Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PCHealthCenter Infected...please HELP!


  • This topic is locked This topic is locked
22 replies to this topic

#1 spart

spart

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 10 October 2008 - 08:18 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16:10, on 10/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec

Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
D:\Program Files\ODS Connector\ODSConnector.exe
D:\Program Files\NoAds\NoAds.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
C:\Documents and Settings\Spartacus\Application

Data\Adobe\Player.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common

Files\InterVideo\DeviceService\DevSvc.exe
d:\Program Files\copSSH\bin\cygrunsrv.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
d:\Program Files\copSSH\bin\sshd.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\Nero 8\Nero BackItUp\NBService.exe
D:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Cyberlink\Shared

files\RichVideo.exe
d:\Program Files\Alcohol Soft\Alcohol

120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\PCHealthCenter\1.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Trend

Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page = www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection

Wizard,ShellNext =

http://go.microsoft.com/fwlink/?LinkId=74005
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Inter

net Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQ Toolbar -

{855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program

Files\ICQToolbar\toolbaru.dll
F2 - REG:system.ini:

UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program

Files\Common Files\Microsoft Shared\sysctc.exe,
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O3 - Toolbar: ICQ Toolbar -

{855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program

Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Adobe PDF -

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [vptray]

D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common

Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program

Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [VideoRun] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [ODS Connector] "D:\Program

Files\ODS Connector\ODSConnector.exe"
O4 - HKCU\..\Run: [NoAds] "D:\Program

Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [Run] "C:\Documents and

Settings\Spartacus\Application

Data\Adobe\Manager.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program

Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [] C:\Documents and

Settings\Spartacus\Application Data\Adobe\Player.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2281] command

/c del "C:\Program Files\PCHealthCenter\1.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4429] command

/c del "C:\Program Files\PCHealthCenter\2.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5311] command

/c del "C:\Program Files\PCHealthCenter\2.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingB465] command

/c del "C:\Program Files\PCHealthCenter\3.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4523] cmd /c

del "C:\Program Files\PCHealthCenter\3.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4577] cmd /c

del "C:\Program Files\PCHealthCenter\1.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9408] cmd /c

del "C:\Program Files\PCHealthCenter\2.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6779] cmd /c

del "C:\Program Files\PCHealthCenter\2.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9564] cmd /c

del "C:\Program Files\PCHealthCenter\1.gif"
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C

rundll32 advpack.dll,LaunchINFSection nLite.inf,C

(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C

rundll32 advpack.dll,LaunchINFSection nLite.inf,C

(User 'NETWORK SERVICE')
O4 -

HKUS\S-1-5-21-515967899-1682526488-725345543-1031\..

\RunOnce: [nltide3] cmd.exe /C rundll32

advpack.dll,LaunchINFSection nLite.inf,C (User

'SvcCOPSSH')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C

rundll32 advpack.dll,LaunchINFSection nLite.inf,C

(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C

rundll32 advpack.dll,LaunchINFSection nLite.inf,C

(User 'Default user')
O4 - Startup: Rapid Antivirus.lnk = C:\Program

Files\Rapid Antivirus\Rapid Antivirus.exe
O8 - Extra context menu item: &ICQ Toolbar Search -

res://D:\Program

Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Append to existing PDF

- res://D:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to

Adobe PDF - res://D:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to

existing PDF - res://D:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links

to Adobe PDF - res://D:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLink

s.html
O8 - Extra context menu item: Convert selected links

to existing PDF - res://D:\Program

Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks

.html
O8 - Extra context menu item: Convert selection to

Adobe PDF - res://D:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to

existing PDF - res://D:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -

res://D:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft

Excel -

res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} -

D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} -

D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) -

{5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - d:\Program

Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... -

{5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - d:\Program

Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite -

{B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Program

Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite -

{B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Program

Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}

(Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/SharedContent/com

mon/bin/cabsa.cab
O18 - Protocol: grooveLocalGWS -

{88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program

Files\Microsoft

Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: jzllmi.dll irgisr.dll
O21 - SSODL: lfstbwvd -

{F9B0BF3F-EF93-47F9-86E3-B2079434F7E5} -

C:\WINDOWS\lfstbwvd.dll
O23 - Service: Lavasoft Ad-Aware Service

(aawservice) - Lavasoft - D:\Program

Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. -

C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler -

Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec pcAnywhere Host Service

(awhost32) - Symantec Corporation - D:\Program

Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Inc. -

C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo

Inc. - C:\Program Files\Common

Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) -

Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr)

- Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Openssh SSHD (copSSHD) - Unknown

owner - d:\Program Files\copSSH\bin\cygrunsrv.exe
O23 - Service: Symantec AntiVirus Definition Watcher

(DefWatch) - Symantec Corporation - D:\Program

Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FCI (fci) - Unknown owner -

C:\WINDOWS\system32\svchost.exe:ext.exe (file

missing)
O23 - Service: FLEXnet Licensing Service -

Macrovision Europe Ltd. - C:\Program Files\Common

Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager

(IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\1150\Intel

32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega

Corporation -

C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. -

C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc

Labeling Service (LightScribeService) -

Hewlett-Packard Company - C:\Program Files\Common

Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation -

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG -

D:\Program Files\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG -

C:\Program Files\Common

Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation -

D:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc)

- NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service -

Prolific Technology Inc. -

C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP -

C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS)

(RichVideo) - Unknown owner - C:\Program

Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec -

D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service

(SNDSrvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) -

Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind AE Service

(StarWindServiceAE) - Rocket Division Software -

d:\Program Files\Alcohol Soft\Alcohol

120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development,

Inc. - C:\Program Files\Common Files\SureThing

Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec

Corporation - D:\Program Files\Symantec

AntiVirus\Rtvscan.exe
O23 - Service: Ulead Burning Helper

(UleadBurningHelper) - Ulead Systems, Inc. -

C:\Program Files\Common Files\Ulead

Systems\DVD\ULCDRSvr.exe
O23 - Service: Iomega Active Disk

(_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation

- C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 13959 bytes


Can someone help???
Thanks

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:24 PM

Posted 15 October 2008 - 05:31 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run OTViewIt
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

**Please make sure that in the Notepad windows that contain the logs, you select Format and make sure that Word Wrap is unchecked. Post the logs directly into your reply. Thanks.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#3 spart

spart
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 15 October 2008 - 07:43 PM

Here is what I did:

I have tried to remove this using Spybot, and Adaware but it keeps coming back. Another site recommended some other programs to
help remove this and it didn't work.

I have used SDFix, Smitfraud Removal, Smitfraud Fix, Rogue Remover, and CCleaner (all in safemode). It did clear it out but when I
booted back to normal mode it started up again. I even used Spybot to disable these infections on startup in the registry.
Eventually it took away my task manager and it disabled my Windows Updates
and I can't fix it. I rebooted back to safe mode and ran this stuff again and I was able to clear it out and could access my task manager
again. For now I turned off my computer.

Here is my OTviewit:

OTViewIt logfile created on: 10/15/2008 8:23:20 PM - Run
OTViewIt by OldTimer - Version 1.0.14.0 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4990 4990;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.24 Gb Total Space | 14.34 Gb Free Space | 43.14% Space Free | Partition Type: NTFS
Drive D: | 153.07 Gb Total Space | 84.50 Gb Free Space | 55.20% Space Free | Partition Type: NTFS
Drive E: | 189.91 Gb Total Space | 140.49 Gb Free Space | 73.98% Space Free | Partition Type: NTFS
Drive F: | 37.27 Gb Total Space | 19.63 Gb Free Space | 52.67% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADAM
Current User Name: Spartacus
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/05/29 16:33:36 | 00,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
[2007/05/29 16:33:26 | 00,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
[2007/07/26 19:25:20 | 01,181,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
[2008/09/08 21:50:40 | 00,611,664 | ---- | M] (Lavasoft) -- D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2007/10/07 20:48:40 | 00,125,368 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec AntiVirus\VPTray.exe
[2007/05/29 16:33:22 | 00,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[2008/04/14 05:42:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2006/04/07 15:02:24 | 01,343,488 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
[2003/02/07 01:40:00 | 00,316,416 | ---- | M] () -- D:\Program Files\ODS Connector\ODSConnector.exe
[2007/04/28 06:56:04 | 00,126,976 | ---- | M] (South Bay Software) -- D:\Program Files\NoAds\NoAds.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2007/10/07 20:48:26 | 00,024,504 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec AntiVirus\DoScan.exe
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/09/12 19:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/08/11 11:15:36 | 00,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
[2008/03/31 20:43:12 | 00,068,096 | ---- | M] () -- d:\Program Files\copSSH\bin\cygrunsrv.exe
[2007/10/07 20:48:24 | 00,031,160 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec AntiVirus\DefWatch.exe
[2008/04/06 08:25:02 | 00,301,568 | ---- | M] () -- d:\Program Files\copSSH\bin\sshd.exe
[2002/01/14 07:49:38 | 00,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe
[2006/10/19 13:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2008/02/18 16:29:12 | 00,877,864 | ---- | M] (Nero AG) -- D:\Program Files\Nero 8\Nero BackItUp\NBService.exe
[2008/01/10 05:43:00 | 03,372,384 | ---- | M] (Symantec Corporation) -- D:\Program Files\Norton Ghost\Agent\VProSvc.exe
[2008/09/17 23:55:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2006/12/19 09:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe
[2007/05/14 11:54:36 | 00,272,024 | ---- | M] () -- C:\Program Files\Cyberlink\Shared files\RichVideo.exe
[2007/05/28 12:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
[2007/10/07 20:48:32 | 01,822,648 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec AntiVirus\Rtvscan.exe
[2002/01/24 16:10:40 | 00,126,976 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\AutoDisk\ADService.exe
[2008/09/27 11:20:48 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/04/14 05:42:42 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008/04/14 05:42:16 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
[2008/04/14 05:42:16 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
[2008/04/14 05:42:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/10/07 20:48:26 | 00,423,352 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec AntiVirus\DWHWizrd.exe
[2008/10/15 20:21:34 | 00,420,864 | ---- | M] (OldTimer Tools) -- E:\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/08 21:50:40 | 00,611,664 | ---- | M] (Lavasoft) -- D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/09/12 19:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2007/05/11 12:10:00 | 00,132,728 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32 [On_Demand | Stopped])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2006/08/11 11:15:36 | 00,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service [Auto | Running])
[2007/05/29 16:33:26 | 00,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
[2007/05/29 16:33:36 | 00,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
[2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/03/31 20:43:12 | 00,068,096 | ---- | M] () -- d:\Program Files\copSSH\bin\cygrunsrv.exe -- (copSSHD [Auto | Running])
[2007/10/07 20:48:24 | 00,031,160 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
[2007/04/28 08:23:54 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2007/10/09 13:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/10/11 10:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
File not found -- -- (Iomega Activity Disk2 [Disabled | Stopped])
[2002/01/14 07:49:38 | 00,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services [Auto | Running])
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2006/10/19 13:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2007/09/12 19:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
[2007/08/24 07:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
[2008/02/18 16:29:12 | 00,877,864 | ---- | M] (Nero AG) -- D:\Program Files\Nero 8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
[2007/10/11 10:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/02/28 17:07:48 | 00,529,704 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
[2008/01/10 05:43:00 | 03,372,384 | ---- | M] (Symantec Corporation) -- D:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost [Auto | Running])
[2008/09/17 23:55:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/12/19 09:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service [Auto | Running])
[2004/03/18 16:55:48 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
[2007/05/14 11:54:36 | 00,272,024 | ---- | M] () -- C:\Program Files\Cyberlink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])
[2007/10/07 20:48:36 | 00,116,664 | ---- | M] (symantec) -- D:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
[2007/08/27 17:14:00 | 00,214,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
[2007/07/26 19:25:20 | 01,181,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Running])
[2007/05/28 12:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])
[2007/02/06 21:08:12 | 00,074,656 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
[2007/10/07 20:48:32 | 01,822,648 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
[2007/01/18 19:04:04 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [On_Demand | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2002/01/24 16:10:40 | 00,126,976 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\AutoDisk\ADService.exe -- (_IOMEGA_ACTIVE_DISK_SERVICE_ [Auto | Running])

