\system32\owelvkle.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\owffxvfl.dll
C:\WINDOWS\system32\owffxvfl.dll NOT unregistered.
C:\WINDOWS\system32\owffxvfl.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ifglmvkk.dll
C:\WINDOWS\system32\ifglmvkk.dll NOT unregistered.
C:\WINDOWS\system32\ifglmvkk.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\namrnsnp.dll
C:\WINDOWS\system32\namrnsnp.dll NOT unregistered.
C:\WINDOWS\system32\namrnsnp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jlswyxmt.dll
C:\WINDOWS\system32\jlswyxmt.dll NOT unregistered.
C:\WINDOWS\system32\jlswyxmt.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\snkbrkgy.dll
C:\WINDOWS\system32\snkbrkgy.dll NOT unregistered.
C:\WINDOWS\system32\snkbrkgy.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\iwwdttyh.dll
C:\WINDOWS\system32\iwwdttyh.dll NOT unregistered.
C:\WINDOWS\system32\iwwdttyh.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yiumaxsq.dll
C:\WINDOWS\system32\yiumaxsq.dll NOT unregistered.
C:\WINDOWS\system32\yiumaxsq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\sgkkjiij.dll
C:\WINDOWS\system32\sgkkjiij.dll NOT unregistered.
C:\WINDOWS\system32\sgkkjiij.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yspgnkkl.dll
C:\WINDOWS\system32\yspgnkkl.dll NOT unregistered.
C:\WINDOWS\system32\yspgnkkl.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vvjeohjr.dll
C:\WINDOWS\system32\vvjeohjr.dll NOT unregistered.
C:\WINDOWS\system32\vvjeohjr.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\iljfwjcn.dll
C:\WINDOWS\system32\iljfwjcn.dll NOT unregistered.
C:\WINDOWS\system32\iljfwjcn.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\agqinowv.dll
C:\WINDOWS\system32\agqinowv.dll NOT unregistered.
C:\WINDOWS\system32\agqinowv.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wuiqxgnw.dll
C:\WINDOWS\system32\wuiqxgnw.dll NOT unregistered.
C:\WINDOWS\system32\wuiqxgnw.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rkqjvupr.dll
C:\WINDOWS\system32\rkqjvupr.dll NOT unregistered.
C:\WINDOWS\system32\rkqjvupr.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qljslueo.dll
C:\WINDOWS\system32\qljslueo.dll NOT unregistered.
C:\WINDOWS\system32\qljslueo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xtcdvocr.dll
C:\WINDOWS\system32\xtcdvocr.dll NOT unregistered.
C:\WINDOWS\system32\xtcdvocr.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\dypwmqie.dll
C:\WINDOWS\system32\dypwmqie.dll NOT unregistered.
C:\WINDOWS\system32\dypwmqie.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\faniqort.dll
C:\WINDOWS\system32\faniqort.dll NOT unregistered.
C:\WINDOWS\system32\faniqort.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\dgxjekyh.dll
C:\WINDOWS\system32\dgxjekyh.dll NOT unregistered.
C:\WINDOWS\system32\dgxjekyh.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ahaijbct.dll
C:\WINDOWS\system32\ahaijbct.dll NOT unregistered.
C:\WINDOWS\system32\ahaijbct.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\dtyskfap.dll
C:\WINDOWS\system32\dtyskfap.dll NOT unregistered.
C:\WINDOWS\system32\dtyskfap.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\sjojdyks.dll
C:\WINDOWS\system32\sjojdyks.dll NOT unregistered.
C:\WINDOWS\system32\sjojdyks.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wmrxoras.dll
C:\WINDOWS\system32\wmrxoras.dll NOT unregistered.
C:\WINDOWS\system32\wmrxoras.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\aldqbxtm.dll
C:\WINDOWS\system32\aldqbxtm.dll NOT unregistered.
C:\WINDOWS\system32\aldqbxtm.dll moved successfully.
C:\WINDOWS\system32\sokleiru.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rfcweabu.dll
C:\WINDOWS\system32\rfcweabu.dll NOT unregistered.
C:\WINDOWS\system32\rfcweabu.dll moved successfully.
C:\WINDOWS\17PHolmes1000106.exe moved successfully.
File move failed. C:\WINDOWS\system32\drivers\arp13944.sys scheduled to be moved on reboot.
C:\WINDOWS\system32\Vco1 moved successfully.
C:\WINDOWS\system32\sTMP moved successfully.
C:\WINDOWS\system32\fIE moved successfully.
C:\WINDOWS\system32\Dev3 moved successfully.
C:\WINDOWS\system32\a053 moved successfully.
C:\WINDOWS\system32\6026c moved successfully.
C:\WINDOWS\system32\vntiho06 moved successfully.
C:\WINDOWS\17PHolmes1868.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mlJYropQ.dll
C:\WINDOWS\system32\mlJYropQ.dll NOT unregistered.
C:\WINDOWS\system32\mlJYropQ.dll moved successfully.
C:\WINDOWS\system32\kSuuBcfe.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\efcBuuSk.dll
C:\WINDOWS\system32\efcBuuSk.dll NOT unregistered.
C:\WINDOWS\system32\efcBuuSk.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fccaXPfg.dll
C:\WINDOWS\system32\fccaXPfg.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\fccaXPfg.dll scheduled to be moved on reboot.
C:\WINDOWS\h8907435.exe moved successfully.
C:\WINDOWS\TinyBHO.dll unregistered successfully.
C:\WINDOWS\TinyBHO.dll moved successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\3c4c3495 >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\3c4c3495 deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\{ebe4ab53-fdc6-248a-6bd4-1d3b4f18d3bd} >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\{ebe4ab53-fdc6-248a-6bd4-1d3b4f18d3bd} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebe4ab53-fdc6-248a-6bd4-1d3b4f18d3bd}\ not found.
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaXPfg >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaXPfg\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3c4c3495 >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3c4c3495\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM3f7f0709 >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM3f7f0709\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{ebe4ab53-fdc6-248a-6bd4-1d3b4f18d3bd} >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{ebe4ab53-fdc6-248a-6bd4-1d3b4f18d3bd}\\ deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06242008_175252

Files moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\arp13944.sys scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fccaXPfg.dll
C:\WINDOWS\system32\fccaXPfg.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\fccaXPfg.dll scheduled to be moved on reboot.



new dss log


Deckard's System Scanner v20071014.68
Run by Admin on 2008-06-24 18:14:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 10.1 GiB (less than 15%) free.


-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:14:51 PM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\notepad.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Avant Browser\avant.exe
E:\NEWSLEECHER DOWNLOADS\dss.exe
C:\PROGRA~1\HIJACK~1\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.yahoo.com/search?p=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: (no name) - {236bd960-2fab-4645-9bc1-dae85904734e} - (no file)
O2 - BHO: {f2b03143-7a5f-99fb-33d4-99d0b3a77340} - {04377a3b-0d99-4d33-bf99-f5a734130b2f} - C:\WINDOWS\system32\iiulcnhg.dll
O2 - BHO: (no name) - {0fd31f8c-67b0-4b86-9215-0fb31db109de} - C:\WINDOWS\system32\jlswyxmt.dll
O2 - BHO: (no name) - {21B4CBB2-4A60-4345-8724-D884DFC9C6E6} - C:\WINDOWS\system32\efcBuuSk.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {34D2D9EA-C457-4984-8472-C00C3FD563D3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5D39E5DE-292B-4A21-894C-C460A6E74EDD} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7CA2AA2B-7446-4B5D-870A-EEF0597D25C5} - (no file)
O2 - BHO: (no name) - {81EA3F36-357A-435A-8741-52C27CCC9F21} - C:\WINDOWS\system32\fccaXPfg.dll
O2 - BHO: targetedbanner browser optimizer - {823381fc-ebdb-af68-0a47-ec249c726c63} - C:\WINDOWS\system32\lqbdafagelwtgkvli.dll
O2 - BHO: (no name) - {91F35D00-14C5-4730-AAEB-893954CA0FC2} - (no file)
O2 - BHO: (no name) - {DA62446E-02CB-43FD-945D-3F3CDA177661} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {236bd960-2fab-4645-9bc1-dae85904734e} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BM3f7f0709] Rundll32.exe "C:\WINDOWS\system32\ydpuspqq.dll",s
O4 - HKLM\..\Run: [3c4c3495] rundll32.exe "C:\WINDOWS\system32\tkhjufjk.dll",b
O4 - HKLM\..\Run: [{ebe4ab53-fdc6-248a-6bd4-1d3b4f18d3bd}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\lqbdafagelwtgkvli.dll" DllStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Giganews Accelerator.lnk = C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
O4 - Global Startup: Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
O4 - Global Startup: Shortcut to sidebar.lnk = C:\Program Files\Windows Sidebar\sidebar.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download with Rapget - C:\Documents and Settings\Admin\Desktop\PROGRAMS\rapget141\rapget.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: RoboForm TaskBar Icon - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra 'Tools' menuitem: RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: mqrrtdtb.dll stqkwmlx.dll
O20 - Winlogon Notify: fccaXPfg - C:\WINDOWS\SYSTEM32\fccaXPfg.dll
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

--
End of file - 11523 bytes

-- Files created between 2008-05-24 and 2008-06-24 -----------------------------

2008-06-24 18:02:37 106496 --a------ C:\WINDOWS\system32\iiulcnhg.dll
2008-06-24 17:59:37 81920 --a------ C:\WINDOWS\system32\tkhjufjk.dll
2008-06-24 17:58:01 91136 --a------ C:\WINDOWS\system32\ydpuspqq.dll
2008-06-24 17:56:37 653142 --ahs---- C:\WINDOWS\system32\kSuuBcfe.ini2
2008-06-24 10:10:14 372736 --a------ C:\WINDOWS\system32\lqbdafagelwtgkvli.dll
2008-06-24 06:42:10 64179 --a------ C:\WINDOWS\system32\ddnfgptydiag.exe
2008-06-23 20:28:58 0 d-------- C:\kill2
2008-06-23 19:17:27 0 d-------- C:\pac
2008-06-23 08:31:51 105472 --a------ C:\WINDOWS\system32\stqkwmlx.dll
2008-06-23 08:28:47 81920 --a------ C:\WINDOWS\system32\dnmhwlcj.dll
2008-06-23 08:27:26 91136 --a------ C:\WINDOWS\system32\fbaaqemy.dll
2008-06-23 08:24:15 105472 --a------ C:\WINDOWS\system32\mqrrtdtb.dll
2008-06-23 08:22:11 91136 --a------ C:\WINDOWS\system32\hmekuqgv.dll
2008-06-22 18:55:44 0 d-------- C:\Program Files\PAR Buddy
2008-06-22 08:27:11 81408 --a------ C:\WINDOWS\system32\eshjcvem.dll
2008-06-22 08:24:11 99328 --a------ C:\WINDOWS\system32\xlsqaefc.dll
2008-06-22 08:21:11 91136 --a------ C:\WINDOWS\system32\isiwbqro.dll
2008-06-21 08:22:39 99328 --a------ C:\WINDOWS\system32\wffsjlna.dll
2008-06-21 08:19:39 90624 --a------ C:\WINDOWS\system32\anesmcgg.dll
2008-06-20 08:25:38 99328 --a------ C:\WINDOWS\system32\xonweurc.dll
2008-06-20 08:22:38 81408 --a------ C:\WINDOWS\system32\itvomgkt.dll
2008-06-20 08:19:37 90112 --a------ C:\WINDOWS\system32\hopdaqww.dll
2008-06-20 08:17:06 90112 --a------ C:\WINDOWS\system32\ujvafyip.dll
2008-06-20 05:19:59 0 d-------- C:\Program Files\MediaMonkey
2008-06-19 08:19:05 98816 --a------ C:\WINDOWS\system32\hovhvscc.dll
2008-06-19 08:16:06 90112 --a------ C:\WINDOWS\system32\oxshjeub.dll
2008-06-18 18:09:00 0 d-------- C:\Program Files\LG Software Innovations
2008-06-18 17:56:48 0 d-------- C:\GOD 2
2008-06-18 08:23:00 98816 --a------ C:\WINDOWS\system32\qetfulon.dll
2008-06-18 08:17:00 89600 --a------ C:\WINDOWS\system32\xdsrfbep.dll
2008-06-17 17:33:00 0 d-------- C:\roscoe
2008-06-12 13:10:17 0 d-------- C:\WINDOWS\Easy CD-DA Extractor 11.1
2008-06-12 13:10:17 0 d-------- C:\Program Files\Easy CD-DA Extractor 11
2008-06-12 08:12:13 98304 -----n--- C:\WINDOWS\system32\jlswyxmt.dll
2008-06-11 07:10:29 0 d-------- C:\Program Files\FlashGet
2008-06-09 06:27:28 0 d-------- C:\Program Files\FDRLab
2008-06-04 19:25:39 691545 --a------ C:\WINDOWS\unins000.exe
2008-06-04 19:25:38 2538 --a------ C:\WINDOWS\unins000.dat
2008-06-04 17:10:59 34 --ah----- C:\WINDOWS\system32\OkokerIESecurityPopUpBlocker_sysquicts.dat
2008-06-04 00:58:39 66 --a------ C:\WINDOWS\äCĂ
2008-06-04 00:29:42 0 d-------- C:\Program Files\Common Files\NSV
2008-06-03 22:48:36 86144 --a------ C:\WINDOWS\system32\drivers\arp13944.sys
2008-06-03 22:47:49 0 d-------- C:\Temp
2008-06-03 22:46:17 0 d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2008-06-03 22:40:07 0 d-------- C:\Program Files\Winamp Toolbar
2008-06-03 22:40:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-06-03 22:39:41 0 d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-06-03 22:39:32 0 d-------- C:\Program Files\Winamp Remote
2008-06-03 22:38:53 371712 -----n--- C:\WINDOWS\system32\efcBuuSk.dll
2008-06-03 22:36:03 0 d-------- C:\Program Files\Winamp
2008-06-03 22:36:03 0 d-------- C:\Documents and Settings\Admin\Application Data\Winamp
2008-06-03 22:33:37 58880 --a------ C:\WINDOWS\system32\fccaXPfg.dll
2008-06-03 03:04:19 0 d-------- C:\Program Files\Magic Image Resizer
2008-06-02 20:56:28 0 d-------- C:\Program Files\Chapura
2008-06-02 04:10:15 0 d-------- C:\Documents and Settings\Admin\Application Data\dvdcss
2008-06-02 00:20:41 0 d-------- C:\Documents and Settings\Admin\Application Data\LimeWire
2008-06-02 00:20:20 0 d-------- C:\WINDOWS\Sun
2008-06-02 00:20:20 0 d-------- C:\Documents and Settings\Admin\Application Data\Sun
2008-06-02 00:19:09 0 d-------- C:\Program Files\Java
2008-06-02 00:15:55 0 d-------- C:\Program Files\Common Files\Java
2008-06-02 00:01:38 0 d-------- C:\Documents and Settings\Admin\Application Data\kantaris
2008-06-02 00:00:53 0 d-------- C:\Program Files\Haali
2008-06-01 23:57:58 0 d-------- C:\Program Files\QO Developments
2008-06-01 23:55:02 0 d-------- C:\Program Files\LimeWire
2008-06-01 23:53:33 0 d-------- C:\Program Files\Kantaris
2008-06-01 22:53:10 0 d-------- C:\Program Files\Fantastic Flame Screensaver
2008-06-01 22:53:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Laconic Software
2008-06-01 08:04:02 0 d-------- C:\Documents and Settings\Admin\Application Data\ieSpell
2008-06-01 05:57:27 0 d-------- C:\Program Files\DVDInfoPro
2008-06-01 03:52:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\PCToolsSpamMonitorPlus
2008-06-01 03:52:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\PCToolsFirewallPlus
2008-05-31 22:52:54 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-31 20:53:40 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-31 20:53:23 0 d-------- C:\Program Files\VIA
2008-05-31 20:46:08 110602 --a------ C:\WINDOWS\system32\xcdsfx32.bin
2008-05-31 20:46:08 0 d-------- C:\Program Files\Driver Magician
2008-05-31 20:21:09 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-05-31 20:21:09 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-05-31 17:21:01 0 d-------- C:\Documents and Settings\Admin\Application Data\DivX
2008-05-31 04:33:32 0 d-------- C:\Program Files\SlySoft
2008-05-31 02:54:22 0 d-------- C:\Documents and Settings\Admin\Application Data\ImgBurn
2008-05-31 02:51:10 0 d-------- C:\Program Files\ImgBurn
2008-05-31 01:29:18 0 d-------- C:\Program Files\iPrep 101
2008-05-31 00:46:12 0 d-------- C:\Documents and Settings\Admin\Application Data\Xbins
2008-05-30 22:16:35 0 d-------- C:\Program Files\Absolute Sound Recorder
2008-05-30 17:13:26 0 d-------- C:\sun
2008-05-30 03:13:05 0 d-------- C:\Documents and Settings\Admin\Application Data\PCToolsFirewallPlus
2008-05-30 03:13:04 0 d-------- C:\Documents and Settings\Admin\Application Data\PCToolsSpamMonitorPlus
2008-05-30 03:09:01 0 d-------- C:\Program Files\PC Tools Internet Security
2008-05-30 02:41:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-05-30 02:26:21 0 d-------- C:\Documents and Settings\All Users\Application Data\SRSLabs
2008-05-30 02:19:11 0 d-------- C:\Program Files\SRSLabs
2008-05-30 02:19:11 0 d-------- C:\Program Files\Common Files\SRS
2008-05-30 00:05:39 0 d-------- C:\WINDOWS\CAVTemp
2008-05-30 00:00:46 0 d-------- C:\Documents and Settings\Default User\Application Data\CallingID
2008-05-29 23:56:28 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-05-29 05:09:53 0 d-------- C:\Documents and Settings\Admin\Application Data\F-Secure
2008-05-29 04:59:21 0 d-------- C:\Program Files\F-Secure Internet Security
2008-05-29 04:59:14 0 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-05-29 04:58:54 0 d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-05-29 04:47:40 0 d-------- C:\Program Files\Alcohol Soft
2008-05-29 04:35:14 0 d--h----- C:\WINDOWS\PIF
2008-05-29 04:21:43 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-29 03:50:00 0 d-------- C:\Documents and Settings\Admin\Application Data\vlc
2008-05-29 03:42:02 715248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-29 03:42:00 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-29 02:03:27 0 d-------- C:\Program Files\VeryPDF PDF2Word v3.0
2008-05-28 19:11:13 0 d-------- C:\Program Files\VideoLAN
2008-05-28 18:34:03 14 --a------ C:\WINDOWS\system32\SysEngineDrive1.sys
2008-05-28 18:32:43 354816 --a------ C:\WINDOWS\system32\psisdecd.dll
2008-05-28 18:32:34 0 d-------- C:\Program Files\BlazeVideo
2008-05-28 17:55:50 0 d-------- C:\Program Files\DVDFab 5
2008-05-28 16:54:03 0 d-------- C:\Documents and Settings\Admin\Application Data\Pioneer
2008-05-28 16:33:15 0 d-------- C:\WINDOWS\system32\ipp20
2008-05-28 16:32:48 0 d-------- C:\Program Files\Pioneer
2008-05-28 16:28:24 0 d-------- C:\Documents and Settings\Admin\Application Data\Media Player Classic
2008-05-28 02:17:31 0 d-------- C:\Documents and Settings\Admin\Application Data\Intermedia Software
2008-05-28 02:16:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Intermedia Software
2008-05-28 02:16:17 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-05-28 02:16:16 0 d-------- C:\Program Files\Intermedia Software
2008-05-28 01:45:40 0 d-------- C:\Documents and Settings\Admin\Application Data\Ashampoo
2008-05-28 01:42:46 0 d-------- C:\Documents and Settings\Admin\Application Data\foobar2000
2008-05-28 01:29:04 0 d-------- C:\Documents and Settings\Admin\Application Data\Thunderbird
2008-05-28 01:28:24 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-05-28 01:28:22 0 d-------- C:\Program Files\dlDone
2008-05-28 01:23:56 0 d-------- C:\Program Files\SABnzbd
2008-05-27 22:44:30 0 d-------- C:\Program Files\foobar2000
2008-05-27 15:38:26 0 d-------- C:\Program Files\DVD Decrypter
2008-05-27 15:31:22 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-27 15:31:14 0 d-------- C:\Program Files\DVD Shrink
2008-05-27 02:45:23 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-05-27 02:45:23 47360 --a------ C:\Documents and Settings\Admin\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-05-27 02:45:22 0 d-------- C:\Documents and Settings\Admin\Application Data\Vso
2008-05-27 02:45:11 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-05-27 02:45:11 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-05-27 02:45:11 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-05-27 02:45:11 65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-05-27 02:45:10 626688 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-05-27 02:45:07 0 d-------- C:\Program Files\VSO
2008-05-27 02:45:04 0 dr-h----- C:\Documents and Settings\Admin\Recent
2008-05-27 02:19:39 0 d-------- C:\Documents and Settings\Admin\Application Data\Uniblue
2008-05-26 23:37:20 0 d-------- C:\Program Files\Sportsbook Poker
2008-05-26 23:35:39 0 d-------- C:\Program Files\Sportsbook.com Casino
2008-05-26 23:31:08 0 d-------- C:\Documents and Settings\Admin\Application Data\Opera
2008-05-26 23:04:06 155648 --a------ C:\WINDOWS\system32\libssl32.dll
2008-05-26 23:03:53 0 d-------- C:\OpenSSL
2008-05-26 23:00:25 0 d-------- C:\Documents and Settings\Admin\Application Data\GoodSync
2008-05-26 22:40:11 0 d-------- C:\Documents and Settings\Admin\Application Data\ExplorerPlus
2008-05-26 22:22:38 0 d-------- C:\Documents and Settings\Admin\Application Data\XRayz
2008-05-26 22:21:11 0 d-------- C:\Program Files\ClipCache
2008-05-26 21:50:21 0 d-------- C:\Documents and Settings\Admin\Application Data\Arcsoft
2008-05-26 21:44:38 0 d-------- C:\Program Files\PalmTether
2008-05-26 21:44:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Sprint
2008-05-26 21:44:35 0 d-------- C:\Program Files\Sprint
2008-05-26 21:44:35 0 d-------- C:\Program Files\Common Files\Sprint
2008-05-26 21:30:42 0 d-------- C:\Program Files\Sprint music manager
2008-05-26 20:35:27 0 d-------- C:\WINDOWS\system32\oodag
2008-05-26 20:32:20 0 d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2008-05-26 20:31:41 0 d-------- C:\Program Files\Palm
2008-05-26 20:26:43 0 d-------- C:\Documents and Settings\Admin\Application Data\HotSync
2008-05-26 20:26:34 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-26 20:05:43 0 d-------- C:\Documents and Settings\LocalService\Application Data\VMware
2008-05-26 20:05:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\Acronis
2008-05-26 19:51:00 0 d-------- C:\WINDOWS\pss
2008-05-26 19:43:42 0 d-------- C:\WINDOWS\WINDOWS
2008-05-26 19:43:36 0 d-------- C:\Program Files\Siber Systems
2008-05-26 19:42:30 0 d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2008-05-26 19:38:32 0 d-------- C:\Program Files\Collectorz.com
2008-05-26 19:38:01 0 d-------- C:\Documents and Settings\Admin\Application Data\WinRAR
2008-05-26 17:50:29 0 d-------- C:\Documents and Settings\Admin\Application Data\Adobe
2008-05-26 16:59:59 0 d-------- C:\Documents and Settings\Admin\dwhelper
2008-05-26 15:12:20 0 d-------- C:\WINDOWS\My Video Downloader
2008-05-26 15:12:20 0 d-------- C:\Program Files\My Video Downloader
2008-05-26 15:10:11 0 d-------- C:\Program Files\ieSpell
2008-05-26 07:27:49 0 d-------- C:\Program Files\PowerDataRecovery
2008-05-26 07:22:00 0 d-------- C:\Program Files\QuickPar
2008-05-26 06:41:32 0 d-------- C:\NZB Auto Import Folder
2008-05-26 06:39:22 0 d-------- C:\NEWSLEECHER
2008-05-26 06:31:29 0 d-------- C:\Program Files\Giganews Accelerator
2008-05-26 06:22:07 0 d-------- C:\Documents and Settings\Admin\Downloads
2008-05-26 06:22:01 0 d-------- C:\Documents and Settings\Admin\Application Data\NewsLeecher
2008-05-26 06:17:34 0 d-------- C:\Program Files\NewsLeecher
2008-05-26 06:14:28 0 d-------- C:\Documents and Settings\Admin\Application Data\Avant Profiles
2008-05-26 06:11:54 0 d-------- C:\Program Files\Avant Browser
2008-05-26 06:08:40 0 d-------- C:\Documents and Settings\Admin\Application Data\Macromedia
2008-05-26 06:04:24 0 d-------- C:\Documents and Settings\Admin\Application Data\VMware
2008-05-26 06:03:45 0 d-------- C:\Documents and Settings\NetworkService\Application Data\VMware
2008-05-26 06:02:03 0 d-------- C:\Documents and Settings\All Users\Application Data\VMware
2008-05-26 06:02:01 0 d-------- C:\Program Files\VMware
2008-05-26 06:02:01 0 d-------- C:\Program Files\Common Files\VMware
2008-05-26 05:59:52 0 d-------- C:\Documents and Settings\Admin\Application Data\ESET
2008-05-26 05:58:42 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-05-26 05:57:54 0 d-------- C:\Program Files\InstallShield Installation Information
2008-05-26 05:57:47 0 d-------- C:\Program Files\Symantec
2008-05-26 05:57:38 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-26 05:57:30 0 d-------- C:\Program Files\Kingdia Software
2008-05-26 05:57:26 0 d-------- C:\Program Files\Dvd-cloner
2008-05-26 05:56:14 0 d-------- C:\WINDOWS\system32\URTTEMP
2008-05-26 05:48:39 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-05-26 05:48:17 0 d-------- C:\Program Files\Reference Assemblies
2008-05-26 05:47:42 0 d-------- C:\Program Files\MSXML 6.0
2008-05-26 05:46:34 124416 -----n--- C:\WINDOWS\system32\prntvpt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-26 05:45:53 0 d-------- C:\Program Files\My Company Name
2008-05-26 05:45:34 0 d-------- C:\Program Files\Quick Batch File Compiler
2008-05-26 05:45:27 0 d-------- C:\Program Files\OO Software
2008-05-26 05:45:19 0 d-------- C:\Program Files\Notepad++
2008-05-26 05:45:19 0 d-------- C:\Documents and Settings\Admin\Application Data\Notepad++
2008-05-26 05:40:14 0 d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-05-26 05:40:10 0 d-------- C:\Program Files\Ashampoo
2008-05-26 05:40:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Acronis
2008-05-26 05:39:35 0 d-------- C:\Program Files\Common Files\Acronis
2008-05-26 05:39:35 0 d-------- C:\Program Files\Acronis
2008-05-26 05:34:27 0 d-------- C:\Program Files\Microsoft Works
2008-05-26 05:34:17 0 d-------- C:\Program Files\MSBuild
2008-05-26 05:30:06 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-26 05:29:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-26 05:29:17 0 dr-h----- C:\MSOCache
2008-05-26 05:27:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-26 05:27:54 0 d-------- C:\Program Files\Common Files\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-06-18 18:07:43 668 --a------ C:\Documents and Settings\Admin\Application Data\vso_ts_preview.xml
2008-06-17 14:29:20 0 d-------- C:\Documents and Settings\Admin\Application Data\Mozilla
2008-06-05 19:28:33 0 d-------- C:\Program Files\Online Services
2008-06-04 00:29:42 0 d-------- C:\Program Files\Common Files
2008-05-30 00:53:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 01:44:56 0 d-------- C:\Program Files\nLite
2008-05-27 02:45:32 34 --a------ C:\Documents and Settings\Admin\Application Data\pcouffin.log
2008-05-27 02:45:23 1144 --a------ C:\Documents and Settings\Admin\Application Data\pcouffin.inf
2008-05-27 02:45:23 7887 --a------ C:\Documents and Settings\Admin\Application Data\pcouffin.cat
2008-05-26 06:10:36 0 d-------- C:\Program Files\BlackXP
2008-05-14 13:08:04 217088 -----n--- C:\WINDOWS\TinyBHO.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04377a3b-0d99-4d33-bf99-f5a734130b2f}]
06/24/2008 06:02 PM 106496 --a------ C:\WINDOWS\system32\iiulcnhg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0fd31f8c-67b0-4b86-9215-0fb31db109de}]
06/12/2008 08:12 AM 98304 --------- C:\WINDOWS\system32\jlswyxmt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21B4CBB2-4A60-4345-8724-D884DFC9C6E6}]
06/03/2008 10:38 PM 371712 --------- C:\WINDOWS\system32\efcBuuSk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34D2D9EA-C457-4984-8472-C00C3FD563D3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D39E5DE-292B-4A21-894C-C460A6E74EDD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CA2AA2B-7446-4B5D-870A-EEF0597D25C5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81EA3F36-357A-435A-8741-52C27CCC9F21}]
06/03/2008 10:33 PM 58880 --a------ C:\WINDOWS\system32\fccaXPfg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{823381fc-ebdb-af68-0a47-ec249c726c63}]
06/24/2008 10:10 AM 372736 --a------ C:\WINDOWS\system32\lqbdafagelwtgkvli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91F35D00-14C5-4730-AAEB-893954CA0FC2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA62446E-02CB-43FD-945D-3F3CDA177661}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [12/21/2007 08:21 AM]
"BM3f7f0709"="C:\WINDOWS\system32\ydpuspqq.dll" [06/24/2008 05:58 PM]
"3c4c3495"="C:\WINDOWS\system32\tkhjufjk.dll" [06/24/2008 05:59 PM]
"{ebe4ab53-fdc6-248a-6bd4-1d3b4f18d3bd}"="C:\WINDOWS\system32\lqbdafagelwtgkvli.dll" [06/24/2008 10:10 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 04:00 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Giganews Accelerator.lnk - C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe [12/18/2007 8:49:40 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Shortcut to RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe [10/18/2002 3:52:09 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81EA3F36-357A-435A-8741-52C27CCC9F21}"= C:\WINDOWS\system32\fccaXPfg.dll [06/03/2008 10:33 PM 58880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaXPfg]
fccaXPfg.dll 06/03/2008 10:33 PM 58880 C:\WINDOWS\system32\fccaXPfg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=mqrrtdtb.dll stqkwmlx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap C:\WINDOWS\system32\efcBuuSk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^ClipCache Pro.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\Startup\ClipCache Pro.lnk
backup=C:\WINDOWS\pss\ClipCache Pro.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^MEMonitor.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\Startup\MEMonitor.lnk
backup=C:\WINDOWS\pss\MEMonitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fantastic Flame Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Fantastic Flame Agent.lnk
backup=C:\WINDOWS\pss\Fantastic Flame Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to RocketDock.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to RocketDock.lnk
backup=C:\WINDOWS\pss\Shortcut to RocketDock.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to sidebar.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to sidebar.lnk
backup=C:\WINDOWS\pss\Shortcut to sidebar.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^vmnet.exe.lnk]
backup=C:\WINDOWS\pss\vmnet.exe.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\vmnet.exe.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
"C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
"C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
"C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
"C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooccctrl.exe]
C:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
"C:\Program Files\Agnitum\Outpost Security Suite Pro\feedback.exe" /dump:os_startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PalmTether]
"C:\Program Files\PalmTether\TetherApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rapget]
E:\PROGRAMS\rapget141\rapget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
"C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
"C:\Program Files\RocketDock\RocketDock.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaDrive]
C:\WINDOWS\VistaDrive.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmnet]
C:\WINDOWS\WINDOWS\vmnet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
"C:\Program Files\VMware\VMware Workstation\hqtray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
"C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"VMAuthdService"=2 (0x2)
"ufad-ws60"=3 (0x3)
"TuneUp.Defrag"=3 (0x3)
"TryAndDecideService"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"ose"=3 (0x3)
"OOCleverCacheAgent"=2 (0x2)
"odserv"=3 (0x3)
"O&O Defrag"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
"VMware NAT Service"=2 (0x2)
"vmount2"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"NVSvc"=2 (0x2)
"NMIndexingService"=3 (0x3)
"MsSecurity1.209.4"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"EhttpSrv"=3 (0x3)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-06-24 18:18:19 ------------

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:24 AM

Posted 25 June 2008 - 09:49 PM

If you are able to perform these steps sooner rather than later, the chances of success are much higher.