========== Driver Services ==========

[2008/04/14 00:16:22 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883 [On_Demand | Stopped])
[2004/04/30 10:37:02 | 00,160,640 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus [Boot | Running])
[2006/03/31 02:38:48 | 03,960,896 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM [On_Demand | Running])
[2005/03/09 15:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2008/07/22 05:35:19 | 00,099,648 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])
[2008/04/14 00:10:32 | 00,096,512 | ---- | M] () -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi [Boot | Running])
[2008/04/14 00:16:22 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc [On_Demand | Stopped])
[2007/03/30 20:46:50 | 00,013,368 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\awechomd.sys -- (awecho [System | Running])
[2007/03/30 20:48:02 | 00,018,232 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\AW_HOST5.sys -- (AW_HOST [System | Running])
[2008/09/03 04:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2006/12/26 08:54:35 | 00,034,760 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL [On_Demand | Running])
[2008/07/21 08:11:58 | 00,024,392 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO [System | Running])
[2007/02/15 20:56:49 | 00,011,984 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay [On_Demand | Running])
[2008/09/03 04:00:00 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2007/09/10 18:04:27 | 00,094,208 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\ezplay.sys -- (ezplay [On_Demand | Running])
[2008/04/14 00:15:34 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gckernel.sys -- (GcKernel [On_Demand | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2007/03/30 20:44:22 | 00,020,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\GERNUWA.sys -- (Gernuwa [Boot | Running])
[2001/08/17 14:02:50 | 00,002,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd [On_Demand | Running])
[2005/10/22 07:28:52 | 00,049,920 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Running])
[2005/10/22 07:28:58 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
[2005/10/22 07:22:48 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Running])
[2001/12/03 16:01:08 | 00,105,808 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ICAM5D2.sys -- (ICAM5USB [On_Demand | Stopped])
[2002/01/14 07:49:38 | 00,033,602 | ---- | M] (Iomega Corporation) -- C:\WINDOWS\system32\drivers\IomDisk.sys -- (iomdisk [Boot | Running])
[2008/04/14 00:09:50 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/06/24 13:45:18 | 00,113,896 | ---- | M] (QFX Software Corporation) -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler [On_Demand | Running])
[2008/04/14 00:16:10 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV [On_Demand | Stopped])
[2008/08/21 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081010.004\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/08/21 04:00:00 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081010.004\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2008/09/17 23:55:00 | 06,132,576 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2005/08/18 16:52:06 | 00,093,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2005/09/30 00:52:20 | 00,034,048 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2005/09/30 00:52:22 | 00,013,056 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2007/09/10 18:04:23 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
[2008/04/14 00:11:02 | 00,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ppa3.sys -- (ppa3 [Boot | Running])
[2004/05/05 21:48:40 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv [System | Running])
[2001/08/23 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/27 03:55:31 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2006/09/06 14:41:20 | 00,337,592 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT [System | Running])
[2006/09/06 14:41:20 | 00,054,968 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [System | Running])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2007/07/26 19:25:18 | 00,400,216 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
[2008/03/17 20:45:05 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2008/05/02 16:08:24 | 00,110,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2007/08/27 17:13:32 | 00,023,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2008/01/10 05:30:22 | 00,133,216 | ---- | M] (StorageCraft) -- C:\WINDOWS\system32\drivers\symsnap.sys -- (symsnap [Boot | Running])
[2007/08/27 17:13:36 | 00,189,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2004/12/23 17:27:56 | 00,027,392 | ---- | M] (Ulead Systems, Inc.) -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp [On_Demand | Running])
[2004/07/07 02:33:02 | 00,292,896 | ---- | M] (Ulead Systems, Inc.) -- C:\WINDOWS\system32\drivers\USIUDF.sys -- (USIUDF [System | Running])
[2007/03/28 20:29:10 | 00,037,864 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount [Auto | Running])
[2005/04/25 10:43:58 | 00,159,616 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\Vax347b.sys -- (Vax347b [Boot | Running])
[2004/04/30 09:33:00 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\Vax347s.sys -- (Vax347s [Boot | Running])
[2007/07/31 17:22:16 | 00,014,072 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor [On_Demand | Stopped])
[2007/03/28 20:49:42 | 00,128,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr [On_Demand | Stopped])
[2007/06/04 13:17:08 | 00,513,152 | ---- | M] (Windows ® 2000/XP) -- C:\WINDOWS\system32\drivers\WmaCDriverV32.sys -- (WmaCDriverV32 [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Prev Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Search Page"=http://google.icq.com
"Start Page"=http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}" (HKLM) -- D:\Program Files\ICQToolbar\toolbaru.dll (ICQ Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes

[HKEY_USERS\S-1-5-21-515967899-1682526488-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Prev Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Search Page"=http://google.icq.com
"Start Page"=http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2

[HKEY_USERS\S-1-5-21-515967899-1682526488-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}" (HKLM) -- D:\Program Files\ICQToolbar\toolbaru.dll (ICQ Inc.)

[HKEY_USERS\S-1-5-21-515967899-1682526488-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-515967899-1682526488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\S-1-5-21-515967899-1682526488-725345543-1031\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes

[HKEY_USERS\s-1-5-21-515967899-1682526488-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.yahoo.com/

[HKEY_USERS\s-1-5-21-515967899-1682526488-725345543-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\s-1-5-21-515967899-1682526488-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (1111 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.255.255.255 serial.alcohol-soft.com
127.0.0.1 www.newsleecher.com
127.0.0.1 newsleecher.com
127.0.0.1 secure.newsleecher.com
127.0.0.1 www.newsleecher.com
127.0.0.1 newsleecher.com
127.0.0.1 secure.newsleecher.com
127.0.0.1 www.newsleecher.com
127.0.0.1 newsleecher.com
127.0.0.1 secure.newsleecher.com

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06D13323-C333-4BE2-92E8-A7BED684407B} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{68826002-D5C9-466B-A75B-EA4811EE9821} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
{7DBCDA27-46B4-4F4D-8A16-0E9BD594A23F} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{976FFB46-04AB-406C-97E9-BF407367CF68} (HKLM) -- C:\WINDOWS\system32\ssqqrqPG.dll ()
{A8008AC0-AC1D-4FF6-A0D5-5CE0AB5DA67F} (HKLM) -- File not found
{AB75D5F7-6BE4-4B70-8D40-040338CA6FA1} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{C72A782F-FF63-43C0-B504-B34635F8D101} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{CED669A6-CD2A-4969-8893-04D104DF9506} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{DF9A99CF-49C6-4E3E-B668-498B718FD313} (HKLM) -- C:\WINDOWS\system32\opnmNDvw.dll ()
{E7AB66C8-7E4C-4C11-8B64-847AFCBCCBB1} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{EEEE2A27-210F-4851-B3FF-F6DAE969123B} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}" (HKLM) -- D:\Program Files\ICQToolbar\toolbaru.dll (ICQ Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" (HKLM) -- D:\Program Files\ICQToolbar\toolbaru.dll (ICQ Inc.)

[HKEY_USERS\S-1-5-21-515967899-1682526488-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-515967899-1682526488-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" (HKLM) -- D:\Program Files\ICQToolbar\toolbaru.dll (ICQ Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"vptray"=D:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""=C:\Documents and Settings\Spartacus\Application Data\Adobe\Player.exe ()
"\YUR24D.exe"=C:\Windows\system32\YUR24D.exe ()
"\YUR24E.exe"=C:\Windows\system32\YUR24E.exe ()
"NoAds"="D:\Program Files\NoAds\NoAds.exe" (South Bay Software)
"ODS Connector"="D:\Program Files\ODS Connector\ODSConnector.exe" ()
"Run"="C:\Documents and Settings\Spartacus\Application Data\Adobe\Manager.exe" File not found
"SpybotSD TeaTimer"=D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"VideoRun"=C:\WINDOWS\svchost.exe File not found
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe 1 (AWS Convergence Technologies, Inc.)

[HKEY_USERS\S-1-5-21-515967899-1682526488-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""=C:\Documents and Settings\Spartacus\Application Data\Adobe\Player.exe ()
"\YUR24D.exe"=C:\Windows\system32\YUR24D.exe ()
"\YUR24E.exe"=C:\Windows\system32\YUR24E.exe ()
"NoAds"="D:\Program Files\NoAds\NoAds.exe" (South Bay Software)
"ODS Connector"="D:\Program Files\ODS Connector\ODSConnector.exe" ()
"Run"="C:\Documents and Settings\Spartacus\Application Data\Adobe\Manager.exe" File not found
"SpybotSD TeaTimer"=D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"VideoRun"=C:\WINDOWS\svchost.exe File not found
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe 1 (AWS Convergence Technologies, Inc.)

========== (O4) RunOnce Keys ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB2281"=command /c del "C:\Program Files\PCHealthCenter\1.ico" ()
"SpybotDeletingB4429"=command /c del "C:\Program Files\PCHealthCenter\2.ico" ()
"SpybotDeletingB465"=command /c del "C:\Program Files\PCHealthCenter\3.gif" ()
"SpybotDeletingB5311"=command /c del "C:\Program Files\PCHealthCenter\2.gif" ()
"SpybotDeletingD4523"=cmd /c del "C:\Program Files\PCHealthCenter\3.gif" (Microsoft Corporation)
"SpybotDeletingD4577"=cmd /c del "C:\Program Files\PCHealthCenter\1.ico" (Microsoft Corporation)
"SpybotDeletingD6779"=cmd /c del "C:\Program Files\PCHealthCenter\2.gif" (Microsoft Corporation)
"SpybotDeletingD9408"=cmd /c del "C:\Program Files\PCHealthCenter\2.ico" (Microsoft Corporation)
"SpybotDeletingD9564"=cmd /c del "C:\Program Files\PCHealthCenter\1.gif" (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-515967899-1682526488-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB2281"=command /c del "C:\Program Files\PCHealthCenter\1.ico" ()
"SpybotDeletingB4429"=command /c del "C:\Program Files\PCHealthCenter\2.ico" ()
"SpybotDeletingB465"=command /c del "C:\Program Files\PCHealthCenter\3.gif" ()
"SpybotDeletingB5311"=command /c del "C:\Program Files\PCHealthCenter\2.gif" ()
"SpybotDeletingD4523"=cmd /c del "C:\Program Files\PCHealthCenter\3.gif" (Microsoft Corporation)
"SpybotDeletingD4577"=cmd /c del "C:\Program Files\PCHealthCenter\1.ico" (Microsoft Corporation)
"SpybotDeletingD6779"=cmd /c del "C:\Program Files\PCHealthCenter\2.gif" (Microsoft Corporation)
"SpybotDeletingD9408"=cmd /c del "C:\Program Files\PCHealthCenter\2.ico" (Microsoft Corporation)
"SpybotDeletingD9564"=cmd /c del "C:\Program Files\PCHealthCenter\1.gif" (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-515967899-1682526488-725345543-1031\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (Microsoft Corporation)

[HKEY_USERS\s-1-5-21-515967899-1682526488-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientAXDisabler"=cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (Microsoft Corporation)
"TSClientMSIUninstaller"=cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (Microsoft Corporation)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\.DEFAULT\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\S-1-5-18\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\S-1-5-19\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\S-1-5-20\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\S-1-5-21-515967899-1682526488-725345543-1004\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\S-1-5-21-515967899-1682526488-725345543-1031\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\s-1-5-21-515967899-1682526488-725345543-500\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=177

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-515967899-1682526488-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-515967899-1682526488-725345543-1031\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\s-1-5-21-515967899-1682526488-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&ICQ Toolbar Search: D:\Program Files\ICQToolbar\toolbaru.dll [2005/01/19 08:16:34 | 00,446,464 | ---- | M] (ICQ Inc.)
Append to existing PDF: D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: D:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/03 16:08:56 | 17,929,752 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-515967899-1682526488-725345543-1004\Software\Microsoft\Internet Explorer\MenuExt\]
&ICQ Toolbar Search: D:\Program Files\ICQToolbar\toolbaru.dll [2005/01/19 08:16:34 | 00,446,464 | ---- | M] (ICQ Inc.)
Append to existing PDF: D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: D:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/03 16:08:56 | 17,929,752 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-515967899-1682526488-725345543-1031\Software\Microsoft\Internet Explorer\MenuExt\]
&ICQ Toolbar Search: Reg Error: Key does not exist or could not be opened. File not found
Append to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert link target to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert link target to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selected links to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selected links to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selection to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selection to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\s-1-5-21-515967899-1682526488-725345543-500\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: D:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/03 16:08:56 | 17,929,752 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [2007/03/14 03:43:41 | 00,132,760 | ---- | M] (Sun Microsystems, Inc.)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{5C106A59-CC3C-4caa-81A4-6D909B5ACE23}: Menu: &KeyScrambler... -- d:\Program Files\KeyScrambler\KeyScramblerIE.dll [2008/08/27 21:10:41 | 00,812,520 | ---- | M] (QFX Software Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{B863453A-26C3-4e1f-A54D-A2CD196348E9}: Button: ICQ Lite -- d:\Program Files\ICQLite\ICQLite.exe [2006/07/11 06:06:40 | 03,144,800 | ---- | M] (ICQ Ltd.)
{B863453A-26C3-4e1f-A54D-A2CD196348E9}: Menu: ICQ Lite -- d:\Program Files\ICQLite\ICQLite.exe [2006/07/11 06:06:40 | 03,144,800 | ---- | M] (ICQ Ltd.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\s-1-5-21-515967899-1682526488-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/4.../OGAControl.cab -- Office Genuine Advantage Validation Tool
{644E432F-49D3-41A1-8DD5-E099162EEEC5}: http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab -- Symantec RuFSI Utility Class
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{2BD04036-805B-4C12-B8E5-4D5318F92C0D} (Servers: | Description: NVIDIA nForce Networking Controller)
{8EB93879-523A-4F5E-9894-DD09492FFCEE} (Servers: | Description: )
{9780B400-7106-45BD-AD52-706D9E0314AF} (Servers: | Description: 1394 Net Adapter)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=jzllmi.dll irgisr.dll vlqpzz.dll ytuwnn.dll xubfyd.dll
>[2008/10/09 14:15:20 | 00,136,832 | ---- | M] () -- C:\WINDOWS\system32\jzllmi.dll
>[2008/10/09 22:55:10 | 00,136,832 | ---- | M] () -- C:\WINDOWS\system32\irgisr.dll
>[2008/10/10 22:57:41 | 00,137,216 | ---- | M] () -- C:\WINDOWS\system32\vlqpzz.dll
>[2008/10/10 23:54:33 | 00,137,216 | ---- | M] () -- C:\WINDOWS\system32\ytuwnn.dll
>[2008/10/15 20:19:10 | 00,137,216 | ---- | M] () -- C:\WINDOWS\system32\xubfyd.dll

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit"=C:\WINDOWS\system32\userinit.exe,C:\Program Files\Common Files\Microsoft Shared\sysctc.exe,
>File not found -- C:\Program Files\Common Files\Microsoft Shared\sysctc.exe


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
NavLogon: "DllName" = C:\WINDOWS\system32\NavLogon.dll -- C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
opnmNDvw: "DllName" = opnmNDvw.dll -- C:\WINDOWS\system32\opnmNDvw.dll ()
PCANotify: "DllName" = PCANotify.dll -- C:\WINDOWS\system32\PCANotify.dll (Symantec Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"lfstbwvd"={98472272-C237-486E-A714-EC20611812B1} (HKLM) -- C:\WINDOWS\lfstbwvd.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"qmafxprs"={C13A33FE-69F3-4117-B5AD-5A3F685A1583} (HKLM) -- CLSID or file not found.

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{DF9A99CF-49C6-4E3E-B668-498B718FD313}" (HKLM) -- C:\WINDOWS\system32\opnmNDvw.dll ()

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\system32\ssqqrqPG,
>[2008/10/09 14:14:15 | 00,326,016 | ---- | M] () -- C:\WINDOWS\system32\ssqqrqPG.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 0