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R3 - URLSearchHook: (no name) - {236bd960-2fab-4645-9bc1-dae85904734e} - (no file)
O2 - BHO: {f2b03143-7a5f-99fb-33d4-99d0b3a77340} - {04377a3b-0d99-4d33-bf99-f5a734130b2f} - C:\WINDOWS\system32\iiulcnhg.dll
O2 - BHO: (no name) - {0fd31f8c-67b0-4b86-9215-0fb31db109de} - C:\WINDOWS\system32\jlswyxmt.dll
O2 - BHO: (no name) - {21B4CBB2-4A60-4345-8724-D884DFC9C6E6} - C:\WINDOWS\system32\efcBuuSk.dll
O2 - BHO: (no name) - {34D2D9EA-C457-4984-8472-C00C3FD563D3} - (no file)
O2 - BHO: (no name) - {5D39E5DE-292B-4A21-894C-C460A6E74EDD} - (no file)
O2 - BHO: (no name) - {7CA2AA2B-7446-4B5D-870A-EEF0597D25C5} - (no file)
O2 - BHO: (no name) - {81EA3F36-357A-435A-8741-52C27CCC9F21} - C:\WINDOWS\system32\fccaXPfg.dll
O2 - BHO: targetedbanner browser optimizer - {823381fc-ebdb-af68-0a47-ec249c726c63} - C:\WINDOWS\system32\lqbdafagelwtgkvli.dll
O2 - BHO: (no name) - {91F35D00-14C5-4730-AAEB-893954CA0FC2} - (no file)
O2 - BHO: (no name) - {DA62446E-02CB-43FD-945D-3F3CDA177661} - (no file)
O3 - Toolbar: (no name) - {236bd960-2fab-4645-9bc1-dae85904734e} - (no file)
O4 - HKLM\..\Run: [BM3f7f0709] Rundll32.exe "C:\WINDOWS\system32\ydpuspqq.dll",s
O4 - HKLM\..\Run: [3c4c3495] rundll32.exe "C:\WINDOWS\system32\tkhjufjk.dll",b
O4 - HKLM\..\Run: [{ebe4ab53-fdc6-248a-6bd4-1d3b4f18d3bd}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\lqbdafagelwtgkvli.dll" DllStart
O20 - AppInit_DLLs: mqrrtdtb.dll stqkwmlx.dll
O20 - Winlogon Notify: fccaXPfg - C:\WINDOWS\SYSTEM32\fccaXPfg.dll



Reboot your computer.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Also post a new log from DSS.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 JTIMMY712

JTIMMY712
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 26 June 2008 - 05:44 PM

new scans

Malwarebytes' Anti-Malware 1.18
Database version: 894

6:35:32 PM 6/25/2008
mbam-log-6-25-2008 (18-35-32).txt

Scan type: Quick Scan
Objects scanned: 39759
Time elapsed: 5 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 15
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 33

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\efcBuuSk.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\fccaXPfg.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7a99d10b-aacd-410a-9dcc-804dbb884cb2} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7a99d10b-aacd-410a-9dcc-804dbb884cb2} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{81ea3f36-357a-435a-8741-52c27ccc9f21} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81ea3f36-357a-435a-8741-52c27ccc9f21} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccaxpfg (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecurity1.209.4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\targetedbanner (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{81ea3f36-357a-435a-8741-52c27ccc9f21} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM3f7f0709 (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efcbuusk -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efcbuusk -> Delete on reboot.

Folders Infected:
C:\Documents and Settings\Admin\Application Data\Microsoft\dtsc (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\dnmhwlcj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jclwhmnd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcBuuSk.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kSuuBcfe.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kSuuBcfe.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eshjcvem.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mevcjhse.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\itvomgkt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tkgmovti.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\luppsutv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtusppul.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccaXPfg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\drivers\arp13944.sys (Rootkit.Agent) -> Delete on reboot.
C:\Program Files\jakim66225.dll (Adware.TTC) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anesmcgg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hopdaqww.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hovhvscc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oxshjeub.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qetfulon.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ujvafyip.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wffsjlna.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\444.470 (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\Microsoft\dtsc\27644.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\Microsoft\dtsc\29272.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\Microsoft\dtsc\29670.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\Microsoft\dtsc\id (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{4ffaf537-341d-b639-d638-73642dbc5849}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fwhpqjeo.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\TinyBHO.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> Delete on reboot.


new dss scan

Deckard's System Scanner v20071014.68
Run by Admin on 2008-06-25 18:40:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 30.16 GiB (less than 15%) free.


-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:36 PM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\notepad.exe
E:\NEWSLEECHER DOWNLOADS\dss.exe
C:\PROGRA~1\HIJACK~1\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.yahoo.com/search?p=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: (no name) - {01b78405-ed04-4c5c-b515-a7b15ee8a43b} - C:\WINDOWS\system32\bqypxmxf.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Giganews Accelerator.lnk = C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
O4 - Global Startup: Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
O4 - Global Startup: Shortcut to sidebar.lnk = C:\Program Files\Windows Sidebar\sidebar.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download with Rapget - E:\PROGRAMS\rapget141\rapget.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: RoboForm TaskBar Icon - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra 'Tools' menuitem: RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

--
End of file - 9951 bytes

-- Files created between 2008-05-25 and 2008-06-25 -----------------------------

2008-06-25 18:23:37 0 d-------- C:\Documents and Settings\Admin\Application Data\Malwarebytes
2008-06-25 18:23:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-25 18:23:29 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-25 17:59:44 106496 --a------ C:\WINDOWS\system32\bqypxmxf.dll
2008-06-25 17:59:25 91648 -----n--- C:\WINDOWS\system32\fwhpqjeo.dll
2008-06-24 21:52:49 0 d-------- C:\SERIAL_KILLER_1
2008-06-24 18:02:37 106496 --a------ C:\WINDOWS\system32\iiulcnhg.dll
2008-06-24 17:58:01 91136 --a------ C:\WINDOWS\system32\ydpuspqq.dll
2008-06-24 06:42:10 64179 --a------ C:\WINDOWS\system32\ddnfgptydiag.exe
2008-06-23 08:31:51 105472 --a------ C:\WINDOWS\system32\stqkwmlx.dll
2008-06-23 08:27:26 91136 --a------ C:\WINDOWS\system32\fbaaqemy.dll
2008-06-23 08:24:15 105472 --a------ C:\WINDOWS\system32\mqrrtdtb.dll
2008-06-23 08:22:11 91136 --a------ C:\WINDOWS\system32\hmekuqgv.dll
2008-06-22 18:55:44 0 d-------- C:\Program Files\PAR Buddy
2008-06-22 08:24:11 99328 --a------ C:\WINDOWS\system32\xlsqaefc.dll
2008-06-22 08:21:11 91136 --a------ C:\WINDOWS\system32\isiwbqro.dll
2008-06-20 08:25:38 99328 --a------ C:\WINDOWS\system32\xonweurc.dll
2008-06-20 05:19:59 0 d-------- C:\Program Files\MediaMonkey
2008-06-18 18:09:00 0 d-------- C:\Program Files\LG Software Innovations
2008-06-18 08:17:00 89600 --a------ C:\WINDOWS\system32\xdsrfbep.dll
2008-06-12 13:10:17 0 d-------- C:\WINDOWS\Easy CD-DA Extractor 11.1
2008-06-12 13:10:17 0 d-------- C:\Program Files\Easy CD-DA Extractor 11
2008-06-12 08:12:13 98304 -----n--- C:\WINDOWS\system32\jlswyxmt.dll
2008-06-11 07:10:29 0 d-------- C:\Program Files\FlashGet
2008-06-09 06:27:28 0 d-------- C:\Program Files\FDRLab
2008-06-04 19:25:39 691545 --a------ C:\WINDOWS\unins000.exe
2008-06-04 19:25:38 2538 --a------ C:\WINDOWS\unins000.dat
2008-06-04 17:10:59 34 --ah----- C:\WINDOWS\system32\OkokerIESecurityPopUpBlocker_sysquicts.dat
2008-06-04 00:58:39 66 --a------ C:\WINDOWS\äCĂ
2008-06-04 00:29:42 0 d-------- C:\Program Files\Common Files\NSV
2008-06-03 22:48:36 86144 -----n--- C:\WINDOWS\system32\drivers\arp13944.sys
2008-06-03 22:47:49 0 d-------- C:\Temp
2008-06-03 22:46:17 0 d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2008-06-03 22:40:07 0 d-------- C:\Program Files\Winamp Toolbar
2008-06-03 22:40:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-06-03 22:39:41 0 d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-06-03 22:39:32 0 d-------- C:\Program Files\Winamp Remote
2008-06-03 22:38:53 371712 -----n--- C:\WINDOWS\system32\efcBuuSk.dll
2008-06-03 22:36:03 0 d-------- C:\Program Files\Winamp
2008-06-03 22:36:03 0 d-------- C:\Documents and Settings\Admin\Application Data\Winamp
2008-06-03 22:33:37 58880 -----n--- C:\WINDOWS\system32\fccaXPfg.dll
2008-06-03 03:04:19 0 d-------- C:\Program Files\Magic Image Resizer
2008-06-02 20:56:28 0 d-------- C:\Program Files\Chapura
2008-06-02 04:10:15 0 d-------- C:\Documents and Settings\Admin\Application Data\dvdcss
2008-06-02 00:20:41 0 d-------- C:\Documents and Settings\Admin\Application Data\LimeWire
2008-06-02 00:20:20 0 d-------- C:\WINDOWS\Sun
2008-06-02 00:20:20 0 d-------- C:\Documents and Settings\Admin\Application Data\Sun
2008-06-02 00:19:09 0 d-------- C:\Program Files\Java
2008-06-02 00:15:55 0 d-------- C:\Program Files\Common Files\Java
2008-06-02 00:01:38 0 d-------- C:\Documents and Settings\Admin\Application Data\kantaris
2008-06-02 00:00:53 0 d-------- C:\Program Files\Haali
2008-06-01 23:57:58 0 d-------- C:\Program Files\QO Developments
2008-06-01 23:55:02 0 d-------- C:\Program Files\LimeWire
2008-06-01 23:53:33 0 d-------- C:\Program Files\Kantaris
2008-06-01 22:53:10 0 d-------- C:\Program Files\Fantastic Flame Screensaver
2008-06-01 22:53:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Laconic Software
2008-06-01 08:04:02 0 d-------- C:\Documents and Settings\Admin\Application Data\ieSpell
2008-06-01 05:57:27 0 d-------- C:\Program Files\DVDInfoPro
2008-06-01 03:52:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\PCToolsSpamMonitorPlus
2008-06-01 03:52:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\PCToolsFirewallPlus
2008-05-31 22:52:54 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-31 20:53:40 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-31 20:53:23 0 d-------- C:\Program Files\VIA
2008-05-31 20:46:08 110602 --a------ C:\WINDOWS\system32\xcdsfx32.bin
2008-05-31 20:46:08 0 d-------- C:\Program Files\Driver Magician
2008-05-31 20:21:09 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-05-31 20:21:09 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-05-31 17:21:01 0 d-------- C:\Documents and Settings\Admin\Application Data\DivX
2008-05-31 04:33:32 0 d-------- C:\Program Files\SlySoft
2008-05-31 02:54:22 0 d-------- C:\Documents and Settings\Admin\Application Data\ImgBurn
2008-05-31 02:51:10 0 d-------- C:\Program Files\ImgBurn
2008-05-31 01:29:18 0 d-------- C:\Program Files\iPrep 101
2008-05-31 00:46:12 0 d-------- C:\Documents and Settings\Admin\Application Data\Xbins
2008-05-30 22:16:35 0 d-------- C:\Program Files\Absolute Sound Recorder
2008-05-30 03:13:05 0 d-------- C:\Documents and Settings\Admin\Application Data\PCToolsFirewallPlus
2008-05-30 03:13:04 0 d-------- C:\Documents and Settings\Admin\Application Data\PCToolsSpamMonitorPlus
2008-05-30 03:09:01 0 d-------- C:\Program Files\PC Tools Internet Security
2008-05-30 02:41:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-05-30 02:26:21 0 d-------- C:\Documents and Settings\All Users\Application Data\SRSLabs
2008-05-30 02:19:11 0 d-------- C:\Program Files\SRSLabs
2008-05-30 02:19:11 0 d-------- C:\Program Files\Common Files\SRS
2008-05-30 00:05:39 0 d-------- C:\WINDOWS\CAVTemp
2008-05-30 00:00:46 0 d-------- C:\Documents and Settings\Default User\Application Data\CallingID
2008-05-29 23:56:28 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-05-29 05:09:53 0 d-------- C:\Documents and Settings\Admin\Application Data\F-Secure
2008-05-29 04:59:21 0 d-------- C:\Program Files\F-Secure Internet Security
2008-05-29 04:59:14 0 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-05-29 04:58:54 0 d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-05-29 04:47:40 0 d-------- C:\Program Files\Alcohol Soft
2008-05-29 04:35:14 0 d--h----- C:\WINDOWS\PIF
2008-05-29 04:21:43 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-29 03:50:00 0 d-------- C:\Documents and Settings\Admin\Application Data\vlc
2008-05-29 03:42:02 715248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-29 03:42:00 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-29 02:03:27 0 d-------- C:\Program Files\VeryPDF PDF2Word v3.0
2008-05-28 19:11:13 0 d-------- C:\Program Files\VideoLAN
2008-05-28 18:34:03 14 --a------ C:\WINDOWS\system32\SysEngineDrive1.sys
2008-05-28 18:32:43 354816 --a------ C:\WINDOWS\system32\psisdecd.dll
2008-05-28 18:32:34 0 d-------- C:\Program Files\BlazeVideo
2008-05-28 17:55:50 0 d-------- C:\Program Files\DVDFab 5
2008-05-28 16:54:03 0 d-------- C:\Documents and Settings\Admin\Application Data\Pioneer
2008-05-28 16:33:15 0 d-------- C:\WINDOWS\system32\ipp20
2008-05-28 16:32:48 0 d-------- C:\Program Files\Pioneer
2008-05-28 16:28:24 0 d-------- C:\Documents and Settings\Admin\Application Data\Media Player Classic
2008-05-28 02:17:31 0 d-------- C:\Documents and Settings\Admin\Application Data\Intermedia Software
2008-05-28 02:16:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Intermedia Software
2008-05-28 02:16:17 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-05-28 02:16:16 0 d-------- C:\Program Files\Intermedia Software
2008-05-28 01:45:40 0 d-------- C:\Documents and Settings\Admin\Application Data\Ashampoo
2008-05-28 01:42:46 0 d-------- C:\Documents and Settings\Admin\Application Data\foobar2000
2008-05-28 01:29:04 0 d-------- C:\Documents and Settings\Admin\Application Data\Thunderbird
2008-05-28 01:28:24 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-05-28 01:28:22 0 d-------- C:\Program Files\dlDone
2008-05-28 01:23:56 0 d-------- C:\Program Files\SABnzbd
2008-05-27 22:44:30 0 d-------- C:\Program Files\foobar2000
2008-05-27 15:38:26 0 d-------- C:\Program Files\DVD Decrypter
2008-05-27 15:31:22 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-27 15:31:14 0 d-------- C:\Program Files\DVD Shrink
2008-05-27 02:45:23 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-05-27 02:45:23 47360 --a------ C:\Documents and Settings\Admin\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-05-27 02:45:22 0 d-------- C:\Documents and Settings\Admin\Application Data\Vso
2008-05-27 02:45:11 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-05-27 02:45:11 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-05-27 02:45:11 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-05-27 02:45:11 65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-05-27 02:45:10 626688 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-05-27 02:45:07 0 d-------- C:\Program Files\VSO
2008-05-27 02:45:04 0 dr-h----- C:\Documents and Settings\Admin\Recent
2008-05-27 02:19:39 0 d-------- C:\Documents and Settings\Admin\Application Data\Uniblue
2008-05-26 23:37:20 0 d-------- C:\Program Files\Sportsbook Poker
2008-05-26 23:35:39 0 d-------- C:\Program Files\Sportsbook.com Casino
2008-05-26 23:31:08 0 d-------- C:\Documents and Settings\Admin\Application Data\Opera
2008-05-26 23:04:06 155648 --a------ C:\WINDOWS\system32\libssl32.dll
2008-05-26 23:03:53 0 d-------- C:\OpenSSL
2008-05-26 23:00:25 0 d-------- C:\Documents and Settings\Admin\Application Data\GoodSync
2008-05-26 22:40:11 0 d-------- C:\Documents and Settings\Admin\Application Data\ExplorerPlus
2008-05-26 22:22:38 0 d-------- C:\Documents and Settings\Admin\Application Data\XRayz
2008-05-26 22:21:11 0 d-------- C:\Program Files\ClipCache
2008-05-26 21:50:21 0 d-------- C:\Documents and Settings\Admin\Application Data\Arcsoft
2008-05-26 21:44:38 0 d-------- C:\Program Files\PalmTether
2008-05-26 21:44:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Sprint
2008-05-26 21:44:35 0 d-------- C:\Program Files\Sprint
2008-05-26 21:44:35 0 d-------- C:\Program Files\Common Files\Sprint
2008-05-26 21:30:42 0 d-------- C:\Program Files\Sprint music manager
2008-05-26 20:35:27 0 d-------- C:\WINDOWS\system32\oodag
2008-05-26 20:32:20 0 d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2008-05-26 20:31:41 0 d-------- C:\Program Files\Palm
2008-05-26 20:26:43 0 d-------- C:\Documents and Settings\Admin\Application Data\HotSync
2008-05-26 20:26:34 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-26 20:05:43 0 d-------- C:\Documents and Settings\LocalService\Application Data\VMware
2008-05-26 20:05:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\Acronis
2008-05-26 19:51:00 0 d-------- C:\WINDOWS\pss
2008-05-26 19:43:42 0 d-------- C:\WINDOWS\WINDOWS
2008-05-26 19:43:36 0 d-------- C:\Program Files\Siber Systems
2008-05-26 19:42:30 0 d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2008-05-26 19:38:32 0 d-------- C:\Program Files\Collectorz.com
2008-05-26 19:38:01 0 d-------- C:\Documents and Settings\Admin\Application Data\WinRAR
2008-05-26 17:50:29 0 d-------- C:\Documents and Settings\Admin\Application Data\Adobe
2008-05-26 16:59:59 0 d-------- C:\Documents and Settings\Admin\dwhelper
2008-05-26 15:12:20 0 d-------- C:\WINDOWS\My Video Downloader
2008-05-26 15:12:20 0 d-------- C:\Program Files\My Video Downloader
2008-05-26 15:10:11 0 d-------- C:\Program Files\ieSpell
2008-05-26 07:27:49 0 d-------- C:\Program Files\PowerDataRecovery
2008-05-26 07:22:00 0 d-------- C:\Program Files\QuickPar
2008-05-26 06:41:32 0 d-------- C:\NZB Auto Import Folder
2008-05-26 06:39:22 0 d-------- C:\NEWSLEECHER
2008-05-26 06:31:29 0 d-------- C:\Program Files\Giganews Accelerator
2008-05-26 06:22:07 0 d-------- C:\Documents and Settings\Admin\Downloads
2008-05-26 06:22:01 0 d-------- C:\Documents and Settings\Admin\Application Data\NewsLeecher
2008-05-26 06:17:34 0 d-------- C:\Program Files\NewsLeecher
2008-05-26 06:14:28 0 d-------- C:\Documents and Settings\Admin\Application Data\Avant Profiles
2008-05-26 06:11:54 0 d-------- C:\Program Files\Avant Browser
2008-05-26 06:08:40 0 d-------- C:\Documents and Settings\Admin\Application Data\Macromedia
2008-05-26 06:04:24 0 d-------- C:\Documents and Settings\Admin\Application Data\VMware
2008-05-26 06:03:45 0 d-------- C:\Documents and Settings\NetworkService\Application Data\VMware
2008-05-26 06:02:03 0 d-------- C:\Documents and Settings\All Users\Application Data\VMware
2008-05-26 06:02:01 0 d-------- C:\Program Files\VMware
2008-05-26 06:02:01 0 d-------- C:\Program Files\Common Files\VMware
2008-05-26 05:59:52 0 d-------- C:\Documents and Settings\Admin\Application Data\ESET
2008-05-26 05:58:42 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-05-26 05:57:54 0 d-------- C:\Program Files\InstallShield Installation Information
2008-05-26 05:57:47 0 d-------- C:\Program Files\Symantec
2008-05-26 05:57:38 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-26 05:57:30 0 d-------- C:\Program Files\Kingdia Software
2008-05-26 05:57:26 0 d-------- C:\Program Files\Dvd-cloner
2008-05-26 05:56:14 0 d-------- C:\WINDOWS\system32\URTTEMP
2008-05-26 05:48:39 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-05-26 05:48:17 0 d-------- C:\Program Files\Reference Assemblies
2008-05-26 05:47:42 0 d-------- C:\Program Files\MSXML 6.0
2008-05-26 05:46:34 124416 -----n--- C:\WINDOWS\system32\prntvpt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-26 05:45:53 0 d-------- C:\Program Files\My Company Name
2008-05-26 05:45:34 0 d-------- C:\Program Files\Quick Batch File Compiler
2008-05-26 05:45:27 0 d-------- C:\Program Files\OO Software
2008-05-26 05:45:19 0 d-------- C:\Program Files\Notepad++
2008-05-26 05:45:19 0 d-------- C:\Documents and Settings\Admin\Application Data\Notepad++
2008-05-26 05:40:14 0 d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-05-26 05:40:10 0 d-------- C:\Program Files\Ashampoo
2008-05-26 05:40:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Acronis
2008-05-26 05:39:35 0 d-------- C:\Program Files\Common Files\Acronis
2008-05-26 05:39:35 0 d-------- C:\Program Files\Acronis
2008-05-26 05:34:27 0 d-------- C:\Program Files\Microsoft Works
2008-05-26 05:34:17 0 d-------- C:\Program Files\MSBuild
2008-05-26 05:30:06 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-26 05:29:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-26 05:29:17 0 dr-h----- C:\MSOCache
2008-05-26 05:27:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-26 05:27:54 0 d-------- C:\Program Files\Common Files\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-06-25 11:48:50 0 d-------- C:\Documents and Settings\Admin\Application Data\Real
2008-06-18 18:07:43 668 --a------ C:\Documents and Settings\Admin\Application Data\vso_ts_preview.xml
2008-06-17 14:29:20 0 d-------- C:\Documents and Settings\Admin\Application Data\Mozilla
2008-06-05 19:28:33 0 d-------- C:\Program Files\Online Services
2008-06-04 00:29:42 0 d-------- C:\Program Files\Common Files
2008-05-30 00:53:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 01:44:56 0 d-------- C:\Program Files\nLite
2008-05-27 02:45:32 34 --a------ C:\Documents and Settings\Admin\Application Data\pcouffin.log
2008-05-27 02:45:23 1144 --a------ C:\Documents and Settings\Admin\Application Data\pcouffin.inf
2008-05-27 02:45:23 7887 --a------ C:\Documents and Settings\Admin\Application Data\pcouffin.cat
2008-05-26 06:10:36 0 d-------- C:\Program Files\BlackXP