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/04/27 11:07:23 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[9 C:\WINDOWS\*.tmp files]
[2008/10/15 20:19:11 | 01,358,676 | -HS- | C] () -- C:\WINDOWS\System32\apjbikly.ini
[2008/10/15 20:19:11 | 00,137,216 | ---- | C] () -- C:\WINDOWS\System32\xubfyd.dll
[2008/10/15 20:19:10 | 00,137,216 | ---- | C] () -- C:\WINDOWS\System32\apgketlv.dll
[2008/10/15 20:19:06 | 00,079,488 | ---- | C] () -- C:\WINDOWS\System32\ylkibjpa.dll
[2008/10/15 20:18:57 | 00,037,760 | ---- | C] () -- C:\WINDOWS\System32\ljJCuTji.dll
[2008/10/15 20:18:56 | 00,037,760 | ---- | C] () -- C:\WINDOWS\System32\rqRJDspM.dll
[2008/10/15 20:15:42 | 34,891,89888 | -HS- | C] () -- C:\hiberfil.sys
[2008/10/11 13:57:49 | 00,018,042 | ---- | C] () -- C:\Documents and Settings\Spartacus\My Documents\cc_20081011_135747.reg
[2008/10/11 08:23:00 | 00,037,376 | ---- | C] () -- C:\WINDOWS\System32\efcDSJcd.dll
[2008/10/11 08:23:00 | 00,037,376 | ---- | C] () -- C:\WINDOWS\System32\byXRhFYr.dll
[2008/10/11 06:22:22 | 00,037,376 | ---- | C] () -- C:\WINDOWS\System32\iifeeFwx.dll
[2008/10/11 06:22:22 | 00,037,376 | ---- | C] () -- C:\WINDOWS\System32\awtuUNHX.dll
[2008/10/11 06:21:37 | 00,266,240 | ---- | C] () -- C:\WINDOWS\lfstbwvd.dll
[2008/10/11 06:21:37 | 00,094,208 | ---- | C] () -- C:\WINDOWS\eear.exe
[2008/10/11 05:27:04 | 00,037,376 | ---- | C] () -- C:\WINDOWS\System32\khfFUOgH.dll
[2008/10/11 05:27:04 | 00,037,376 | ---- | C] () -- C:\WINDOWS\System32\cbXNHXNh.dll
[2008/10/11 04:34:48 | 00,038,784 | ---- | C] () -- C:\WINDOWS\System32\iiffCRhe.dll
[2008/10/11 04:34:48 | 00,038,784 | ---- | C] () -- C:\WINDOWS\System32\efcDSKdB.dll
[2008/10/11 03:27:58 | 00,038,784 | ---- | C] () -- C:\WINDOWS\System32\iiffGWMf.dll
[2008/10/11 03:27:58 | 00,038,784 | ---- | C] () -- C:\WINDOWS\System32\fccyxyXq.dll
[2008/10/11 03:21:45 | 00,024,064 | ---- | C] () -- C:\WINDOWS\System32\YUR24E.exe
[2008/10/11 03:21:44 | 00,024,064 | ---- | C] () -- C:\WINDOWS\System32\YUR24D.exe
[2008/10/11 03:21:43 | 00,025,088 | ---- | C] () -- C:\WINDOWS\System32\YUR24C.exe
[2008/10/11 03:21:43 | 00,025,088 | ---- | C] () -- C:\WINDOWS\System32\YUR24B.exe
[2008/10/11 02:27:53 | 00,038,784 | ---- | C] () -- C:\WINDOWS\System32\geBqPIax.dll
[2008/10/11 02:27:53 | 00,038,784 | ---- | C] () -- C:\WINDOWS\System32\fccdBqrQ.dll
[2008/10/11 02:24:28 | 00,001,778 | ---- | C] () -- C:\Documents and Settings\Spartacus\Desktop\HijackThis.lnk
[2008/10/11 01:32:24 | 00,001,100 | ---- | C] () -- C:\Documents and Settings\Spartacus\My Documents\cc_20081011_013222.reg
[2008/10/10 23:54:33 | 00,137,216 | ---- | C] () -- C:\WINDOWS\System32\ytuwnn.dll
[2008/10/10 23:54:33 | 00,137,216 | ---- | C] () -- C:\WINDOWS\System32\rntxwaqt.dll
[2008/10/10 23:52:25 | 01,088,753 | -HS- | C] () -- C:\WINDOWS\System32\knllgsxj.ini
[2008/10/10 23:28:30 | 00,038,272 | ---- | C] () -- C:\WINDOWS\System32\pmnmlifD.dll
[2008/10/10 23:28:30 | 00,038,272 | ---- | C] () -- C:\WINDOWS\System32\ddcCSMef.dll
[2008/10/10 22:57:41 | 00,137,216 | ---- | C] () -- C:\WINDOWS\System32\vlqpzz.dll
[2008/10/10 22:57:40 | 00,137,216 | ---- | C] () -- C:\WINDOWS\System32\nqseyqke.dll
[2008/10/10 22:54:43 | 01,088,753 | -HS- | C] () -- C:\WINDOWS\System32\eqgdenxr.ini
[2008/10/10 22:54:41 | 00,080,000 | ---- | C] () -- C:\WINDOWS\System32\rxnedgqe.dll
[2008/10/10 22:26:11 | 00,038,272 | ---- | C] () -- C:\WINDOWS\System32\yayxyyxW.dll
[2008/10/10 22:26:11 | 00,038,272 | ---- | C] () -- C:\WINDOWS\System32\iifddArR.dll
[2008/10/10 21:30:16 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\ljJYqQKc.dll
[2008/10/10 21:30:16 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\geBuSIcD.dll
[2008/10/10 20:24:46 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\vtUlKbaw.dll
[2008/10/10 20:24:45 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\rqRkJYPj.dll
[2008/10/10 20:24:19 | 00,000,000 | ---D | C] -- C:\Program Files\Rapid Antivirus
[2008/10/10 20:24:16 | 00,025,088 | ---- | C] () -- C:\WINDOWS\System32\YUR214.exe
[2008/10/10 19:27:34 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\awtsqQgH.dll
[2008/10/10 19:27:33 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\rqRIbaWO.dll
[2008/10/10 18:48:20 | 00,002,202 | ---- | C] () -- C:\Documents and Settings\Spartacus\My Documents\cc_20081010_184759.reg
[2008/10/10 18:04:34 | 00,000,978 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2008/10/10 17:47:26 | 00,000,603 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RogueRemover FREE.lnk
[2008/10/10 17:40:38 | 00,074,752 | ---- | C] () -- C:\WINDOWS\System32\YUR48.exe
[2008/10/10 17:35:49 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\ljJBtsqn.dll
[2008/10/10 17:35:49 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\cbXQjkKC.dll
[2008/10/10 17:34:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Spartacus\Application Data\TmpRecentIcons
[2008/10/10 17:34:25 | 00,217,088 | ---- | C] () -- C:\WINDOWS\olnmraew.dll
[2008/10/10 17:34:25 | 00,139,264 | ---- | C] () -- C:\WINDOWS\etgo.exe
[2008/10/10 17:34:25 | 00,094,208 | ---- | C] () -- C:\WINDOWS\qkeftmxn.exe
[2008/10/10 17:34:11 | 00,024,064 | ---- | C] () -- C:\x
[2008/10/09 22:58:56 | 00,038,272 | ---- | C] () -- C:\WINDOWS\System32\ljJCvvvv.dll
[2008/10/09 22:58:56 | 00,038,272 | ---- | C] () -- C:\WINDOWS\System32\jkkICuVo.dll
[2008/10/09 22:55:10 | 00,136,832 | ---- | C] () -- C:\WINDOWS\System32\sfvehsrx.dll
[2008/10/09 22:55:10 | 00,136,832 | ---- | C] () -- C:\WINDOWS\System32\irgisr.dll
[2008/10/09 22:52:40 | 01,074,358 | -HS- | C] () -- C:\WINDOWS\System32\tdfxdpnj.ini
[2008/10/09 22:52:34 | 00,080,512 | ---- | C] () -- C:\WINDOWS\System32\jnpdxfdt.dll
[2008/10/09 16:24:57 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/09 14:15:23 | 00,000,121 | -HS- | C] () -- C:\WINDOWS\System32\mcunnoop.ini
[2008/10/09 14:15:21 | 00,080,512 | ---- | C] () -- C:\WINDOWS\System32\poonnucm.dll
[2008/10/09 14:15:20 | 00,136,832 | ---- | C] () -- C:\WINDOWS\System32\jzllmi.dll
[2008/10/09 14:15:19 | 00,136,832 | ---- | C] () -- C:\WINDOWS\System32\cdsgoppp.dll
[2008/10/09 14:14:15 | 00,874,920 | -HS- | C] () -- C:\WINDOWS\System32\GPqrqqss.ini
[2008/10/09 14:14:15 | 00,874,866 | -HS- | C] () -- C:\WINDOWS\System32\GPqrqqss.ini2
[2008/10/09 14:14:11 | 00,326,016 | ---- | C] () -- C:\WINDOWS\System32\ssqqrqPG.dll
[2008/10/09 14:09:08 | 00,038,272 | ---- | C] () -- C:\WINDOWS\System32\opnmNDvw.dll
[2008/10/09 14:09:08 | 00,038,272 | ---- | C] () -- C:\WINDOWS\System32\byXpNeDu.dll
[2008/10/09 09:13:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Spartacus\Application Data\sp2
[2008/10/07 20:18:33 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/10/07 20:18:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/03 00:12:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2008/10/01 23:12:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/10/01 22:50:26 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/10/01 21:38:17 | 00,049,558 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.SY_
[2008/10/01 19:43:45 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrobj.dll
[2008/10/01 19:43:45 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrrun.dll
[2008/10/01 19:43:45 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshext.dll
[2008/10/01 19:43:44 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscript.exe
[2008/10/01 19:43:44 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cscript.exe
[2008/09/30 22:47:50 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscms.dll
[2008/09/30 22:47:43 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\es.dll
[2008/09/30 22:47:36 | 01,288,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2008/09/30 22:47:30 | 00,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2008/09/30 22:47:29 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2008/09/30 22:47:27 | 00,225,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys
[2008/09/30 22:47:25 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswsock.dll
[2008/09/30 22:47:25 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsapi.dll
[2008/09/30 22:47:14 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2008/09/30 22:47:06 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/09/30 20:24:20 | 00,001,905 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2008/09/30 20:24:20 | 00,001,905 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2008/09/27 21:22:05 | 00,000,000 | ---D | C] -- C:\Program Files\Western Digital Technologies
[2008/09/26 19:56:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2008/09/24 23:14:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2008/09/24 23:14:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
[2008/09/24 20:36:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Spartacus\My Documents\LimeWire
[2008/09/19 07:26:33 | 01,697,280 | ---- | C] () -- C:\Documents and Settings\Spartacus\Application Data\WinEXPLOR3.exe
[2008/09/19 07:26:32 | 01,697,280 | ---- | C] () -- C:\Documents and Settings\Spartacus\Application Data\WinEXPLOR.exe
[2008/09/18 22:10:32 | 00,000,246 | ---- | C] () -- C:\Documents and Settings\Spartacus\Application Data\shedl.bat
[2008/09/18 22:09:45 | 01,697,280 | ---- | C] () -- C:\Documents and Settings\Spartacus\Application Data\winexpl3.exe
[2008/09/18 22:09:44 | 01,697,280 | ---- | C] () -- C:\Documents and Settings\Spartacus\Application Data\winexpl.exe
[2008/09/16 22:08:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2008/09/16 21:57:18 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime