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01b78405-ed04-4c5c-b515-a7b15ee8a43b}]
06/25/2008 05:59 PM 106496 --a------ C:\WINDOWS\system32\bqypxmxf.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [12/21/2007 08:21 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 04:00 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Giganews Accelerator.lnk - C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe [12/18/2007 8:49:40 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Shortcut to RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe [10/18/2002 3:52:09 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^ClipCache Pro.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\Startup\ClipCache Pro.lnk
backup=C:\WINDOWS\pss\ClipCache Pro.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^MEMonitor.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\Startup\MEMonitor.lnk
backup=C:\WINDOWS\pss\MEMonitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fantastic Flame Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Fantastic Flame Agent.lnk
backup=C:\WINDOWS\pss\Fantastic Flame Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to RocketDock.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to RocketDock.lnk
backup=C:\WINDOWS\pss\Shortcut to RocketDock.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to sidebar.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to sidebar.lnk
backup=C:\WINDOWS\pss\Shortcut to sidebar.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^vmnet.exe.lnk]
backup=C:\WINDOWS\pss\vmnet.exe.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\vmnet.exe.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
"C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
"C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
"C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
"C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooccctrl.exe]
C:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
"C:\Program Files\Agnitum\Outpost Security Suite Pro\feedback.exe" /dump:os_startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PalmTether]
"C:\Program Files\PalmTether\TetherApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rapget]
E:\PROGRAMS\rapget141\rapget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
"C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
"C:\Program Files\RocketDock\RocketDock.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaDrive]
C:\WINDOWS\VistaDrive.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmnet]
C:\WINDOWS\WINDOWS\vmnet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
"C:\Program Files\VMware\VMware Workstation\hqtray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
"C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"VMAuthdService"=2 (0x2)
"ufad-ws60"=3 (0x3)
"TuneUp.Defrag"=3 (0x3)
"TryAndDecideService"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"ose"=3 (0x3)
"OOCleverCacheAgent"=2 (0x2)
"odserv"=3 (0x3)
"O&O Defrag"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
"VMware NAT Service"=2 (0x2)
"vmount2"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"NVSvc"=2 (0x2)
"NMIndexingService"=3 (0x3)
"MsSecurity1.209.4"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"EhttpSrv"=3 (0x3)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-06-25 18:41:06 ------------

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:24 AM

Posted 26 June 2008 - 05:48 PM

Please download ComboFix and save it to your desktop.
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 JTIMMY712

JTIMMY712
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 27 June 2008 - 02:41 AM

combo log

ComboFix 08-06-20.4 - Admin 2008-06-26 3:30:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.633 [GMT -4:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\Temp\vtmp2
C:\Temp\vtmp2\ktnv33.log
C:\WINDOWS\444.471
C:\WINDOWS\BM3f7f0709.xml
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\afbtdekx.ini
C:\WINDOWS\system32\drivers\arp13944.sys
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\efcBuuSk.dll
C:\WINDOWS\system32\fccaXPfg.dll
C:\WINDOWS\system32\hflocnhm.ini
C:\WINDOWS\system32\hnekdggu.ini
C:\WINDOWS\system32\jgnlptaw.ini
C:\WINDOWS\system32\jlswyxmt.dll
C:\WINDOWS\system32\jmeylsfk.ini
C:\WINDOWS\system32\juguefjk.ini
C:\WINDOWS\system32\khegvkie.ini
C:\WINDOWS\system32\kSuuBcfe.ini
C:\WINDOWS\system32\lkkngpsy.ini
C:\WINDOWS\system32\lotbiuvc.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\miytvcoh.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mtxbqdla.ini
C:\WINDOWS\system32\odqdanab.ini
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pdlqmlef.ini
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\qftrdwda.ini
C:\WINDOWS\system32\qsxamuiy.ini
C:\WINDOWS\system32\tigahhli.ini
C:\WINDOWS\system32\wfqracaw.ini
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\wrhfqudp.ini
C:\WINDOWS\system32\xdsrfbep.dll
C:\WINDOWS\WINDOWS
C:\WINDOWS\WINDOWS\vmnet.exe

----- BITS: Possible infected sites -----

hxxp://updates.smithmicro.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ARP13944
-------\Legacy_MSSECURITY1.209.4
-------\Service_arp13944
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.

2008-06-26 03:34 . 2008-06-26 03:34 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-06-26 03:34 . 2008-06-26 03:34 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-06-25 18:23 . 2008-06-25 18:23 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-25 18:23 . 2008-06-25 18:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-25 18:23 . 2008-06-25 18:23 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Malwarebytes
2008-06-25 18:23 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-25 18:23 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-25 17:59 . 2008-06-25 18:00 1,706,151 --ahs---- C:\WINDOWS\system32\kjfujhkt.tmp
2008-06-25 17:59 . 2008-06-25 17:59 106,496 --a------ C:\WINDOWS\system32\bqypxmxf.dll
2008-06-25 17:59 . 2008-06-25 18:35 91,648 --------- C:\WINDOWS\system32\fwhpqjeo.dll
2008-06-24 21:52 . 2008-06-24 21:52 <DIR> d-------- C:\SERIAL_KILLER_1
2008-06-24 18:02 . 2008-06-24 18:02 106,496 --a------ C:\WINDOWS\system32\iiulcnhg.dll
2008-06-24 17:58 . 2008-06-24 17:58 91,136 --a------ C:\WINDOWS\system32\ydpuspqq.dll
2008-06-24 06:42 . 2008-06-24 06:42 64,179 --a------ C:\WINDOWS\system32\ddnfgptydiag.exe
2008-06-23 08:31 . 2008-06-23 08:31 105,472 --a------ C:\WINDOWS\system32\stqkwmlx.dll
2008-06-23 08:27 . 2008-06-23 08:27 91,136 --a------ C:\WINDOWS\system32\fbaaqemy.dll
2008-06-23 08:24 . 2008-06-23 08:24 105,472 --a------ C:\WINDOWS\system32\mqrrtdtb.dll
2008-06-23 08:22 . 2008-06-23 08:22 91,136 --a------ C:\WINDOWS\system32\hmekuqgv.dll
2008-06-22 18:55 . 2008-06-22 18:55 <DIR> d-------- C:\Program Files\PAR Buddy
2008-06-22 08:24 . 2008-06-22 08:24 99,328 --a------ C:\WINDOWS\system32\xlsqaefc.dll
2008-06-22 08:21 . 2008-06-22 08:21 91,136 --a------ C:\WINDOWS\system32\isiwbqro.dll
2008-06-20 08:25 . 2008-06-20 08:25 99,328 --a------ C:\WINDOWS\system32\xonweurc.dll
2008-06-20 05:19 . 2008-06-20 05:20 <DIR> d-------- C:\Program Files\MediaMonkey
2008-06-18 18:38 . 2008-06-18 18:38 4,328 --a------ C:\SERIAL_KILLER_1.MDS
2008-06-18 18:30 . 2008-06-18 18:30 8,430 --a------ C:\Godfathers Disc 2.MDS
2008-06-18 18:09 . 2008-06-18 18:09 <DIR> d-------- C:\Program Files\LG Software Innovations
2008-06-18 18:07 . 2008-06-18 18:30 8,096,350,208 --a------ C:\Godfathers Disc 2.ISO
2008-06-17 15:44 . 2008-06-17 15:44 <DIR> d-------- C:\Deckard
2008-06-12 13:13 . 2008-06-14 13:07 5,002 --a------ C:\WINDOWS\CDPLAYER.UNI
2008-06-12 13:10 . 2008-06-12 13:10 <DIR> d-------- C:\WINDOWS\Easy CD-DA Extractor 11.1
2008-06-12 13:10 . 2008-06-12 13:11 <DIR> d-------- C:\Program Files\Easy CD-DA Extractor 11
2008-06-11 07:10 . 2008-06-26 03:32 <DIR> d-------- C:\Program Files\FlashGet
2008-06-09 06:27 . 2008-06-09 06:27 <DIR> d-------- C:\Program Files\FDRLab
2008-06-04 19:25 . 2008-06-04 19:18 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-04 19:25 . 2008-06-04 19:25 2,538 --a------ C:\WINDOWS\unins000.dat
2008-06-04 17:10 . 2008-06-04 17:10 34 --ah----- C:\WINDOWS\system32\OkokerIESecurityPopUpBlocker_sysquicts.dat
2008-06-04 00:58 . 66 C:\WINDOWS\„CA
2008-06-04 00:29 . 2008-06-04 00:29 <DIR> d-------- C:\Program Files\Common Files\NSV
2008-06-03 22:48 . 2008-06-03 22:48 167,976 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-06-03 22:47 . 2008-06-26 03:30 <DIR> d-------- C:\Temp
2008-06-03 22:46 . 2008-06-03 23:20 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2008-06-03 22:40 . 2008-06-03 22:40 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-06-03 22:40 . 2008-06-03 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-06-03 22:39 . 2008-06-03 22:55 <DIR> d-------- C:\Program Files\Winamp Remote
2008-06-03 22:39 . 2008-06-03 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-06-03 22:36 . 2008-06-03 22:45 <DIR> d-------- C:\Program Files\Winamp
2008-06-03 22:36 . 2008-06-04 00:31 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Winamp
2008-06-03 03:04 . 2008-06-03 03:04 <DIR> d-------- C:\Program Files\Magic Image Resizer
2008-06-02 23:48 . 2008-06-02 23:48 0 --a------ C:\WINDOWS\QuickInstall.INI
2008-06-02 20:59 . 2008-06-02 20:59 0 --a------ C:\WINDOWS\QUICKI~1.INI
2008-06-02 20:56 . 2008-06-02 20:56 <DIR> d-------- C:\Program Files\Chapura
2008-06-02 04:10 . 2008-06-25 05:38 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\dvdcss
2008-06-02 00:20 . 2008-06-02 00:20 <DIR> d-------- C:\WINDOWS\Sun
2008-06-02 00:20 . 2008-06-10 19:18 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\LimeWire
2008-06-02 00:19 . 2008-06-02 00:19 <DIR> d-------- C:\Program Files\Java
2008-06-02 00:19 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-02 00:15 . 2008-06-02 00:15 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-02 00:01 . 2008-06-02 00:03 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\kantaris
2008-06-02 00:00 . 2008-06-02 00:00 <DIR> d-------- C:\Program Files\Haali
2008-06-01 23:57 . 2008-06-01 23:57 <DIR> d-------- C:\Program Files\QO Developments
2008-06-01 23:55 . 2008-06-01 23:58 <DIR> d-------- C:\Program Files\LimeWire
2008-06-01 23:53 . 2008-06-01 23:53 <DIR> d-------- C:\Program Files\Kantaris
2008-06-01 22:53 . 2008-06-01 22:53 <DIR> d-------- C:\Program Files\Fantastic Flame Screensaver
2008-06-01 22:53 . 2008-06-01 22:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Laconic Software
2008-06-01 08:04 . 2008-06-01 08:04 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\ieSpell
2008-06-01 05:57 . 2008-06-01 05:57 <DIR> d-------- C:\Program Files\DVDInfoPro
2008-06-01 03:52 . 2008-06-01 03:52 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\PCToolsSpamMonitorPlus
2008-06-01 03:52 . 2008-06-01 03:52 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\PCToolsFirewallPlus
2008-05-31 22:52 . 2008-05-31 22:52 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-31 20:53 . 2008-05-31 20:53 <DIR> d-------- C:\Program Files\VIA
2008-05-31 20:53 . 2007-04-11 15:35 331,184 --------- C:\WINDOWS\system32\difxapi.dll
2008-05-31 20:46 . 2008-05-31 20:46 <DIR> d-------- C:\Program Files\Driver Magician
2008-05-31 20:46 . 2004-09-28 11:13 526,184 --a------ C:\WINDOWS\system32\XceedCry.dll
2008-05-31 20:46 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\Tabctl32.ocx
2008-05-31 20:46 . 2004-08-11 15:55 110,602 --a------ C:\WINDOWS\system32\xcdsfx32.bin
2008-05-31 20:21 . 2008-05-31 20:21 <DIR> d-------- C:\Program Files\PC Drivers HeadQuarters
2008-05-31 20:21 . 2008-05-31 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-05-31 17:21 . 2008-05-31 17:21 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\DivX
2008-05-31 04:33 . 2008-05-31 04:33 <DIR> d-------- C:\Program Files\SlySoft
2008-05-31 04:33 . 2008-05-31 04:34 24 ---hs---- C:\WINDOWS\SB6BD6FFC.tmp
2008-05-31 02:54 . 2008-05-31 02:55 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\ImgBurn
2008-05-31 02:51 . 2008-05-31 02:51 <DIR> d-------- C:\Program Files\ImgBurn
2008-05-31 01:29 . 2008-05-31 23:38 <DIR> d-------- C:\Program Files\iPrep 101
2008-05-31 00:46 . 2008-05-31 00:46 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Xbins
2008-05-30 22:16 . 2008-05-30 22:20 <DIR> d-------- C:\Program Files\Absolute Sound Recorder
2008-05-30 22:00 . 2007-03-19 04:18 104,064 -ra------ C:\WINDOWS\system32\drivers\viamraid.sys
2008-05-30 03:13 . 2008-05-30 03:13 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\PCToolsSpamMonitorPlus
2008-05-30 03:13 . 2008-05-30 03:13 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\PCToolsFirewallPlus
2008-05-30 03:09 . 2008-06-01 04:10 <DIR> d-------- C:\Program Files\PC Tools Internet Security
2008-05-30 02:41 . 2008-05-30 03:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-05-30 02:26 . 2008-05-30 02:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SRSLabs
2008-05-30 02:19 . 2008-05-30 02:19 <DIR> d-------- C:\Program Files\SRSLabs
2008-05-30 02:19 . 2008-05-30 02:19 <DIR> d-------- C:\Program Files\Common Files\SRS
2008-05-30 00:05 . 2008-05-30 00:49 <DIR> d-------- C:\WINDOWS\CAVTemp
2008-05-29 23:56 . 2008-05-30 01:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-05-29 05:09 . 2008-05-29 05:09 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\F-Secure
2008-05-29 04:59 . 2008-05-29 23:49 <DIR> d-------- C:\Program Files\F-Secure Internet Security
2008-05-29 04:59 . 2008-05-29 23:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-05-29 04:58 . 2008-05-29 04:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-05-29 04:47 . 2008-05-29 04:47 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-05-29 04:35 . 2008-05-29 04:35 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-29 03:50 . 2008-05-29 03:50 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\vlc
2008-05-29 03:42 . 2008-06-01 03:58 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-29 03:42 . 2008-05-29 04:35 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-29 02:07 . 2008-05-30 22:10 348 --a------ C:\WINDOWS\pdf2word.INI
2008-05-29 02:03 . 2008-05-29 02:04 <DIR> d-------- C:\Program Files\VeryPDF PDF2Word v3.0
2008-05-28 19:11 . 2008-05-28 19:11 <DIR> d-------- C:\Program Files\VideoLAN
2008-05-28 18:43 . 2008-05-28 18:51 114 --a------ C:\WINDOWS\IfoEdit.INI
2008-05-28 18:34 . 2008-05-28 18:34 14 --a------ C:\WINDOWS\system32\SysEngineDrive1.sys
2008-05-28 18:32 . 2008-05-28 18:32 <DIR> d-------- C:\Program Files\BlazeVideo
2008-05-28 18:32 . 2005-12-01 14:31 1,645,320 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-05-28 18:32 . 2005-08-16 10:10 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2008-05-28 18:32 . 2005-08-16 10:10 52,224 --a------ C:\WINDOWS\system32\MSDvbNP.ax
2008-05-28 18:32 . 2005-08-16 10:10 30,208 --a------ C:\WINDOWS\system32\psisrndr.ax
2008-05-28 17:55 . 2008-05-28 18:07 <DIR> d-------- C:\Program Files\DVDFab 5
2008-05-28 16:54 . 2008-05-28 16:54 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Pioneer
2008-05-28 16:33 . 2008-05-28 16:33 <DIR> d-------- C:\WINDOWS\system32\ipp20
2008-05-28 16:32 . 2008-05-28 16:32 <DIR> d-------- C:\Program Files\Pioneer
2008-05-28 16:28 . 2008-05-28 16:28 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Media Player Classic
2008-05-28 02:17 . 2008-05-28 02:17 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Intermedia Software
2008-05-28 02:16 . 2008-05-28 02:16 <DIR> d-------- C:\Program Files\Intermedia Software
2008-05-28 02:16 . 2008-05-28 02:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intermedia Software
2008-05-28 02:16 . 2003-04-18 16:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-05-28 01:45 . 2008-05-28 01:45 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Ashampoo
2008-05-28 01:42 . 2008-06-10 20:37 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\foobar2000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 01:43 --------- d-----w C:\Program Files\Opera
2008-06-05 00:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-04 23:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-30 04:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 05:44 --------- d-----w C:\Program Files\nLite
2008-05-26 10:10 --------- d-----w C:\Program Files\BlackXP
2002-10-18 07:46 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2002-10-18 07:46 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2002-10-18 07:46 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012002101820021019\index.dat
2002-10-18 07:46 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

------- Sigcheck -------

2007-12-28 09:34 360704 90671a9a8f189262be5224c497c2e0c7 C:\WINDOWS\system32\drivers\tcpip.sys

2007-12-28 09:39 2221824 86889d12db125d402d618ed36bf7e166 C:\WINDOWS\system32\ntkrnlpa.exe

2007-12-28 09:34 2345216 31610d15a02ce89554172a03e5268efa C:\WINDOWS\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01b78405-ed04-4c5c-b515-a7b15ee8a43b}]
2008-06-25 17:59 106496 --a------ C:\WINDOWS\system32\bqypxmxf.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-19 18:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 16:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-12-28 09:33 124928 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Giganews Accelerator.lnk - C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe [2007-12-18 08:49:40 757760]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Shortcut to RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe [2002-10-18 03:52:09 495616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^ClipCache Pro.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\Startup\ClipCache Pro.lnk
backup=C:\WINDOWS\pss\ClipCache Pro.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^MEMonitor.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\Startup\MEMonitor.lnk
backup=C:\WINDOWS\pss\MEMonitor.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fantastic Flame Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Fantastic Flame Agent.lnk
backup=C:\WINDOWS\pss\Fantastic Flame Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to RocketDock.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to RocketDock.lnk
backup=C:\WINDOWS\pss\Shortcut to RocketDock.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to sidebar.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to sidebar.lnk
backup=C:\WINDOWS\pss\Shortcut to sidebar.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^vmnet.exe.lnk]
backup=C:\WINDOWS\pss\vmnet.exe.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\vmnet.exe.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2007-10-30 20:07 140568 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
--a------ 2007-10-30 20:11 909208 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
-ra------ 2007-12-04 02:07 61440 C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-12-22 03:23 221568 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-20 18:35 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 15:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 16:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 11:21 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 18:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-07-13 03:34 8466432 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-07-13 03:34 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-07-13 03:34 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooccctrl.exe]
--a------ 2007-01-28 15:08 1911568 C:\Program Files\OO Software\CleverCache\ooccctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 02:08 2512392 C:\WINDOWS\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-03-31 21:54 507904 C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
C:\Program Files\Agnitum\Outpost Security Suite Pro\feedback.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PalmTether]
--a------ 2006-02-09 00:16 143360 C:\Program Files\PalmTether\TetherApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rapget]
--a------ 2008-06-03 21:29 171008 E:\PROGRAMS\rapget141\rapget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
--a------ 2008-05-26 19:49 160592 C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-09-02 16:58 495616 C:\Program Files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
--a------ 2007-10-30 20:06 2595616 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
--a------ 2007-07-05 15:31 9495832 C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaDrive]
--a------ 2007-10-11 19:19 1596230 C:\WINDOWS\VistaDrive.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmnet]
C:\WINDOWS\WINDOWS\vmnet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
--a------ 2007-10-08 11:26 55856 C:\Program Files\VMware\VMware Workstation\hqtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
--a------ 2007-10-08 11:27 72240 C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 14:49 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"VMAuthdService"=2 (0x2)
"ufad-ws60"=3 (0x3)
"TuneUp.Defrag"=3 (0x3)
"TryAndDecideService"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"ose"=3 (0x3)
"OOCleverCacheAgent"=2 (0x2)
"odserv"=3 (0x3)
"O&O Defrag"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
"VMware NAT Service"=2 (0x2)
"vmount2"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"NVSvc"=2 (0x2)
"NMIndexingService"=3 (0x3)
"MsSecurity1.209.4"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"EhttpSrv"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Avant Browser\\avant.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"E:\\PROGRAMS\\XBO 360 PROGRAMS\\xbins.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-05-26 05:39]
R1 sdpiosys;sdpiosys;C:\WINDOWS\system32\drivers\sdpiosys.sys [2004-11-30 12:10]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 16:00]
R3 palmmdm;Palm Modem;C:\WINDOWS\system32\DRIVERS\palmmdm.sys [2006-01-30 13:42]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 10:02]
S4 TryAndDecideService;Acronis Try And Decide Service;"C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe" [2007-10-30 20:51]
S4 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2002-10-18 03:42]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 03:34:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-06-26 3:37:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-26 07:37:13

Pre-Run: 36,878,372,864 bytes free
Post-Run: 36,989,644,800 bytes free

399

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:24 AM

Posted 27 June 2008 - 10:50 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\WINDOWS\system32\kjfujhkt.tmp
C:\WINDOWS\system32\bqypxmxf.dll
C:\WINDOWS\system32\fwhpqjeo.dll
C:\WINDOWS\system32\iiulcnhg.dll
C:\WINDOWS\system32\ydpuspqq.dll
C:\WINDOWS\system32\ddnfgptydiag.exe
C:\WINDOWS\system32\stqkwmlx.dll
C:\WINDOWS\system32\fbaaqemy.dll
C:\WINDOWS\system32\mqrrtdtb.dll
C:\WINDOWS\system32\hmekuqgv.dll
C:\WINDOWS\system32\xlsqaefc.dll
C:\WINDOWS\system32\isiwbqro.dll
C:\WINDOWS\system32\xonweurc.dll
C:\WINDOWS\system32\drivers\core.cache.dsk

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01b78405-ed04-4c5c-b515-a7b15ee8a43b}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaDrive]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmnet]
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


===============



Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 JTIMMY712

JTIMMY712
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 27 June 2008 - 09:43 PM