========== Files - Modified Within 30 Days ==========

[9 C:\WINDOWS\*.tmp files]
[2008/10/15 20:24:57 | 00,874,920 | -HS- | M] () -- C:\WINDOWS\System32\GPqrqqss.ini
[2008/10/15 20:22:15 | 00,874,866 | -HS- | M] () -- C:\WINDOWS\System32\GPqrqqss.ini2
[2008/10/15 20:19:18 | 01,358,676 | -HS- | M] () -- C:\WINDOWS\System32\apjbikly.ini
[2008/10/15 20:19:10 | 00,137,216 | ---- | M] () -- C:\WINDOWS\System32\xubfyd.dll
[2008/10/15 20:19:10 | 00,137,216 | ---- | M] () -- C:\WINDOWS\System32\apgketlv.dll
[2008/10/15 20:19:07 | 00,079,488 | ---- | M] () -- C:\WINDOWS\System32\ylkibjpa.dll
[2008/10/15 20:18:57 | 00,037,760 | ---- | M] () -- C:\WINDOWS\System32\rqRJDspM.dll
[2008/10/15 20:18:26 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/15 20:16:11 | 00,193,681 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/10/15 20:15:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/15 20:15:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/15 20:15:42 | 34,891,89888 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/11 15:14:18 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/10/11 13:57:56 | 00,018,042 | ---- | M] () -- C:\Documents and Settings\Spartacus\My Documents\cc_20081011_135747.reg
[2008/10/11 13:46:18 | 00,000,978 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2008/10/11 08:23:00 | 00,037,376 | ---- | M] () -- C:\WINDOWS\System32\efcDSJcd.dll
[2008/10/11 08:23:00 | 00,037,376 | ---- | M] () -- C:\WINDOWS\System32\byXRhFYr.dll
[2008/10/11 06:22:22 | 00,037,376 | ---- | M] () -- C:\WINDOWS\System32\iifeeFwx.dll
[2008/10/11 06:22:22 | 00,037,376 | ---- | M] () -- C:\WINDOWS\System32\awtuUNHX.dll
[2008/10/11 05:38:06 | 00,217,088 | ---- | M] () -- C:\WINDOWS\olnmraew.dll
[2008/10/11 05:38:06 | 00,094,208 | ---- | M] () -- C:\WINDOWS\qkeftmxn.exe
[2008/10/11 05:38:04 | 00,094,208 | ---- | M] () -- C:\WINDOWS\eear.exe
[2008/10/11 05:38:02 | 00,266,240 | ---- | M] () -- C:\WINDOWS\lfstbwvd.dll
[2008/10/11 05:27:04 | 00,037,376 | ---- | M] () -- C:\WINDOWS\System32\khfFUOgH.dll
[2008/10/11 05:27:04 | 00,037,376 | ---- | M] () -- C:\WINDOWS\System32\cbXNHXNh.dll
[2008/10/11 02:24:28 | 00,001,778 | ---- | M] () -- C:\Documents and Settings\Spartacus\Desktop\HijackThis.lnk
[2008/10/11 01:32:35 | 00,001,100 | ---- | M] () -- C:\Documents and Settings\Spartacus\My Documents\cc_20081011_013222.reg
[2008/10/11 00:01:46 | 00,001,615 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2008/10/10 23:54:33 | 00,137,216 | ---- | M] () -- C:\WINDOWS\System32\ytuwnn.dll
[2008/10/10 23:52:28 | 01,088,753 | -HS- | M] () -- C:\WINDOWS\System32\knllgsxj.ini
[2008/10/10 22:57:41 | 00,137,216 | ---- | M] () -- C:\WINDOWS\System32\vlqpzz.dll
[2008/10/10 22:54:45 | 01,088,753 | -HS- | M] () -- C:\WINDOWS\System32\eqgdenxr.ini
[2008/10/10 21:30:16 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\ljJYqQKc.dll
[2008/10/10 21:30:16 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\geBuSIcD.dll
[2008/10/10 20:24:45 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\vtUlKbaw.dll
[2008/10/10 20:24:45 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\rqRkJYPj.dll
[2008/10/10 19:27:33 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\rqRIbaWO.dll
[2008/10/10 19:27:33 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\awtsqQgH.dll
[2008/10/10 18:48:32 | 00,002,202 | ---- | M] () -- C:\Documents and Settings\Spartacus\My Documents\cc_20081010_184759.reg
[2008/10/10 17:47:26 | 00,000,603 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RogueRemover FREE.lnk
[2008/10/10 17:35:49 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\ljJBtsqn.dll
[2008/10/10 17:35:49 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\cbXQjkKC.dll
[2008/10/10 12:09:04 | 00,139,264 | ---- | M] () -- C:\WINDOWS\etgo.exe
[2008/10/10 10:36:31 | 00,074,752 | ---- | M] () -- C:\WINDOWS\System32\YUR48.exe
[2008/10/10 10:36:30 | 00,025,088 | ---- | M] () -- C:\WINDOWS\System32\YUR24C.exe
[2008/10/10 10:36:30 | 00,024,064 | ---- | M] () -- C:\x
[2008/10/10 10:36:30 | 00,024,064 | ---- | M] () -- C:\WINDOWS\System32\YUR24E.exe
[2008/10/10 10:36:30 | 00,024,064 | ---- | M] () -- C:\WINDOWS\System32\YUR24D.exe
[2008/10/10 10:36:29 | 00,025,088 | ---- | M] () -- C:\WINDOWS\System32\YUR24B.exe
[2008/10/10 10:36:29 | 00,025,088 | ---- | M] () -- C:\WINDOWS\System32\YUR214.exe
[2008/10/09 22:55:10 | 00,136,832 | ---- | M] () -- C:\WINDOWS\System32\irgisr.dll
[2008/10/09 22:52:51 | 01,074,358 | -HS- | M] () -- C:\WINDOWS\System32\tdfxdpnj.ini
[2008/10/09 16:05:29 | 00,444,858 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/09 16:05:29 | 00,072,356 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/09 14:16:49 | 00,000,121 | -HS- | M] () -- C:\WINDOWS\System32\mcunnoop.ini
[2008/10/09 14:15:20 | 00,136,832 | ---- | M] () -- C:\WINDOWS\System32\jzllmi.dll
[2008/10/09 14:14:15 | 00,326,016 | ---- | M] () -- C:\WINDOWS\System32\ssqqrqPG.dll
[2008/10/09 14:09:08 | 00,038,272 | ---- | M] () -- C:\WINDOWS\System32\opnmNDvw.dll
[2008/10/09 09:17:59 | 03,173,666 | -H-- | M] () -- C:\Documents and Settings\Spartacus\Local Settings\Application Data\IconCache.db
[2008/10/07 22:14:14 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/07 13:07:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/05 20:44:32 | 00,001,905 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2008/10/05 20:44:32 | 00,001,905 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2008/10/01 22:50:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\spdwnwxp.exe
[2008/10/01 22:15:47 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/10/01 22:15:47 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/10/01 21:24:50 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Spartacus\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/19 07:27:19 | 00,000,246 | ---- | M] () -- C:\Documents and Settings\Spartacus\Application Data\shedl.bat
[2008/09/19 07:26:46 | 01,697,280 | ---- | M] () -- C:\Documents and Settings\Spartacus\Application Data\WinEXPLOR3.exe
[2008/09/19 07:26:32 | 01,697,280 | ---- | M] () -- C:\Documents and Settings\Spartacus\Application Data\WinEXPLOR.exe
[2008/09/18 22:09:57 | 01,697,280 | ---- | M] () -- C:\Documents and Settings\Spartacus\Application Data\winexpl3.exe
[2008/09/18 22:09:44 | 01,697,280 | ---- | M] () -- C:\Documents and Settings\Spartacus\Application Data\winexpl.exe
[2008/09/17 23:55:00 | 01,724,416 | ---- | M] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/09/17 23:55:00 | 01,657,376 | ---- | M] () -- C:\WINDOWS\System32\nwiz.exe
[2008/09/17 23:55:00 | 01,503,232 | ---- | M] () -- C:\WINDOWS\System32\nview.dll
[2008/09/17 23:55:00 | 01,346,080 | ---- | M] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/09/17 23:55:00 | 01,101,824 | ---- | M] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/09/17 23:55:00 | 00,466,944 | ---- | M] () -- C:\WINDOWS\System32\nvshell.dll
[2008/09/17 23:55:00 | 00,449,056 | ---- | M] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/09/17 23:55:00 | 00,436,768 | ---- | M] () -- C:\WINDOWS\System32\keystone.exe
[2008/09/17 23:55:00 | 00,286,720 | ---- | M] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/09/17 23:55:00 | 00,201,050 | ---- | M] () -- C:\WINDOWS\System32\nvapps.nvb
[2008/09/17 23:55:00 | 00,073,728 | ---- | M] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2008/09/17 23:55:00 | 00,018,394 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
[2008/09/16 21:56:42 | 00,676,224 | ---- | M] () -- C:\WINDOWS\System32\OGACheckControl.DLL
< End of report >

Here is my extras:

OTViewIt Extras logfile created on: 10/15/2008 8:23:20 PM - Run
OTViewIt by OldTimer - Version 1.0.14.0 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4990 4990;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.24 Gb Total Space | 14.34 Gb Free Space | 43.14% Space Free | Partition Type: NTFS
Drive D: | 153.07 Gb Total Space | 84.50 Gb Free Space | 55.20% Space Free | Partition Type: NTFS
Drive E: | 189.91 Gb Total Space | 140.49 Gb Free Space | 73.98% Space Free | Partition Type: NTFS
Drive F: | 37.27 Gb Total Space | 19.63 Gb Free Space | 52.67% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADAM
Current User Name: Spartacus
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"Use My Stylesheet"=
"User Stylesheet"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
"DisableUnicastResponsesToMulticastBroadcast"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/07/11 06:06:40 | 03,144,800 | ---- | M] (ICQ Ltd.) -- D:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite
[2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2006/10/10 13:53:46 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2007/03/15 09:33:58 | 04,988,416 | ---- | M] (Ensemble Studios) -- D:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs
[2007/08/29 01:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove
[2008/05/21 05:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote
File not found -- C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Disabled:Nero ProductSetup
File not found -- D:\Program Files\Nero 7\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime
[2008/09/24 21:28:04 | 00,267,056 | ---- | M] (BitTorrent, Inc.) -- D:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent
[2002/08/21 10:03:46 | 06,319,567 | ---- | M] () -- D:\Sierra\Empire Earth - The Art of Conquest\EE-AOC.exe:*:Enabled:EE-AOC
[2007/05/11 12:10:00 | 00,910,968 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec\pcAnywhere\Winaw32.exe:*:Enabled:pcAnywhere Main Executable
[2007/05/11 12:10:00 | 00,132,728 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec\pcAnywhere\awhost32.exe:*:Enabled:pcAnywhere Host Service
[2007/05/11 12:10:00 | 00,136,824 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Enabled:pcAnywhere Remote Service
[2002/05/29 17:24:38 | 02,813,952 | ---- | M] (LucasArts Entertainment Company LLC) -- D:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\battlegrounds_x1.exe:*:Enabled:Star Wars Galactic Battlegrounds: Clone Campaigns
[2007/05/23 08:00:35 | 02,805,760 | ---- | M] (LucasArts Entertainment Company LLC) -- D:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\Battlegrounds.exe:*:Enabled:Star Wars Galactic Battlegrounds
[2008/09/27 11:20:48 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2007/10/25 02:19:26 | 05,051,392 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties
[2004/08/04 00:56:56 | 00,108,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\services.exe:*:Disabled:Bittorrent Program
[2004/08/04 00:56:58 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\etc\smss.exe:*:Disabled:Bittorrent Program
[2008/02/28 10:05:04 | 06,141,224 | ---- | M] (Nero AG) -- D:\Program Files\Nero 8\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime
[2007/11/07 21:38:00 | 41,423,080 | ---- | M] (Mad Doc Software) -- D:\Program Files\Sierra Entertainment\Empire Earth III\EE3.exe:*:Enabled:Empire Earth III
[2008/04/14 05:42:26 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console
[2008/05/19 00:00:00 | 01,873,280 | ---- | M] (Cerulean Studios) -- D:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
File not found -- D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
File not found -- D:\Program Files\eMule\emule.exe:*:Disabled:eMule
[2008/10/01 18:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/12/22 08:38:40 | 00,081,920 | ---- | M] (Hewlett-Packard Company) C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} (HKLM) [CZipHandler Object])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/08/24 08:01:46 | 00,224,128 | ---- | M] (Microsoft Corporation) D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} (HKLM) [Local Groove Web Services Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/29 00:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/29 00:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}"=Adobe Photoshop CS3
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}"=MSXML4 Parser
"{0314ED3D-26A7-4F62-86A2-6B23353445E8}"=Star Wars Galactic Battlegrounds: Clone Campaigns
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}"=WD Diagnostics
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}"=PC Inspector File Recovery
"{12118183-866A-11D3-97DF-0000F8D8F2E9}"=Symantec pcAnywhere
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{190BF7E6-59C5-45E2-B9CE-E8E7245A5B4D}"=TMPGEnc Plus 2.5
"{1C08A24C-B168-407E-A826-68FAF5F20710}"=Age of Empires III - The WarChiefs
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}"=Google Earth
"{2085C617-589C-40F8-BE40-EDBC9E2CA2EB}"=Symantec AntiVirus
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}"=Norton PartitionMagic
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}"=Rhapsody Player Engine
"{2447500B-22D7-47BD-9B13-1A927F43A267}"=Empire Earth
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}"=Data Lifeguard Tools
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}"=Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3921A67A-5AB1-4E48-9444-C71814CF3027}"=VCRedistSetup
"{3C400DF4-90E0-412C-843A-F5424402662F}"=DJBCP Codec Pack
"{3D374523-CFDE-461A-827E-2A102E2AB365}"=Star Wars Battlefront II
"{448AB2CB-C94A-47DE-80B8-9D7824DEFA57}"=Ulead DVD MovieFactory 4.0
"{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1"=SureThing CD Labeler Deluxe 5
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}"=InterVideo DeviceService
"{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}"=Photosmart 140,240,7200,7600,7700,7900 Series
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{5645BA4F-2BF3-4F31-B3F7-710700C92456}"=Transformers™ - The Game
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{67EDD823-135A-4D59-87BD-950616D6E857}"=EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6C11D561-620B-47DA-A693-4C597F3CDF40}"=EPSON Smart Panel
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}"=ArcSoft PhotoImpression
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6DA9102E-199F-43A0-A36B-6EF48081A658}"=MobileMe Control Panel
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{713AB069-D22F-4C15-89F0-0FEE92D9AD47}"=PS7600
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1"=ConvertXtoDVD 3.0.0.7
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}"=Adobe ExtendScript Toolkit 2
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}"=Age of Empires III
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}"=Software Update for Web Folders
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{85EBB283-65AF-4C53-9EBE-7C0A232762F7}"=AGEIA PhysX v7.03.21
"{8777AC6D-89F9-4793-8266-DE406F343E89}"=QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}"=Adobe Setup
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000ff1ce}_enterprise_{bee75e01-dd3f-4d5f-b96c-609e6538d419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{932FB3F3-594D-4600-ABFA-F2DE80A14214}"=Marvel™ - Ultimate Alliance
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{9743AF47-B746-4324-B4C4-512E67D04370}"=Symantec Technical Support Web Controls
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}"=EPSON TWAIN 5
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A202BDBA-753F-41B9-B649-CFB0B45FC03E}"=Star Wars Galactic Battlegrounds
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A7AA93B6-6909-4073-B4EC-45CCDEFD4665}"=NHL® 08
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}"=Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AD8E6D29-95EC-494E-8AF5-566E784819A6}"=Ulead Data-Add 2.0
"{B0255743-165B-4BD5-8DA8-37DFB9930012}"=Norton Ghost
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B17E235C-7A3B-4482-B650-21FFDE1D452E}"=Empire Earth III
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B49C924C-A651-4378-94F6-5D9BF44A959F}"=Empire Earth - The Art of Conquest
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}"=Microsoft XML Parser
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}"=EPSON Copy Utility
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}"=Adobe Bridge 1.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BE282C23-5484-47FF-B2C1-EBEA5C891033}"=Nero 8
"{C151CE54-E7EA-4804-854B-F515368B0798}"=Athlon 64 Processor Driver
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}"=Age of Empires III - The Asian Dynasties
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}"=Blaze Media Pro
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}"=Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CCC4E428-411E-4605-B515-317D50ABD477}"=Ulead DVD MovieFactory 6
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}"=WinZip 11.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}"=Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D48EAA77-E526-41EB-894C-BD6A17EABD95}"=TMPGEnc 3.0 XPress
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}"=Microsoft XML Parser
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}"=HP Software Update
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{DE2EBD6F-81B6-4E9A-B137-C11FD6790CFF}"=PSShortcutsP
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}"=Empire Earth II
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}"=LightScribe 1.4.124.1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}"=ScanToWeb
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}"=Adobe Stock Photos 1.0
"{EF901A4B-A25A-4962-83C6-C6691D062ED9}"=Nero Mega Plugin Pack
"{EFE26D3B-2789-4068-A5BB-77E389FAEB98}"=PSUsage
"{F539210E-8474-44E3-9035-01CB6444DB46}"=OutlookTools 2
"{F596C356-BF35-4ED7-981C-CC791461A8F0}"=Empire Earth II: The Art of Supremacy
"{F6B2ED65-7378-4065-802D-F2E5689F3A4E}"=Photo Viewer
"{FA556395-D888-4836-A5D0-FD3C3032C2D1}"=ODS Connector v1.4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23"=EA SPORTS online 2008
"Active Disk"=Active Disk
"ADG Aspect_is1"=ADG Aspect 5.0.0.74
"ADG Panorama Pro_is1"=ADG Panorama Pro 5.2.0.32
"Adobe Acrobat 8 Professional - English, Français, Deutsch"=Adobe Acrobat 8.1.2 Professional
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"Adobe_2ac78060bc5856b0c1cf873bb919b58"=Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"Age of Empires 2.0"=Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0"=Microsoft Age of Empires II: The Conquerors Expansion
"Age of Mythology 1.0"=Age of Mythology
"Age of Mythology Expansion Pack 1.0"=Age of Mythology - The Titans Expansion
"AIM_6"=AIM 6
"AnyDVD"=AnyDVD
"Blaze Media Pro"=Blaze Media Pro
"BlindWrite 6_is1"=BlindWrite 6
"CCleaner"=CCleaner (remove only)
"CleanUp!"=CleanUp!
"CloneCD"=CloneCD
"CloneDVD2"=CloneDVD2
"Combined Community Codec Pack_is1"=Combined Community Codec Pack 2008-01-24
"copSSH"=copSSH (remove only)
"CopyToDVD 4.0.4_is1"=CopyToDVD 4
"DivX Content Uploader"=DivX Content Uploader
"DVD Decrypter"=DVD Decrypter (Remove Only)
"DVD Shrink_is1"=DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1"=DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.7.2
"DVDFab Platinum_is1"=DVDFab Platinum 4.1.2.0 Final by Team RES
"ENTERPRISE"=Microsoft Office Enterprise 2007
"EPSON Photo Print"=EPSON Photo Print
"Forte Agent"=Forté Agent
"FreeOCR.net"=FreeOCR.net
"GoldWave v5.25"=GoldWave v5.25
"HijackThis"=HijackThis 2.0.2
"ICQLite"=ICQ 5.1
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"ImgBurn"=ImgBurn
"InstallShield_{190BF7E6-59C5-45E2-B9CE-E8E7245A5B4D}"=TMPGEnc Plus 2.5
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}"=Age of Empires III - The WarChiefs
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}"=Norton PartitionMagic 8.0
"InstallShield_{5645BA4F-2BF3-4F31-B3F7-710700C92456}"=Transformers™ - The Game
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}"=Age of Empires III
"InstallShield_{932FB3F3-594D-4600-ABFA-F2DE80A14214}"=Marvel™ - Ultimate Alliance
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}"=Age of Empires III - The Asian Dynasties
"InstallShield_{CCC4E428-411E-4605-B515-317D50ABD477}"=Ulead DVD MovieFactory 6
"Iomega App Services"=Iomega App Services
"IomegaWare"=IomegaWare
"KeyScrambler"=KeyScrambler
"KLiteCodecPack_is1"=K-Lite Codec Pack 3.1.0 Full
"LiveReg"=LiveReg (Symantec Corporation)
"LiveUpdate"=LiveUpdate 3.2 (Symantec Corporation)
"Magic ISO Maker v5.4 (build 0248)"=Magic ISO Maker v5.4 (build 0248)
"Malwarebytes' RogueRemover FREE_is1"=Malwarebytes' RogueRemover
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MPEG-VCR"=MPEG-VCR
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NewsLeecher_is1"=NewsLeecher v3.9 Beta 2
"NFO Creator"=NFO Creator
"Nimo_CORP"=Nimo Lite Pack v1.0 (Remove Only)
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NoAds"=NoAds
"NVIDIA Drivers"=NVIDIA Drivers
"QuickPar"=QuickPar 0.9
"RealPlayer 6.0"=RealPlayer
"RegistryBooster 2_is1"=Uniblue RegistryBooster 2
"Silent Package Run-Time Sample"=EPSON Scanner Reference Guide
"SystemRequirementsLab"=System Requirements Lab
"The Rosetta Stone"=The Rosetta Stone
"ToolbarICQToolbar.ICQToolbarObjectIEToolbar"=ICQ Toolbar
"Trillian"=Trillian
"Tweak UI 2.10"=Tweak UI
"uTorrent"=µTorrent
"ViewpointMediaPlayer"=Viewpoint Media Player
"WeatherBug"=WeatherBug
"WIC"=Windows Imaging Component
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Defender of the Crown"=Defender of the Crown

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-515967899-1682526488-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Defender of the Crown"=Defender of the Crown

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/15/2008 8:24:28 PM | Computer Name = ADAM | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Backdoor.Tidserv in File: C:\Documents and Settings\Spartacus\Local
Settings\Temp\windfr.exe by: Auto-Protect scan. Action: Quarantine succeeded :
Access denied. Action Description: The file was quarantined successfully.

Error - 10/15/2008 8:25:38 PM | Computer Name = ADAM | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Packed.Generic.180 in File: C:\WINDOWS\system32\opnmNDvw.dll
by: Auto-Protect scan. Action: Quarantine failed : Clean failed. Action Description:
The file was left unchanged.

Error - 10/15/2008 8:25:38 PM | Computer Name = ADAM | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Packed.Generic.180 in File: C:\WINDOWS\system32\opnmNDvw.dll
by: Auto-Protect scan. Action: Quarantine failed : Clean failed : Access denied.
Action Description: The file was left unchanged.

Error - 10/15/2008 8:25:38 PM | Computer Name = ADAM | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Packed.Generic.180 in File: c:\WINDOWS\system32\opnmNDvw.dll
by: Auto-Protect scan. Action: Reboot Required. Action Description: The file
was quarantined successfully.

Error - 10/15/2008 8:25:41 PM | Computer Name = ADAM | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Packed.Generic.180 in File: c:\WINDOWS\system32\jzllmi.dll
by: Auto-Protect scan. Action: Reboot Required. Action Description: The file
was quarantined successfully.

Error - 10/15/2008 8:25:41 PM | Computer Name = ADAM | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Packed.Generic.180 in File: c:\WINDOWS\system32\irgisr.dll
by: Auto-Protect scan. Action: Reboot Required. Action Description: The file
was quarantined successfully.

Error - 10/15/2008 8:25:42 PM | Computer Name = ADAM | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Packed.Generic.180 in File: c:\WINDOWS\system32\vlqpzz.dll
by: Auto-Protect scan. Action: Reboot Required. Action Description: The file
was quarantined successfully.

Error - 10/15/2008 8:25:42 PM | Computer Name = ADAM | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Packed.Generic.180 in File: c:\WINDOWS\system32\ytuwnn.dll
by: Auto-Protect scan. Action: Reboot Required. Action Description: The file
was quarantined successfully.

Error - 10/15/2008 8:25:43 PM | Computer Name = ADAM | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Packed.Generic.180 in File: c:\WINDOWS\system32\xubfyd.dll
by: Auto-Protect scan. Action: Reboot Required. Action Description: The file
was quarantined successfully.

Error - 10/15/2008 8:25:43 PM | Computer Name = ADAM | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Packed.Generic.180 in File: c:\WINDOWS\system32\ssqqrqPG.dll
by: Auto-Protect scan. Action: Reboot Required. Action Description: The file
was quarantined successfully.

[ System Events ]
Error - 10/11/2008 11:39:10 AM | Computer Name = ADAM | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 10/11/2008 11:39:10 AM | Computer Name = ADAM | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK8 AW_HOST eeCtrl ElbyCDIO Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRT SAVRTPEL
SPBBCDrv
SYMTDI
Tcpip

Error - 10/11/2008 12:50:09 PM | Computer Name = ADAM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/11/2008 12:50:57 PM | Computer Name = ADAM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/11/2008 1:40:58 PM | Computer Name = ADAM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/11/2008 1:43:59 PM | Computer Name = ADAM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/11/2008 3:14:24 PM | Computer Name = ADAM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/11/2008 5:09:36 PM | Computer Name = ADAM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/12/2008 8:01:17 PM | Computer Name = ADAM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/15/2008 8:16:16 PM | Computer Name = ADAM | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .


< End of report >

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:24 PM

Posted 15 October 2008 - 07:57 PM

Hello spart. Let's get to work.