again thanks for the help

ComboFix 08-06-20.4 - Admin 2008-06-26 20:15:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.534 [GMT -4:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\bqypxmxf.dll
C:\WINDOWS\system32\ddnfgptydiag.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\fbaaqemy.dll
C:\WINDOWS\system32\fwhpqjeo.dll
C:\WINDOWS\system32\hmekuqgv.dll
C:\WINDOWS\system32\iiulcnhg.dll
C:\WINDOWS\system32\isiwbqro.dll
C:\WINDOWS\system32\kjfujhkt.tmp
C:\WINDOWS\system32\mqrrtdtb.dll
C:\WINDOWS\system32\stqkwmlx.dll
C:\WINDOWS\system32\xlsqaefc.dll
C:\WINDOWS\system32\xonweurc.dll
C:\WINDOWS\system32\ydpuspqq.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Admin\Application Data\inst.exe
C:\WINDOWS\system32\bqypxmxf.dll
C:\WINDOWS\system32\ddnfgptydiag.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\fbaaqemy.dll
C:\WINDOWS\system32\fwhpqjeo.dll
C:\WINDOWS\system32\hmekuqgv.dll
C:\WINDOWS\system32\iiulcnhg.dll
C:\WINDOWS\system32\isiwbqro.dll
C:\WINDOWS\system32\kjfujhkt.tmp
C:\WINDOWS\system32\mqrrtdtb.dll
C:\WINDOWS\system32\stqkwmlx.dll
C:\WINDOWS\system32\xlsqaefc.dll
C:\WINDOWS\system32\xonweurc.dll
C:\WINDOWS\system32\ydpuspqq.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-06-26 03:42 . 2008-06-26 03:42 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-26 03:34 . 2008-06-26 03:34 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-06-26 03:34 . 2008-06-26 03:34 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-06-25 18:23 . 2008-06-25 18:23 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-25 18:23 . 2008-06-25 18:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-25 18:23 . 2008-06-25 18:23 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Malwarebytes
2008-06-25 18:23 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-25 18:23 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-24 21:52 . 2008-06-24 21:52 <DIR> d-------- C:\SERIAL_KILLER_1
2008-06-22 18:55 . 2008-06-22 18:55 <DIR> d-------- C:\Program Files\PAR Buddy
2008-06-20 05:19 . 2008-06-20 05:20 <DIR> d-------- C:\Program Files\MediaMonkey
2008-06-18 18:38 . 2008-06-18 18:38 4,328 --a------ C:\SERIAL_KILLER_1.MDS
2008-06-18 18:30 . 2008-06-18 18:30 8,430 --a------ C:\Godfathers Disc 2.MDS
2008-06-18 18:09 . 2008-06-18 18:09 <DIR> d-------- C:\Program Files\LG Software Innovations
2008-06-18 18:07 . 2008-06-18 18:30 8,096,350,208 --a------ C:\Godfathers Disc 2.ISO
2008-06-17 15:44 . 2008-06-17 15:44 <DIR> d-------- C:\Deckard
2008-06-12 13:13 . 2008-06-14 13:07 5,002 --a------ C:\WINDOWS\CDPLAYER.UNI
2008-06-12 13:10 . 2008-06-12 13:10 <DIR> d-------- C:\WINDOWS\Easy CD-DA Extractor 11.1
2008-06-12 13:10 . 2008-06-12 13:11 <DIR> d-------- C:\Program Files\Easy CD-DA Extractor 11
2008-06-11 07:10 . 2008-06-26 20:16 <DIR> d-------- C:\Program Files\FlashGet
2008-06-09 06:27 . 2008-06-09 06:27 <DIR> d-------- C:\Program Files\FDRLab
2008-06-04 19:25 . 2008-06-04 19:18 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-04 19:25 . 2008-06-04 19:25 2,538 --a------ C:\WINDOWS\unins000.dat
2008-06-04 17:10 . 2008-06-04 17:10 34 --ah----- C:\WINDOWS\system32\OkokerIESecurityPopUpBlocker_sysquicts.dat
2008-06-04 00:58 . 2008-06-04 00:58 66 --a------ C:\WINDOWS\äCĂ
2008-06-04 00:29 . 2008-06-04 00:29 <DIR> d-------- C:\Program Files\Common Files\NSV
2008-06-03 22:47 . 2008-06-26 03:30 <DIR> d-------- C:\Temp
2008-06-03 22:46 . 2008-06-03 23:20 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2008-06-03 22:40 . 2008-06-03 22:40 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-06-03 22:40 . 2008-06-03 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-06-03 22:39 . 2008-06-03 22:55 <DIR> d-------- C:\Program Files\Winamp Remote
2008-06-03 22:39 . 2008-06-03 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-06-03 22:36 . 2008-06-03 22:45 <DIR> d-------- C:\Program Files\Winamp
2008-06-03 22:36 . 2008-06-04 00:31 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Winamp
2008-06-03 03:04 . 2008-06-03 03:04 <DIR> d-------- C:\Program Files\Magic Image Resizer
2008-06-02 23:48 . 2008-06-02 23:48 0 --a------ C:\WINDOWS\QuickInstall.INI
2008-06-02 20:59 . 2008-06-02 20:59 0 --a------ C:\WINDOWS\QUICKI~1.INI
2008-06-02 20:56 . 2008-06-02 20:56 <DIR> d-------- C:\Program Files\Chapura
2008-06-02 04:10 . 2008-06-26 07:55 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\dvdcss
2008-06-02 00:20 . 2008-06-02 00:20 <DIR> d-------- C:\WINDOWS\Sun
2008-06-02 00:20 . 2008-06-10 19:18 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\LimeWire
2008-06-02 00:19 . 2008-06-02 00:19 <DIR> d-------- C:\Program Files\Java
2008-06-02 00:19 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-02 00:15 . 2008-06-02 00:15 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-02 00:01 . 2008-06-02 00:03 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\kantaris
2008-06-02 00:00 . 2008-06-02 00:00 <DIR> d-------- C:\Program Files\Haali
2008-06-01 23:57 . 2008-06-01 23:57 <DIR> d-------- C:\Program Files\QO Developments
2008-06-01 23:55 . 2008-06-01 23:58 <DIR> d-------- C:\Program Files\LimeWire
2008-06-01 23:53 . 2008-06-01 23:53 <DIR> d-------- C:\Program Files\Kantaris
2008-06-01 22:53 . 2008-06-01 22:53 <DIR> d-------- C:\Program Files\Fantastic Flame Screensaver
2008-06-01 22:53 . 2008-06-01 22:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Laconic Software
2008-06-01 08:04 . 2008-06-01 08:04 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\ieSpell
2008-06-01 05:57 . 2008-06-01 05:57 <DIR> d-------- C:\Program Files\DVDInfoPro
2008-06-01 03:52 . 2008-06-01 03:52 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\PCToolsSpamMonitorPlus
2008-06-01 03:52 . 2008-06-01 03:52 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\PCToolsFirewallPlus
2008-05-31 22:52 . 2008-05-31 22:52 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-31 20:53 . 2008-05-31 20:53 <DIR> d-------- C:\Program Files\VIA
2008-05-31 20:53 . 2007-04-11 15:35 331,184 --------- C:\WINDOWS\system32\difxapi.dll
2008-05-31 20:46 . 2008-05-31 20:46 <DIR> d-------- C:\Program Files\Driver Magician
2008-05-31 20:46 . 2004-09-28 11:13 526,184 --a------ C:\WINDOWS\system32\XceedCry.dll
2008-05-31 20:46 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\Tabctl32.ocx
2008-05-31 20:46 . 2004-08-11 15:55 110,602 --a------ C:\WINDOWS\system32\xcdsfx32.bin
2008-05-31 20:21 . 2008-05-31 20:21 <DIR> d-------- C:\Program Files\PC Drivers HeadQuarters
2008-05-31 20:21 . 2008-05-31 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-05-31 17:21 . 2008-05-31 17:21 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\DivX
2008-05-31 04:33 . 2008-05-31 04:33 <DIR> d-------- C:\Program Files\SlySoft
2008-05-31 04:33 . 2008-05-31 04:34 24 ---hs---- C:\WINDOWS\SB6BD6FFC.tmp
2008-05-31 02:54 . 2008-05-31 02:55 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\ImgBurn
2008-05-31 02:51 . 2008-05-31 02:51 <DIR> d-------- C:\Program Files\ImgBurn
2008-05-31 01:29 . 2008-05-31 23:38 <DIR> d-------- C:\Program Files\iPrep 101
2008-05-31 00:46 . 2008-05-31 00:46 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Xbins
2008-05-30 22:16 . 2008-05-30 22:20 <DIR> d-------- C:\Program Files\Absolute Sound Recorder
2008-05-30 22:00 . 2007-03-19 04:18 104,064 -ra------ C:\WINDOWS\system32\drivers\viamraid.sys
2008-05-30 03:13 . 2008-05-30 03:13 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\PCToolsSpamMonitorPlus
2008-05-30 03:13 . 2008-05-30 03:13 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\PCToolsFirewallPlus
2008-05-30 03:09 . 2008-06-01 04:10 <DIR> d-------- C:\Program Files\PC Tools Internet Security
2008-05-30 02:41 . 2008-05-30 03:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-05-30 02:26 . 2008-05-30 02:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SRSLabs
2008-05-30 02:19 . 2008-05-30 02:19 <DIR> d-------- C:\Program Files\SRSLabs
2008-05-30 02:19 . 2008-05-30 02:19 <DIR> d-------- C:\Program Files\Common Files\SRS
2008-05-30 00:05 . 2008-05-30 00:49 <DIR> d-------- C:\WINDOWS\CAVTemp
2008-05-29 23:56 . 2008-05-30 01:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-05-29 05:09 . 2008-05-29 05:09 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\F-Secure
2008-05-29 04:59 . 2008-05-29 23:49 <DIR> d-------- C:\Program Files\F-Secure Internet Security
2008-05-29 04:59 . 2008-05-29 23:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-05-29 04:58 . 2008-05-29 04:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-05-29 04:47 . 2008-05-29 04:47 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-05-29 04:35 . 2008-05-29 04:35 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-29 03:50 . 2008-05-29 03:50 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\vlc
2008-05-29 03:42 . 2008-06-01 03:58 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-29 03:42 . 2008-05-29 04:35 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-29 02:07 . 2008-05-30 22:10 348 --a------ C:\WINDOWS\pdf2word.INI
2008-05-29 02:03 . 2008-05-29 02:04 <DIR> d-------- C:\Program Files\VeryPDF PDF2Word v3.0
2008-05-28 19:11 . 2008-05-28 19:11 <DIR> d-------- C:\Program Files\VideoLAN
2008-05-28 18:43 . 2008-05-28 18:51 114 --a------ C:\WINDOWS\IfoEdit.INI
2008-05-28 18:34 . 2008-05-28 18:34 14 --a------ C:\WINDOWS\system32\SysEngineDrive1.sys
2008-05-28 18:32 . 2008-05-28 18:32 <DIR> d-------- C:\Program Files\BlazeVideo
2008-05-28 18:32 . 2005-12-01 14:31 1,645,320 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-05-28 18:32 . 2005-08-16 10:10 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2008-05-28 18:32 . 2005-08-16 10:10 52,224 --a------ C:\WINDOWS\system32\MSDvbNP.ax
2008-05-28 18:32 . 2005-08-16 10:10 30,208 --a------ C:\WINDOWS\system32\psisrndr.ax
2008-05-28 17:55 . 2008-05-28 18:07 <DIR> d-------- C:\Program Files\DVDFab 5
2008-05-28 16:54 . 2008-05-28 16:54 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Pioneer
2008-05-28 16:33 . 2008-05-28 16:33 <DIR> d-------- C:\WINDOWS\system32\ipp20
2008-05-28 16:32 . 2008-05-28 16:32 <DIR> d-------- C:\Program Files\Pioneer
2008-05-28 16:28 . 2008-05-28 16:28 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Media Player Classic
2008-05-28 02:17 . 2008-05-28 02:17 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Intermedia Software
2008-05-28 02:16 . 2008-05-28 02:16 <DIR> d-------- C:\Program Files\Intermedia Software
2008-05-28 02:16 . 2008-05-28 02:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intermedia Software
2008-05-28 02:16 . 2003-04-18 16:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-05-28 01:45 . 2008-05-28 01:45 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Ashampoo
2008-05-28 01:42 . 2008-06-10 20:37 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\foobar2000
2008-05-28 01:29 . 2008-05-28 01:29 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Thunderbird
2008-05-28 01:28 . 2008-06-16 09:24 <DIR> d-------- C:\Program Files\dlDone
2008-05-28 01:28 . 2008-05-28 01:28 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-05-28 01:23 . 2008-05-28 01:23 <DIR> d-------- C:\Program Files\SABnzbd
2008-05-27 22:44 . 2008-05-27 22:44 <DIR> d-------- C:\Program Files\foobar2000
2008-05-27 15:38 . 2008-05-27 15:38 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-05-27 15:31 . 2008-05-27 15:31 <DIR> d-------- C:\Program Files\DVD Shrink
2008-05-27 15:31 . 2008-06-26 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-27 02:45 . 2008-05-27 02:49 <DIR> d-------- C:\Program Files\VSO
2008-05-27 02:45 . 2008-06-18 18:09 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Vso
2008-05-27 02:45 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-05-27 02:45 . 2006-05-20 17:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-05-27 02:45 . 2006-05-11 20:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 12:33 --------- d-----w C:\Program Files\Sportsbook Poker
2008-06-26 01:43 --------- d-----w C:\Program Files\Opera
2008-06-19 00:47 --------- d-----w C:\Program Files\NewsLeecher
2008-06-13 12:25 --------- d-----w C:\Program Files\Avant Browser
2008-06-10 14:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-06-10 14:15 --------- d-----w C:\Documents and Settings\Admin\Application Data\VMware
2008-06-10 14:12 --------- d-----w C:\Program Files\ESET
2008-06-09 14:37 --------- d-----w C:\Program Files\Sportsbook.com Casino
2008-06-05 00:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-04 23:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-03 01:52 --------- d-----w C:\Documents and Settings\Admin\Application Data\Notepad++
2008-06-03 01:46 --------- d-----w C:\Program Files\Siber Systems
2008-06-01 02:42 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-06-01 00:23 --------- d-----w C:\Program Files\InstallShield Installation Information
2008-05-30 04:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 05:44 --------- d-----w C:\Program Files\nLite
2008-05-27 20:08 --------- d-----w C:\Program Files\Dvd-cloner
2008-05-27 05:24 --------- d-----w C:\Documents and Settings\Admin\Application Data\GoodSync
2008-05-27 03:04 155,648 ----a-w C:\WINDOWS\system32\libssl32.dll
2008-05-27 02:40 --------- d-----w C:\Documents and Settings\Admin\Application Data\ExplorerPlus
2008-05-27 02:22 --------- d-----w C:\Documents and Settings\Admin\Application Data\XRayz
2008-05-27 02:21 --------- d-----w C:\Program Files\ClipCache
2008-05-27 01:50 --------- d-----w C:\Documents and Settings\Admin\Application Data\Arcsoft
2008-05-27 01:44 --------- d-----w C:\Program Files\Sprint
2008-05-27 01:44 --------- d-----w C:\Program Files\PalmTether
2008-05-27 01:44 --------- d-----w C:\Program Files\Common Files\Sprint
2008-05-27 01:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sprint
2008-05-27 01:40 --------- d-----w C:\Program Files\Sprint music manager
2008-05-27 00:41 --------- d-----w C:\Program Files\Palm
2008-05-27 00:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\HotSync
2008-05-27 00:26 53,248 ----a-w C:\WINDOWS\system32\palmdevc.dll
2008-05-27 00:26 53,248 ----a-w C:\WINDOWS\PalmDevC.dll
2008-05-27 00:26 16,694 ----a-w C:\WINDOWS\system32\drivers\PalmUSBD.sys
2008-05-27 00:26 --------- d-----w C:\Documents and Settings\Admin\Application Data\HotSync
2008-05-27 00:05 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Acronis
2008-05-26 23:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm
2008-05-26 23:38 --------- d-----w C:\Program Files\Collectorz.com
2008-05-26 23:23 --------- d-----w C:\Documents and Settings\Admin\Application Data\NewsLeecher
2008-05-26 19:12 --------- d-----w C:\Program Files\My Video Downloader
2008-05-26 19:10 --------- d-----w C:\Program Files\ieSpell
2008-05-26 13:34 --------- d-----w C:\Program Files\PowerDataRecovery
2008-05-26 11:23 --------- d-----w C:\Program Files\QuickPar
2008-05-26 10:31 --------- d-----w C:\Program Files\Giganews Accelerator
2008-05-26 10:15 --------- d-----w C:\Documents and Settings\Admin\Application Data\Avant Profiles
2008-05-26 10:10 --------- d-----w C:\Program Files\BlackXP
2008-05-26 10:04 --------- d-----w C:\Program Files\OO Software
2008-05-26 10:03 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\VMware
2008-05-26 10:02 --------- d-----w C:\Program Files\VMware
2008-05-26 10:02 --------- d-----w C:\Program Files\Common Files\VMware
2008-05-26 10:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-05-26 09:59 --------- d-----w C:\Documents and Settings\Admin\Application Data\ESET
2008-05-26 09:58 --------- d-----w C:\Program Files\Ashampoo
2008-05-26 09:57 --------- d-----w C:\Program Files\Symantec
2008-05-26 09:57 --------- d-----w C:\Program Files\Kingdia Software
2008-05-26 09:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-26 09:55 --------- d-----w C:\Program Files\MSBuild
2008-05-26 09:48 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-26 09:47 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-26 09:45 --------- d-----w C:\Program Files\Quick Batch File Compiler
2008-05-26 09:45 --------- d-----w C:\Program Files\Notepad++
2008-05-26 09:45 --------- d-----w C:\Program Files\My Company Name
2008-05-26 09:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\ashampoo
2008-05-26 09:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Acronis
2008-05-26 09:39 441,760 ----a-w C:\WINDOWS\system32\drivers\timntr.sys
2008-05-26 09:39 44,384 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-05-26 09:39 368,544 ----a-w C:\WINDOWS\system32\drivers\tdrpman.sys
2008-05-26 09:39 129,248 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-05-26 09:39 --------- d-----w C:\Program Files\Common Files\Acronis
2008-05-26 09:39 --------- d-----w C:\Program Files\Acronis
2008-05-26 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-26 09:34 --------- d-----w C:\Program Files\Microsoft Works
2008-05-26 09:28 --------- d-----w C:\Program Files\Common Files\Adobe
2002-10-18 07:46 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2002-10-18 07:46 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2002-10-18 07:46 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012002101820021019\index.dat
2002-10-18 07:46 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

------- Sigcheck -------

2007-10-30 13:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\SP2GDR\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\SP2QFE\tcpip.sys
2007-12-28 09:34 360704 90671a9a8f189262be5224c497c2e0c7 C:\WINDOWS\system32\drivers\tcpip.sys

2007-12-28 09:39 2221824 86889d12db125d402d618ed36bf7e166 C:\WINDOWS\system32\ntkrnlpa.exe