Disable Realtime Protection
Antimalware programs can interfere with the tools we need to run.

To disable Ad-Aware:
  • Right click on the Ad-Watch icon in the system tray.
  • At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
    • Active: This will turn Ad-Watch On\Off without closing it.
    • Automatic: Suspicious activity will be blocked automatically.
  • Uncheck both of those boxes.
  • (When done, you can re-enable it using the same steps but this time check both boxes.)
To disable Norton Antivirus: (Your version might be slightly different, in which case skip this step if you don't know how to disabled it)
  • Right click on thr Norton icon (Posted Image) beside your click and select Disable Auto-Protect.
  • Select a disabled duration of 5 hours to ensure that it will not interfere with this fix.
  • Click OK to apply the settings.
When done properly, you should recieve a pop-up warning saying that protection was disabled. The Norton icon should now look like Posted Image.

To disable SpyBot's TeaTimer:
  • Run Spybot-S&D in Advanced Mode. If it is not already set to do this Go to the Mode menu select Advanced Mode.
  • On the left hand side, Click on Tools.
  • Click on the Resident icon in the list.
  • Uncheck Resident TeaTimer and OK any prompts.
  • Download ResetTeaTimer.bat and run it to remove entries set by TeaTimer. The file should take only a second to finish. Delete this file after use.
Restart your computer for the changes to take affect.

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.

How to Restore from the ERUNT Backup
Only restore from the backups if instructed to, or you need to do so. You need it if after doing something, your computer will only boot in Safe Mode and you are unable to contact us (or anyone else) for help by other means, or if your computer will not boot into Windows at all.

To restore when booted, navigate to C:\WINDOWS\erdnt (possibly WINNT), choose the folder with the most recent date, and double click ERDNT.EXE. Check all boxes in the restoration options.

To restore from the Recovery Console using the Windows CD:
  • Turn on your machine with the disk in the drive.
  • Type in the number of the Windows installation you want to repair (usually 1), then press Enter.
  • Type in the Administrator password (leave blank if you are unsure what it is or if you do not have one) and press Enter.
  • Type without quotes "cd erdnt" followed by Enter.
  • Type without quotes "dir" followed by Enter. This will list out the available folders, whose names are the date on which the backup was taken in (M)M-DD-YYYY format. Try the most recent dates first.
  • Type without quotes "cd **name of the folder**" followed by Enter.
  • Type without quotes "batch erdnt.con" followed by Enter.
  • Type without quotes "exit" followed by Enter.
  • Remove your CD from the drive and reboot your computer into the restored registry. If you still cannot boot, try again with an earlier restore date.
Install Recovery Console and Run ComboFix
Download Combofix from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System.
Posted Image
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Download the file and save it as it's originally named onto your desktop.
  • Drag the setup package onto ComboFix.exe and drop it.
    Posted Image
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • At the next prompt, click NO to skip the scan for now.
Posted Image
  • Close everything and save all work.
  • Click on your Start Menu, then Run.., then type:
    "%userprofile%\desktop\combofix.exe" /killall
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.

ComboFix will restart your computer if malware is found; allow it to do so.

----
Re-enabled your protection!


Post back with:
-the ComboFix log
-a new HijackThis log

With Regards,
The Panda

#5 spart

spart
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 15 October 2008 - 09:38 PM

Here is the combofix: Computer was slow

ComboFix 08-10-15.05 - Spartacus 2008-10-15 22:16:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2743 [GMT -4:00]
Running from: C:\Documents and Settings\Spartacus\desktop\combofix.exe
Command switches used :: /killall
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Spartacus\Application Data\Adobe\crc.dat
C:\Documents and Settings\Spartacus\Application Data\inst.exe
C:\Documents and Settings\Spartacus\Application Data\winexpl3.exe
C:\Documents and Settings\Spartacus\Application Data\WinEXPLOR3.exe
C:\WINDOWS\eear.exe
C:\WINDOWS\etgo.exe
C:\WINDOWS\lfstbwvd.dll
C:\WINDOWS\olnmraew.dll
C:\WINDOWS\system32\apgketlv.dll
C:\WINDOWS\system32\apjbikly.ini
C:\WINDOWS\system32\awtsqQgH.dll
C:\WINDOWS\system32\awtuUNHX.dll
C:\WINDOWS\system32\byXRhFYr.dll
C:\WINDOWS\system32\cbXNHXNh.dll
C:\WINDOWS\system32\cbXQjkKC.dll
C:\WINDOWS\system32\drivers\services.exe
C:\WINDOWS\system32\efcDSJcd.dll
C:\WINDOWS\system32\eqgdenxr.ini
C:\WINDOWS\system32\exec1.exe
C:\WINDOWS\system32\fhkQYcdd.ini
C:\WINDOWS\system32\fhkQYcdd.ini2
C:\WINDOWS\system32\geBuSIcD.dll
C:\WINDOWS\system32\GPqrqqss.ini
C:\WINDOWS\system32\GPqrqqss.ini2
C:\WINDOWS\system32\iifeeFwx.dll
C:\WINDOWS\system32\khfFUOgH.dll
C:\WINDOWS\system32\knllgsxj.ini
C:\WINDOWS\system32\ljJBtsqn.dll
C:\WINDOWS\system32\ljJYqQKc.dll
C:\WINDOWS\system32\rqRIbaWO.dll
C:\WINDOWS\system32\rqRJDspM.dll
C:\WINDOWS\system32\rqRkJYPj.dll
C:\WINDOWS\system32\skinboxer43.dll
C:\WINDOWS\system32\spdwnwxp.exe
C:\WINDOWS\system32\tdfxdpnj.ini
C:\WINDOWS\system32\vtUlKbaw.dll
C:\x

----- BITS: Possible infected sites -----

hxxp://78.157.143.198
hxxp://62.176.16.10
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_fci


((((((((((((((((((((((((( Files Created from 2008-09-16 to 2008-10-16 )))))))))))))))))))))))))))))))
.

2008-10-15 22:20 . 2008-10-10 10:36 24,064 --a------ C:\WINDOWS\system32\YUR6.exe
2008-10-15 22:03 . 2008-10-15 22:03 <DIR> d-------- C:\Program Files\ERUNT
2008-10-15 21:55 . 2008-10-10 10:36 24,064 --a------ C:\WINDOWS\system32\YUR4.exe
2008-10-15 21:55 . 2008-10-10 10:36 24,064 --a------ C:\WINDOWS\system32\YUR1.exe
2008-10-11 03:21 . 2008-10-10 10:36 25,088 --a------ C:\WINDOWS\system32\YUR24C.exe
2008-10-11 03:21 . 2008-10-10 10:36 25,088 --a------ C:\WINDOWS\system32\YUR24B.exe
2008-10-11 03:21 . 2008-10-10 10:36 24,064 --a------ C:\WINDOWS\system32\YUR24E.exe
2008-10-11 03:21 . 2008-10-10 10:36 24,064 --a------ C:\WINDOWS\system32\YUR24D.exe
2008-10-10 20:24 . 2008-10-10 20:24 <DIR> d-------- C:\Program Files\Rapid Antivirus
2008-10-10 20:24 . 2008-10-10 10:36 25,088 --a------ C:\WINDOWS\system32\YUR214.exe
2008-10-10 18:04 . 2008-10-11 13:46 978 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-10 17:40 . 2008-10-10 10:36 74,752 --a------ C:\WINDOWS\system32\YUR48.exe
2008-10-10 17:34 . 2008-10-11 05:38 94,208 --a------ C:\WINDOWS\qkeftmxn.exe
2008-10-09 16:24 . 2008-10-09 16:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-09 14:15 . 2008-10-09 14:16 121 --ahs---- C:\WINDOWS\system32\mcunnoop.ini
2008-10-09 09:13 . 2008-10-10 19:31 <DIR> d-------- C:\Documents and Settings\Spartacus\Application Data\sp2
2008-10-07 20:18 . 2008-10-07 20:18 <DIR> d-------- C:\Program Files\iPod
2008-10-07 20:18 . 2008-10-07 20:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-03 00:12 . 2008-10-03 00:12 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-10-01 22:50 . 2008-10-01 22:50 0 --a----t- C:\WINDOWS\001701_.tmp
2008-10-01 21:46 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\001700_.tmp
2008-10-01 21:38 . 2004-08-03 18:59 49,558 --a------ C:\WINDOWS\system32\drivers\atapi.SY_
2008-10-01 19:43 . 2008-05-09 06:53 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll
2008-10-01 19:43 . 2008-05-09 06:53 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll
2008-10-01 19:43 . 2008-05-08 07:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe
2008-10-01 19:43 . 2008-05-09 04:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe
2008-10-01 19:43 . 2008-05-09 06:53 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll
2008-09-30 22:47 . 2008-05-07 01:12 1,288,192 -----c--- C:\WINDOWS\system32\dllcache\quartz.dll
2008-09-30 22:47 . 2008-04-11 15:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-30 22:47 . 2008-06-20 07:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-09-30 22:47 . 2008-07-07 16:26 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll
2008-09-30 22:47 . 2008-06-20 13:46 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-09-30 22:47 . 2008-06-20 07:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-09-30 22:47 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-30 22:47 . 2008-06-20 13:46 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-09-30 22:47 . 2008-06-20 07:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-09-30 22:47 . 2008-06-24 12:43 74,240 -----c--- C:\WINDOWS\system32\dllcache\mscms.dll
2008-09-30 22:37 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\001697_.tmp
2008-09-30 22:26 . 2008-09-30 22:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
2008-09-30 20:24 . 2008-10-05 20:44 1,905 --a------ C:\WINDOWS\diagwrn.xml
2008-09-30 20:24 . 2008-10-05 20:44 1,905 --a------ C:\WINDOWS\diagerr.xml
2008-09-27 21:22 . 2008-09-27 21:22 <DIR> d-------- C:\Program Files\Western Digital Technologies
2008-09-24 23:14 . 2008-09-24 23:14 <DIR> d-------- C:\WINDOWS\Performance
2008-09-24 23:14 . 2008-09-25 00:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-09-19 07:26 . 2008-09-19 07:26 1,697,280 --a------ C:\Documents and Settings\Spartacus\Application Data\WinEXPLOR.exe
2008-09-18 22:10 . 2008-09-19 07:27 246 --a------ C:\Documents and Settings\Spartacus\Application Data\shedl.bat
2008-09-18 22:09 . 2008-09-18 22:09 1,697,280 --a------ C:\Documents and Settings\Spartacus\Application Data\winexpl.exe
2008-09-16 22:08 . 2008-09-16 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-09-16 21:57 . 2008-09-16 21:58 <DIR> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 02:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-16 00:18 --------- d-----w C:\Documents and Settings\Spartacus\Application Data\WeatherBug
2008-10-11 03:47 --------- d-----w C:\Program Files\Enigma Software Group
2008-10-01 01:28 --------- d-----w C:\Documents and Settings\Spartacus\Application Data\LimeWire
2008-09-30 04:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-26 04:09 --------- d-----w C:\Documents and Settings\Spartacus\Application Data\uTorrent
2008-09-17 01:57 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-17 01:56 676,224 ----a-w C:\WINDOWS\system32\OGACheckControl.DLL
2008-09-17 01:53 --------- d-----w C:\Program Files\Bonjour
2008-09-11 01:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-09 03:24 --------- d-----w C:\Documents and Settings\Spartacus\Application Data\DAEMON Tools
2008-09-09 01:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-29 14:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-22 01:29 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-19 02:08 --------- d-----w C:\Documents and Settings\Spartacus\Application Data\Vso
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2007-09-10 22:04 94,208 ----a-w C:\Documents and Settings\Spartacus\Application Data\ezplay.sys
2007-09-10 22:04 47,360 ----a-w C:\Documents and Settings\Spartacus\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2006-04-07 1343488]
"ODS Connector"="D:\Program Files\ODS Connector\ODSConnector.exe" [2003-02-07 316416]
"NoAds"="D:\Program Files\NoAds\NoAds.exe" [2007-04-28 126976]
"\YUR24D.exe"="C:\Windows\system32\YUR24D.exe" [2008-10-10 24064]
"\YUR24E.exe"="C:\Windows\system32\YUR24E.exe" [2008-10-10 24064]
"\YUR1.exe"="C:\Windows\system32\YUR1.exe" [2008-10-10 24064]
"\YUR4.exe"="C:\Windows\system32\YUR4.exe" [2008-10-10 24064]
"\YUR6.exe"="C:\Windows\system32\YUR6.exe" [2008-10-10 24064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="D:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-10-07 125368]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-09-17 13574144]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-09-17 86016]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"\YUR1.exe"="C:\Windows\system32\YUR1.exe" [2008-10-10 24064]
"\YUR4.exe"="C:\Windows\system32\YUR4.exe" [2008-10-10 24064]
"\YUR6.exe"="C:\Windows\system32\YUR6.exe" [2008-10-10 24064]
"nwiz"="nwiz.exe" [2008-09-17 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\Spartacus\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2007-04-27 12:10 18744 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= L3codecp.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"vidc.CDVC"= CDVCCODC.DLL
"VIDC.HFYU"= huffyuv.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.FFDS"= d:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\ICQLite\\ICQLite.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"D:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"D:\\Program Files\\uTorrent\\utorrent.exe"=
"D:\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe"=
"D:\\Program Files\\Symantec\\pcAnywhere\\Winaw32.exe"=
"D:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"D:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"D:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\battlegrounds_x1.exe"=
"D:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"C:\\WINDOWS\\system32\\drivers\\etc\\smss.exe"=
"D:\\Program Files\\Nero 8\\Nero ShowTime\\ShowTime.exe"=
"D:\\Program Files\\Sierra Entertainment\\Empire Earth III\\EE3.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"D:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4000:TCP"= 4000:TCP:*:Disabled:Bittorrent
"4001:TCP"= 4001:TCP:*:Disabled:Bittorrent
"4002:TCP"= 4002:TCP:*:Disabled:Bittorrent
"4003:TCP"= 4003:TCP:*:Disabled:Bittorrent
"4004:TCP"= 4004:TCP:*:Disabled:Bittorrent
"4005:TCP"= 4005:TCP:*:Disabled:Bittorrent
"50021:TCP"= 50021:TCP:*:Disabled:Bittorrent
"22:TCP"= 22:TCP:ssh