2007-12-28 09:34 2345216 31610d15a02ce89554172a03e5268efa C:\WINDOWS\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-26_ 3.36.57.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-28 13:30:17 92,504 ----a-w C:\WINDOWS\LastGood\system32\cdm.dll
+ 2007-12-28 13:31:53 271,224 ----a-w C:\WINDOWS\LastGood\system32\mucltui.dll
+ 2007-12-28 13:31:54 208,248 ----a-w C:\WINDOWS\LastGood\system32\muweb.dll
+ 2007-12-28 13:31:30 549,720 ----a-w C:\WINDOWS\LastGood\system32\wuapi.dll
+ 2007-12-28 13:31:30 53,080 ----a-w C:\WINDOWS\LastGood\system32\wuauclt.exe
+ 2007-12-28 13:31:32 1,710,936 ----a-w C:\WINDOWS\LastGood\system32\wuaueng.dll
+ 2007-12-28 13:31:32 325,976 ----a-w C:\WINDOWS\LastGood\system32\wucltui.dll
+ 2007-12-28 13:31:32 33,624 ----a-w C:\WINDOWS\LastGood\system32\wups.dll
+ 2007-12-28 13:31:58 43,352 ----a-w C:\WINDOWS\LastGood\system32\wups2.dll
+ 2007-12-28 13:31:33 203,096 ----a-w C:\WINDOWS\LastGood\system32\wuweb.dll
- 2007-12-28 13:30:17 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-30 23:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-30 23:19:20 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2007-07-30 23:19:36 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2007-07-30 23:19:16 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2007-07-30 23:19:42 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2007-07-30 23:19:32 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2007-07-30 23:19:28 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
- 2007-12-28 13:31:53 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
+ 2007-07-30 23:19:10 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
- 2007-12-28 13:31:54 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
+ 2007-07-30 23:19:04 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
+ 2007-07-30 23:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
+ 2007-07-30 23:19:12 43,352 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll
- 2007-12-28 13:31:30 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2007-07-30 23:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2007-12-28 13:31:30 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-30 23:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2007-12-28 13:31:32 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-30 23:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2007-12-28 13:31:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2007-07-30 23:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2007-12-28 13:31:33 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-30 23:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-19 18:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 16:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-12-28 09:33 124928 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Giganews Accelerator.lnk - C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe [2007-12-18 08:49:40 757760]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Shortcut to RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe [2002-10-18 03:52:09 495616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^ClipCache Pro.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\Startup\ClipCache Pro.lnk
backup=C:\WINDOWS\pss\ClipCache Pro.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^MEMonitor.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\Startup\MEMonitor.lnk
backup=C:\WINDOWS\pss\MEMonitor.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fantastic Flame Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Fantastic Flame Agent.lnk
backup=C:\WINDOWS\pss\Fantastic Flame Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to RocketDock.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to RocketDock.lnk
backup=C:\WINDOWS\pss\Shortcut to RocketDock.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to sidebar.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to sidebar.lnk
backup=C:\WINDOWS\pss\Shortcut to sidebar.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^vmnet.exe.lnk]
backup=C:\WINDOWS\pss\vmnet.exe.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\vmnet.exe.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2007-10-30 20:07 140568 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
--a------ 2007-10-30 20:11 909208 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
-ra------ 2007-12-04 02:07 61440 C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-12-22 03:23 221568 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-20 18:35 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 15:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 16:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 11:21 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 18:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-07-13 03:34 8466432 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-07-13 03:34 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-07-13 03:34 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooccctrl.exe]
--a------ 2007-01-28 15:08 1911568 C:\Program Files\OO Software\CleverCache\ooccctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 02:08 2512392 C:\WINDOWS\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-03-31 21:54 507904 C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
C:\Program Files\Agnitum\Outpost Security Suite Pro\feedback.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PalmTether]
--a------ 2006-02-09 00:16 143360 C:\Program Files\PalmTether\TetherApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rapget]
--a------ 2008-06-03 21:29 171008 E:\PROGRAMS\rapget141\rapget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
--a------ 2008-05-26 19:49 160592 C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-09-02 16:58 495616 C:\Program Files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
--a------ 2007-10-30 20:06 2595616 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
--a------ 2007-07-05 15:31 9495832 C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
--a------ 2007-10-08 11:26 55856 C:\Program Files\VMware\VMware Workstation\hqtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
--a------ 2007-10-08 11:27 72240 C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 14:49 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"VMAuthdService"=2 (0x2)
"ufad-ws60"=3 (0x3)
"TuneUp.Defrag"=3 (0x3)
"TryAndDecideService"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"ose"=3 (0x3)
"OOCleverCacheAgent"=2 (0x2)
"odserv"=3 (0x3)
"O&O Defrag"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
"VMware NAT Service"=2 (0x2)
"vmount2"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"NVSvc"=2 (0x2)
"NMIndexingService"=3 (0x3)
"MsSecurity1.209.4"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"EhttpSrv"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Avant Browser\\avant.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"E:\\PROGRAMS\\XBO 360 PROGRAMS\\xbins.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-05-26 05:39]
R1 sdpiosys;sdpiosys;C:\WINDOWS\system32\drivers\sdpiosys.sys [2004-11-30 12:10]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 16:00]
R3 palmmdm;Palm Modem;C:\WINDOWS\system32\DRIVERS\palmmdm.sys [2006-01-30 13:42]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 10:02]
S4 TryAndDecideService;Acronis Try And Decide Service;"C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe" [2007-10-30 20:51]
S4 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2002-10-18 03:42]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 20:17:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-26 20:18:31
ComboFix-quarantined-files.txt 2008-06-27 00:18:28
ComboFix2.txt 2008-06-26 07:37:18

Pre-Run: 19,873,009,664 bytes free
Post-Run: 19,880,976,384 bytes free

473




f secure results

Scanning Report
Thursday, June 26, 2008 20:31:22 - 22:37:32
Computer name: PAL
Scanning type: Scan system for malware, rootkits
Target: C:\ E:\


--------------------------------------------------------------------------------

Result: 65 malware found
Adware:W32/Virtumonde.AA (virus)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\DYPWMQIE.DLL (Submitted)
Backdoor.Win32.SdBot.dvp (virus)
C:\DECKARD\SYSTEM SCANNER\20080624181410\BACKUP\DOCUME~1\ADMIN\LOCALS~1\TEMP\GUN2.19.EXE (Renamed & Submitted)
Suspicious_F.gen (virus)
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYS\MYSECRETFOLDER V4.31 KEYGEN.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYS\SOLARWINDS ORION\KEYGEN.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYS\SISOFTWARE.SANDRA.PRO.BUSINESS.XII.2008.1.12.30.MULTILINGUAL.RETAIL.KEYMAKER.ONLY-ZWT\KEYGEN.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYS\SISOFTWARE SANDRA PRO HOME XII 2008.1.12.30\KEYGEN.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYS\SANDBOXIE KEYGEN\SANDBOXIE.V3.02.INCL.KEYMAKER-EMBRACE\KEYGEN.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYS\LANSURVEYOR 10\KEYGEN.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYS\HELIUM.MUSIC.MANAGER_2007.0.0.5630.CRACK-NOPE\HELIUM.MUSIC.MANAGER.2007.0.0.5630-NOPE.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYS\DAMEWARE.NT.UTILITIES.V6.0.1.0.INCL.KEYMAKER-EMBRACE\KEYGEN.EXE (Submitted)
Suspicious_M.gen (virus)
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYS\PATCH\RESOURCE.TUNER.1.9.X-PATCH.EXE (Submitted)
Tracking Cookie (spyware)
System
Trojan-Clicker.Win32.Agent.tg (virus)
C:\DECKARD\SYSTEM SCANNER\20080624181410\BACKUP\DOCUME~1\ADMIN\LOCALS~1\TEMP\MSIEXEC.EXE (Renamed & Submitted)
Trojan-Downloader.Win32.Small.wfv (virus)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\STMP\LUTDTX2.EXE (Renamed & Submitted)
Trojan-Downloader.Win32.Small.wxl (virus)
C:\DECKARD\SYSTEM SCANNER\20080624181410\BACKUP\DOCUME~1\ADMIN\LOCALS~1\TEMP\DOWNLOADER.EXE (Renamed & Submitted)
Trojan-Downloader.Win32.VB.euf (virus)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\H8907435.EXE (Renamed & Submitted)
Trojan-Dropper.Win32.Agent.qzl (virus)
E:\NEWSLEECHER DOWNLOADS\DAEMON TOOLS PRO V4.10.218.0\DTPRO4100218ADVANCED.EXE (Submitted)
Trojan.Win32.Agent.lom (virus)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\6026C\WSDRV3.EXE (Renamed & Submitted)
Trojan.Win32.Agent.reo (virus)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\AHAIJBCT.DLL (Renamed & Submitted)
Trojan.Win32.Agent.rep (virus)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\DGXJEKYH.DLL (Renamed & Submitted)
Trojan.Win32.DNSChanger.ebg (virus)
C:\DECKARD\SYSTEM SCANNER\20080624181410\BACKUP\DOCUME~1\ADMIN\LOCALS~1\TEMP\BTI.EXE (Renamed & Submitted)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\A053\UPDATDLL95.EXE (Renamed & Submitted)
Trojan.Win32.Delf.cwu (virus)
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYS\DDVDFABPLAT3200REG.ICU\ALL.FENGTAO.SOFTWARE.UNIVERSAL.PATCH.1.01-ICU\ALL.FENGTAO.SOFTWARE.UNIVERSAL.PATCH.1.01-ICU.EXE (Submitted)
Trojan.Win32.Monder.gen (virus)
C:\PROGRAM FILES\HIJACKTHIS\BACKUPS\BACKUP-20080625-182003-420.DLL (Renamed & Submitted)
C:\PROGRAM FILES\HIJACKTHIS\BACKUPS\BACKUP-20080625-182015-850.DLL (Renamed & Submitted)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\AGQINOWV.DLL (Renamed & Submitted)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\ALDQBXTM.DLL (Renamed & Submitted)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\DTYSKFAP.DLL (Renamed & Submitted)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\EFCBUUSK.DLL (Renamed & Submitted)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\FANIQORT.DLL (Renamed & Submitted)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\QLJSLUEO.DLL (Renamed & Submitted)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\RFCWEABU.DLL (Renamed & Submitted)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\RKQJVUPR.DLL (Renamed & Submitted)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\SJOJDYKS.DLL (Renamed & Submitted)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\VVJEOHJR.DLL (Renamed & Submitted)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\WMRXORAS.DLL (Renamed & Submitted)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\WUIQXGNW.DLL (Renamed & Submitted)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\XTCDVOCR.DLL (Renamed & Submitted)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\YSPGNKKL.DLL (Renamed & Submitted)
Trojan.Win32.Monder.na (virus)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\YIUMAXSQ.DLL (Renamed & Submitted)
Trojan.Win32.Monder.nb (virus)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\SGKKJIIJ.DLL (Renamed & Submitted)
Trojan.Win32.Monder.oa (virus)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\IWWDTTYH.DLL (Renamed & Submitted)
Trojan.Win32.Monder.qg (virus)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\NAMRNSNP.DLL (Renamed & Submitted)
Trojan.Win32.Monder.qx (virus)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\OWFFXVFL.DLL (Renamed & Submitted)
Trojan.Win32.Monder.rx (virus)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\IFGLMVKK.DLL (Renamed & Submitted)
Trojan.Win32.Monder.uu (virus)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\SXUMMNSJ.DLL (Renamed & Submitted)
Trojan.Win32.Monder.wb (virus)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\UOOUKBNO.DLL (Renamed & Submitted)
Trojan.Win32.Monder.wc (virus)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\OWELVKLE.DLL (Renamed & Submitted)
Trojan.Win32.Monder.xo (virus)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\VVPGCQCS.DLL (Renamed & Submitted)
Trojan.Win32.Monder.yj (virus)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\CBGLNIKF.DLL (Renamed & Submitted)
Trojan.Win32.Monderc.gen (virus)
C:\PROGRAM FILES\HIJACKTHIS\BACKUPS\BACKUP-20080625-182003-829.DLL (Renamed & Submitted)
C:\PROGRAM FILES\HIJACKTHIS\BACKUPS\BACKUP-20080625-182003-999.DLL (Renamed & Submitted)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\ILJFWJCN.DLL (Renamed & Submitted)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\JLSWYXMT.DLL (Renamed & Submitted)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\MLPIGEGD.DLL (Renamed & Submitted)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\SNKBRKGY.DLL (Renamed & Submitted)
Trojan:W32/LowZones.EO (virus)
C:\DECKARD\SYSTEM SCANNER\20080624181410\BACKUP\DOCUME~1\ADMIN\LOCALS~1\TEMP\DITEVJQS.EXE (Submitted)
C:\DECKARD\SYSTEM SCANNER\20080624181410\BACKUP\DOCUME~1\ADMIN\LOCALS~1\TEMP\SDFBKJIQ.EXE (Submitted)
C:\DECKARD\SYSTEM SCANNER\20080624181410\BACKUP\DOCUME~1\ADMIN\LOCALS~1\TEMP\XIFTHWVR.EXE (Submitted)
C:\DECKARD\SYSTEM SCANNER\20080624181410\BACKUP\DOCUME~1\ADMIN\LOCALS~1\TEMP\XJTIFQHL.EXE (Submitted)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\SOKLEIRU.EXE (Submitted)
Vundo.gen179 (virus)
E:\_OTMOVEIT\MOVEDFILES\06242008_175252\WINDOWS\SYSTEM32\MLJYROPQ.DLL (Submitted)
W32/Mimail_based@mm (virus)
E:\PROGRAMS\PALM SOFTWARE\TEALSCRIPT V3.94_PALMOS - KG\TEALSCRIPT V3.94_PALMOS - KG\TEALSCRIPT_KEYGEN.EXE (Submitted)
W32/Suspicious_U.gen (virus)
C:\PROGRAM FILES\DVD-CLONER\PATCH.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYS\DVD CLONER 4.5 PATCH\PATCH.EXE (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 63102
System: 5203
Not scanned: 7
Actions:
Disinfected: 0
Renamed: 43
Deleted: 0
None: 22
Submitted: 64
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Hydra: 2.8.8110, 2008-06-28
F-Secure AVP: 7.0.171, 2008-06-27
F-Secure Pegasus: 1.20.0, 2008-04-14
F-Secure Blacklight: 1.0.68
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:24 AM

Posted 28 June 2008 - 12:14 PM

Use OTMoveit to delete these files.

C:\PROGRAM FILES\DVD-CLONER\PATCH.EXE 
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYS\DVD CLONER 4.5 PATCH\PATCH.EXE
E:\PROGRAMS\PALM SOFTWARE\TEALSCRIPT V3.94_PALMOS - KG\TEALSCRIPT V3.94_PALMOS - KG\TEALSCRIPT_KEYGEN.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYS\DDVDFABPLAT3200REG.ICU
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYS\PATCH\RESOURCE.TUNER.1.9.X-PATCH.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYS\DAMEWARE.NT.UTILITIES.V6.0.1.0.INCL.KEYMAKER-EMBRACE\KEYGEN.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYS\HELIUM.MUSIC.MANAGER_2007.0.0.5630.CRACK-NOPE\HELIUM.MUSIC.MANAGER.2007.0.0.5630-NOPE.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYS\MYSECRETFOLDER V4.31 KEYGEN.EXE 
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYS\SOLARWINDS ORION\KEYGEN.EXE 
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYS\SISOFTWARE.SANDRA.PRO.BUSINESS.XII.2008.1.12.30.MULTILINGUAL.RETAIL.KEYMAKE
R.ONLY-ZWT\KEYGEN.EXE 
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYS\SISOFTWARE SANDRA PRO HOME XII 2008.1.12.30\KEYGEN.EXE 
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYS\SANDBOXIE KEYGEN\SANDBOXIE.V3.02.INCL.KEYMAKER-EMBRACE\KEYGEN.EXE 
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\KEYS\LANSURVEYOR 10\KEYGEN.EXE


Please post a new log from DSS.
How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 JTIMMY712

JTIMMY712
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 29 June 2008 - 08:51 PM

running much better i have not seen anymore pop ups thanks to you so i should delete all of the keygens thats not a problem since they are all in one folder?

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:24 AM

Posted 30 June 2008 - 09:07 AM

That would be a good idea since they could still be infected and just not detected yet. Better safe than sorry. :thumbsup:

Please post a new log from DSS so I can give one more review then I'll post some final steps for you.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 JTIMMY712

JTIMMY712
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 01 July 2008 - 11:12 PM

new dss log

Deckard's System Scanner v20071014.68
Run by Admin on 2008-07-01 00:09:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 9.77 GiB (less than 15%) free.


-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:51 AM, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Sportsbook Poker\sbkpoker.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\wuauclt.exe
E:\NEWSLEECHER DOWNLOADS\dss.exe
C:\PROGRA~1\HIJACK~1\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Giganews Accelerator.lnk = C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
O4 - Global Startup: Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
O4 - Global Startup: Shortcut to sidebar.lnk = C:\Program Files\Windows Sidebar\sidebar.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download with Rapget - E:\PROGRAMS\rapget141\rapget.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: RoboForm TaskBar Icon - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra 'Tools' menuitem: RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u...ows-i586-jc.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

--
End of file - 9796 bytes

-- Files created between 2008-06-01 and 2008-07-01 -----------------------------

2008-06-27 05:39:57 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-06-27 03:03:53 0 d-------- C:\Program Files\MSXML 4.0
2008-06-27 03:01:29 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-26 20:27:36 0 d-------- C:\fsaua.data
2008-06-26 20:17:41 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-06-26 03:42:14 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-26 03:34:08 0 d-------- C:\WINDOWS\system32\xircom
2008-06-26 03:34:08 0 d-------- C:\Program Files\msn gaming zone
2008-06-26 03:34:07 0 d-------- C:\Program Files\microsoft frontpage
2008-06-26 03:30:00 68096 --a------ C:\WINDOWS\zip.exe
2008-06-26 03:30:00 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-26 03:30:00 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-26 03:30:00 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-26 03:30:00 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-26 03:30:00 98816 --a------ C:\WINDOWS\sed.exe
2008-06-26 03:30:00 80412 --a------ C:\WINDOWS\grep.exe
2008-06-26 03:30:00 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-25 18:23:37 0 d-------- C:\Documents and Settings\Admin\Application Data\Malwarebytes
2008-06-25 18:23:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-25 18:23:29 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-24 21:52:49 0 d-------- C:\SERIAL_KILLER_1
2008-06-22 18:55:44 0 d-------- C:\Program Files\PAR Buddy
2008-06-20 05:19:59 0 d-------- C:\Program Files\MediaMonkey
2008-06-18 18:09:00 0 d-------- C:\Program Files\LG Software Innovations
2008-06-12 13:10:17 0 d-------- C:\WINDOWS\Easy CD-DA Extractor 11.1
2008-06-12 13:10:17 0 d-------- C:\Program Files\Easy CD-DA Extractor 11
2008-06-11 07:10:29 0 d-------- C:\Program Files\FlashGet
2008-06-09 06:27:28 0 d-------- C:\Program Files\FDRLab
2008-06-04 19:25:39 691545 --a------ C:\WINDOWS\unins000.exe
2008-06-04 19:25:38 2538 --a------ C:\WINDOWS\unins000.dat
2008-06-04 17:10:59 34 --ah----- C:\WINDOWS\system32\OkokerIESecurityPopUpBlocker_sysquicts.dat
2008-06-04 00:58:39 66 --a------ C:\WINDOWS\äCĂ
2008-06-04 00:29:42 0 d-------- C:\Program Files\Common Files\NSV
2008-06-03 22:47:49 0 d-------- C:\Temp
2008-06-03 22:46:17 0 d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2008-06-03 22:40:07 0 d-------- C:\Program Files\Winamp Toolbar
2008-06-03 22:40:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-06-03 22:39:41 0 d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-06-03 22:39:32 0 d-------- C:\Program Files\Winamp Remote
2008-06-03 22:36:03 0 d-------- C:\Program Files\Winamp
2008-06-03 22:36:03 0 d-------- C:\Documents and Settings\Admin\Application Data\Winamp
2008-06-03 03:04:19 0 d-------- C:\Program Files\Magic Image Resizer
2008-06-02 20:56:28 0 d-------- C:\Program Files\Chapura
2008-06-02 04:10:15 0 d-------- C:\Documents and Settings\Admin\Application Data\dvdcss
2008-06-02 00:20:41 0 d-------- C:\Documents and Settings\Admin\Application Data\LimeWire
2008-06-02 00:20:20 0 d-------- C:\WINDOWS\Sun
2008-06-02 00:20:20 0 d-------- C:\Documents and Settings\Admin\Application Data\Sun
2008-06-02 00:19:09 0 d-------- C:\Program Files\Java
2008-06-02 00:15:55 0 d-------- C:\Program Files\Common Files\Java
2008-06-02 00:01:38 0 d-------- C:\Documents and Settings\Admin\Application Data\kantaris
2008-06-02 00:00:53 0 d-------- C:\Program Files\Haali
2008-06-01 23:57:58 0 d-------- C:\Program Files\QO Developments
2008-06-01 23:55:02 0 d-------- C:\Program Files\LimeWire
2008-06-01 23:53:33 0 d-------- C:\Program Files\Kantaris
2008-06-01 22:53:10 0 d-------- C:\Program Files\Fantastic Flame Screensaver
2008-06-01 22:53:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Laconic Software
2008-06-01 08:04:02 0 d-------- C:\Documents and Settings\Admin\Application Data\ieSpell
2008-06-01 05:57:27 0 d-------- C:\Program Files\DVDInfoPro
2008-06-01 03:52:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\PCToolsSpamMonitorPlus
2008-06-01 03:52:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\PCToolsFirewallPlus


-- Find3M Report ---------------------------------------------------------------

2008-06-29 02:32:29 0 d-------- C:\Program Files\Sportsbook Poker
2008-06-29 00:37:33 0 d-------- C:\Program Files\dlDone
2008-06-27 11:13:49 0 d-------- C:\Documents and Settings\Admin\Application Data\Vso
2008-06-27 11:13:47 668 --a------ C:\Documents and Settings\Admin\Application Data\vso_ts_preview.xml
2008-06-27 03:17:28 0 d-------- C:\Program Files\Avant Browser
2008-06-25 21:43:09 0 d-------- C:\Program Files\Opera
2008-06-25 11:48:50 0 d-------- C:\Documents and Settings\Admin\Application Data\Real
2008-06-18 20:47:30 0 d-------- C:\Program Files\NewsLeecher
2008-06-17 14:29:20 0 d-------- C:\Documents and Settings\Admin\Application Data\Mozilla
2008-06-10 20:37:55 0 d-------- C:\Documents and Settings\Admin\Application Data\foobar2000
2008-06-10 10:15:35 0 d-------- C:\Documents and Settings\Admin\Application Data\VMware
2008-06-09 10:37:02 0 d-------- C:\Program Files\Sportsbook.com Casino
2008-06-05 19:28:33 0 d-------- C:\Program Files\Online Services
2008-06-04 01:46:25 0 d-------- C:\Documents and Settings\Admin\Application Data\Adobe
2008-06-04 00:29:42 0 d-------- C:\Program Files\Common Files
2008-06-02 21:52:05 0 d-------- C:\Documents and Settings\Admin\Application Data\Notepad++
2008-06-02 21:46:21 0 d-------- C:\Program Files\Siber Systems
2008-06-01 04:10:53 0 d-------- C:\Program Files\PC Tools Internet Security
2008-05-31 23:38:06 0 d-------- C:\Program Files\iPrep 101
2008-05-31 20:53:42 0 d-------- C:\Program Files\VIA
2008-05-31 20:46:10 0 d-------- C:\Program Files\Driver Magician
2008-05-31 20:23:08 0 d-------- C:\Program Files\InstallShield Installation Information
2008-05-31 20:21:09 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-05-31 17:21:01 0 d-------- C:\Documents and Settings\Admin\Application Data\DivX
2008-05-31 04:33:32 0 d-------- C:\Program Files\SlySoft
2008-05-31 02:55:04 0 d-------- C:\Documents and Settings\Admin\Application Data\ImgBurn
2008-05-31 02:51:34 0 d-------- C:\Program Files\ImgBurn
2008-05-31 00:46:12 0 d-------- C:\Documents and Settings\Admin\Application Data\Xbins
2008-05-30 22:20:06 0 d-------- C:\Program Files\Absolute Sound Recorder
2008-05-30 03:13:05 0 d-------- C:\Documents and Settings\Admin\Application Data\PCToolsFirewallPlus
2008-05-30 03:13:04 0 d-------- C:\Documents and Settings\Admin\Application Data\PCToolsSpamMonitorPlus
2008-05-30 02:19:11 0 d-------- C:\Program Files\SRSLabs
2008-05-30 02:19:11 0 d-------- C:\Program Files\Common Files\SRS
2008-05-30 00:53:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-29 23:49:03 0 d-------- C:\Program Files\F-Secure Internet Security
2008-05-29 05:09:53 0 d-------- C:\Documents and Settings\Admin\Application Data\F-Secure
2008-05-29 04:47:40 0 d-------- C:\Program Files\Alcohol Soft
2008-05-29 03:50:00 0 d-------- C:\Documents and Settings\Admin\Application Data\vlc
2008-05-29 02:04:18 0 d-------- C:\Program Files\VeryPDF PDF2Word v3.0
2008-05-28 19:11:13 0 d-------- C:\Program Files\VideoLAN
2008-05-28 18:34:03 14 --a------ C:\WINDOWS\system32\SysEngineDrive1.sys
2008-05-28 18:32:34 0 d-------- C:\Program Files\BlazeVideo
2008-05-28 18:07:57 0 d-------- C:\Program Files\DVDFab 5
2008-05-28 16:54:03 0 d-------- C:\Documents and Settings\Admin\Application Data\Pioneer
2008-05-28 16:32:48 0 d-------- C:\Program Files\Pioneer
2008-05-28 16:28:25 0 d-------- C:\Documents and Settings\Admin\Application Data\Media Player Classic
2008-05-28 02:17:31 0 d-------- C:\Documents and Settings\Admin\Application Data\Intermedia Software
2008-05-28 02:16:49 0 d-------- C:\Program Files\Intermedia Software
2008-05-28 01:45:40 0 d-------- C:\Documents and Settings\Admin\Application Data\Ashampoo
2008-05-28 01:44:56 0 d-------- C:\Program Files\nLite
2008-05-28 01:29:06 0 d-------- C:\Documents and Settings\Admin\Application Data\Thunderbird
2008-05-28 01:28:18 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-05-28 01:23:59 0 d-------- C:\Program Files\SABnzbd
2008-05-27 22:44:33 0 d-------- C:\Program Files\foobar2000
2008-05-27 16:08:30 0 d-------- C:\Program Files\Dvd-cloner
2008-05-27 15:38:37 0 d-------- C:\Program Files\DVD Decrypter
2008-05-27 15:31:21 0 d-------- C:\Program Files\DVD Shrink
2008-05-27 02:49:56 0 d-------- C:\Program Files\VSO
2008-05-27 02:45:32 34 --a------ C:\Documents and Settings\Admin\Application Data\pcouffin.log
2008-05-27 02:45:23 47360 --a------ C:\Documents and Settings\Admin\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-05-27 02:45:23 1144 --a------ C:\Documents and Settings\Admin\Application Data\pcouffin.inf
2008-05-27 02:45:23 7887 --a------ C:\Documents and Settings\Admin\Application Data\pcouffin.cat
2008-05-27 02:27:19 0 d-------- C:\Documents and Settings\Admin\Application Data\Uniblue
2008-05-27 01:24:03 0 d-------- C:\Documents and Settings\Admin\Application Data\GoodSync
2008-05-26 23:31:08 0 d-------- C:\Documents and Settings\Admin\Application Data\Opera
2008-05-26 23:04:06 155648 --a------ C:\WINDOWS\system32\libssl32.dll
2008-05-26 22:40:11 0 d-------- C:\Documents and Settings\Admin\Application Data\ExplorerPlus
2008-05-26 22:22:38 0 d-------- C:\Documents and Settings\Admin\Application Data\XRayz
2008-05-26 22:21:13 0 d-------- C:\Program Files\ClipCache
2008-05-26 21:50:21 0 d-------- C:\Documents and Settings\Admin\Application Data\Arcsoft
2008-05-26 21:44:38 0 d-------- C:\Program Files\PalmTether
2008-05-26 21:44:35 0 d-------- C:\Program Files\Sprint
2008-05-26 21:44:35 0 d-------- C:\Program Files\Common Files\Sprint
2008-05-26 21:40:34 0 d-------- C:\Program Files\Sprint music manager
2008-05-26 20:41:30 0 d-------- C:\Program Files\Palm
2008-05-26 20:26:43 0 d-------- C:\Documents and Settings\Admin\Application Data\HotSync
2008-05-26 19:38:32 0 d-------- C:\Program Files\Collectorz.com
2008-05-26 19:38:01 0 d-------- C:\Documents and Settings\Admin\Application Data\WinRAR
2008-05-26 19:23:28 0 d-------- C:\Documents and Settings\Admin\Application Data\NewsLeecher
2008-05-26 15:12:24 0 d-------- C:\Program Files\My Video Downloader
2008-05-26 15:10:15 0 d-------- C:\Program Files\ieSpell
2008-05-26 09:34:26 0 d-------- C:\Program Files\PowerDataRecovery
2008-05-26 07:23:20 0 d-------- C:\Program Files\QuickPar
2008-05-26 06:31:29 0 d-------- C:\Program Files\Giganews Accelerator
2008-05-26 06:15:25 0 d-------- C:\Documents and Settings\Admin\Application Data\Avant Profiles
2008-05-26 06:10:36 0 d-------- C:\Program Files\BlackXP
2008-05-26 06:08:40 0 d-------- C:\Documents and Settings\Admin\Application Data\Macromedia
2008-05-26 06:04:07 0 d-------- C:\Program Files\OO Software
2008-05-26 06:02:01 0 d-------- C:\Program Files\VMware
2008-05-26 06:02:01 0 d-------- C:\Program Files\Common Files\VMware
2008-05-26 05:59:52 0 d-------- C:\Documents and Settings\Admin\Application Data\ESET
2008-05-26 05:58:18 0 d-------- C:\Program Files\Ashampoo
2008-05-26 05:57:47 0 d-------- C:\Program Files\Symantec
2008-05-26 05:57:38 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-26 05:57:30 0 d-------- C:\Program Files\Kingdia Software
2008-05-26 05:55:20 0 d-------- C:\Program Files\MSBuild
2008-05-26 05:48:17 0 d-------- C:\Program Files\Reference Assemblies
2008-05-26 05:47:42 0 d-------- C:\Program Files\MSXML 6.0
2008-05-26 05:45:53 0 d-------- C:\Program Files\My Company Name
2008-05-26 05:45:34 0 d-------- C:\Program Files\Quick Batch File Compiler
2008-05-26 05:45:20 0 d-------- C:\Program Files\Notepad++
2008-05-26 05:39:44 0 d-------- C:\Program Files\Common Files\Acronis
2008-05-26 05:39:35 0 d-------- C:\Program Files\Acronis
2008-05-26 05:34:28 0 d-------- C:\Program Files\Microsoft Works
2008-05-26 05:28:03 0 d-------- C:\Program Files\Common Files\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [12/21/2007 08:21 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 04:00 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Giganews Accelerator.lnk - C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe [12/18/2007 8:49:40 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Shortcut to RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe [10/18/2002 3:52:09 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^ClipCache Pro.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\Startup\ClipCache Pro.lnk
backup=C:\WINDOWS\pss\ClipCache Pro.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^MEMonitor.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\Startup\MEMonitor.lnk
backup=C:\WINDOWS\pss\MEMonitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fantastic Flame Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Fantastic Flame Agent.lnk
backup=C:\WINDOWS\pss\Fantastic Flame Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to RocketDock.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to RocketDock.lnk
backup=C:\WINDOWS\pss\Shortcut to RocketDock.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to sidebar.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to sidebar.lnk
backup=C:\WINDOWS\pss\Shortcut to sidebar.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^vmnet.exe.lnk]
backup=C:\WINDOWS\pss\vmnet.exe.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\vmnet.exe.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
"C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
"C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
"C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
"C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooccctrl.exe]
C:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
"C:\Program Files\Agnitum\Outpost Security Suite Pro\feedback.exe" /dump:os_startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PalmTether]
"C:\Program Files\PalmTether\TetherApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rapget]
E:\PROGRAMS\rapget141\rapget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
"C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
"C:\Program Files\RocketDock\RocketDock.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
"C:\Program Files\VMware\VMware Workstation\hqtray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
"C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"VMAuthdService"=2 (0x2)
"ufad-ws60"=3 (0x3)
"TuneUp.Defrag"=3 (0x3)
"TryAndDecideService"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"ose"=3 (0x3)
"OOCleverCacheAgent"=2 (0x2)
"odserv"=3 (0x3)
"O&O Defrag"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
"VMware NAT Service"=2 (0x2)
"vmount2"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"NVSvc"=2 (0x2)
"NMIndexingService"=3 (0x3)
"MsSecurity1.209.4"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"EhttpSrv"=3 (0x3)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-07-01 00:10:32 ------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users