R2 copSSHD;Openssh SSHD;d:\Program Files\copSSH\bin\cygrunsrv.exe [2008-03-31 68096]
R3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys [2008-06-24 113896]
S3 WmaCDriverV32;WmaCDriverV32;C:\WINDOWS\system32\drivers\WmaCDriverV32.sys [2007-06-04 513152]
.
Contents of the 'Scheduled Tasks' folder

2008-10-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-16 C:\WINDOWS\Tasks\HP Usg Daily.job
- D:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2005-07-08 00:55]
.
- - - - ORPHANS REMOVED - - - -

BHO-{06D13323-C333-4BE2-92E8-A7BED684407B} - (no file)
BHO-{68826002-D5C9-466B-A75B-EA4811EE9821} - (no file)
BHO-{7DBCDA27-46B4-4F4D-8A16-0E9BD594A23F} - (no file)
BHO-{A8008AC0-AC1D-4FF6-A0D5-5CE0AB5DA67F} - __BHODemonDisabled
BHO-{AB75D5F7-6BE4-4B70-8D40-040338CA6FA1} - (no file)
BHO-{C72A782F-FF63-43C0-B504-B34635F8D101} - (no file)
BHO-{CED669A6-CD2A-4969-8893-04D104DF9506} - (no file)
BHO-{E7AB66C8-7E4C-4C11-8B64-847AFCBCCBB1} - (no file)
BHO-{EEEE2A27-210F-4851-B3FF-F6DAE969123B} - (no file)
HKCU-Run-VideoRun - C:\WINDOWS\svchost.exe
HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll
SSODL-lfstbwvd-{98472272-C237-486E-A714-EC20611812B1} - C:\WINDOWS\lfstbwvd.dll
SSODL-qmafxprs-{C13A33FE-69F3-4117-B5AD-5A3F685A1583} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Spartacus\Application Data\Mozilla\Firefox\Profiles\1judkbps.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF -: plugin - d:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - d:\Program Files\DivX\DivX Web Player\npdivx32.dll
FF -: plugin - D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-15 22:20:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
D:\Program Files\copSSH\bin\sshd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\Nero 8\Nero BackItUp\NBService.exe
D:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-10-15 22:32:52 - machine was rebooted [Spartacus]
ComboFix-quarantined-files.txt 2008-10-16 02:32:49

Pre-Run: 15,150,313,472 bytes free
Post-Run: 15,244,582,912 bytes free

300 --- E O F --- 2008-09-11 01:29:12


Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:07, on 10/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
d:\Program Files\copSSH\bin\cygrunsrv.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
d:\Program Files\copSSH\bin\sshd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\Nero 8\Nero BackItUp\NBService.exe
D:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Windows\system32\YUR1.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\Program Files\NoAds\NoAds.exe
C:\Windows\system32\YUR24D.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKLM\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
O4 - HKLM\..\Run: [\YUR6.exe] C:\Windows\system32\YUR6.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ODS Connector] "D:\Program Files\ODS Connector\ODSConnector.exe"
O4 - HKCU\..\Run: [NoAds] "D:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [\YUR24D.exe] C:\Windows\system32\YUR24D.exe
O4 - HKCU\..\Run: [\YUR24E.exe] C:\Windows\system32\YUR24E.exe
O4 - HKCU\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKCU\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
O4 - HKCU\..\Run: [\YUR6.exe] C:\Windows\system32\YUR6.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-515967899-1682526488-725345543-1031\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SvcCOPSSH')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - d:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - d:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - D:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Openssh SSHD (copSSHD) - Unknown owner - d:\Program Files\copSSH\bin\cygrunsrv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 11864 bytes

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:24 PM

Posted 16 October 2008 - 07:24 AM

Hello spart.

Posted ImageBackdoor Threat
I'm sorry to say that your computer is infected with one or more backdoor trojans.

This means that sensitive information could have been stolen. I would advise to change any passwords for any accounts that you have accessed with the infected computer using a clean computer ASAP. If you have used this computer for banking, I would strongly suggest that you report the possible stolen information. Please do not use the computer for any further transactions, or to enter any other information, if at all possible, until it is declared clean.

You may want to read this article on how to handle identity theft.
You may also want to read this article regarding preventing of identity theft.

This computer can still be cleaned, however, I cannot guarantee that it will be 100% safe even after disinfection.

Please read When Should I Format, How Should I Reinstall.

I will proceed assuming you wish to disinfect. If you want to do a reinstall, reply back saying so.

Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case LimeIwre and BitTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.

Run ComboFix with CFScript
Be sure to disable your protection like you did last round.

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:
    KILLALL::
    File::
    C:\WINDOWS\system32\YUR6.exe
    C:\WINDOWS\system32\YUR4.exe
    C:\WINDOWS\system32\YUR1.exe
    C:\WINDOWS\system32\YUR24C.exe
    C:\WINDOWS\system32\YUR24B.exe
    C:\WINDOWS\system32\YUR24E.exe
    C:\WINDOWS\system32\YUR24D.exe
    C:\WINDOWS\system32\YUR214.exe
    C:\WINDOWS\qkeftmxn.exe
    C:\WINDOWS\system32\mcunnoop.ini
    
    Folder::
    C:\Program Files\Rapid Antivirus
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "\YUR24D.exe"=-
    "\YUR24E.exe"=-
    "\YUR1.exe"=-
    "\YUR4.exe"=-
    "\YUR6.exe"=-
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "\YUR1.exe"=-
    "\YUR4.exe"=-
    "\YUR6.exe"=-
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Download and run MalwareBytes Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

You can refer to this page which has a visual of the instructions above.


Post back with:
-the ComboFix log
-the MalwareBytes log
-a new HijackThis log

With Regards,
The Panda

#7 spart

spart
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 16 October 2008 - 08:13 AM

I won't be able to get to this til later this evening. Probably around 10pm or so. I will do what you asked. I don't want to reformat
my computer if I don't have to.
I would like to try to clear this stuff out. For the time being I disconnected my computer from the internet. I will connect it later on and post
the logs. In the mean time I appreciate your help.

Spart

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:24 PM

Posted 16 October 2008 - 10:39 AM

Hello Spart.

Got it.

The Panda

#9 spart

spart
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 16 October 2008 - 01:08 PM

Panda,

Just curious. Should I be doing this stuff in safe mode? I've been doing it in normal mode.
Also I was wondering if I should just leave my desktop unplugged from the internet while doing all this.
I have a laptop setup next to my desktop so I can continue to get online during this.
I know I would need to be connected to the internet to upload and download stuff
but I could download the utilities on my laptop and bring it over to the desktop using
using a flash drive and when I have a copy of my logs from the desktop
copy it to the flashdrive and drop it on my laptop and upload it fro there.

I was wondering if being connected to the internet causes this malware get stronger or to download
stuff without me knowing it and installing it on my computer.

Just curious if this might be better.

Thanks

Spart

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:24 PM

Posted 16 October 2008 - 02:54 PM

Hello Spart.

Please complete the steps in Normal Mode unless specified.

Also I was wondering if I should just leave my desktop unplugged from the internet while doing all this.

That is a good idea. I definately would do this. However, you will need to reconnect to download updates and run any online scans.

Proceed with the above steps when ready.

With Regards,
The Panda

Edited by PropagandaPanda, 16 October 2008 - 02:54 PM.


#11 spart

spart
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 16 October 2008 - 02:57 PM

I take care of it tonight.

Spart

#12 spart

spart
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 16 October 2008 - 07:20 PM

Panda,
Here it is:

Combofix:

ComboFix 08-10-15.05 - Spartacus 2008-10-16 19:46:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2666 [GMT -4:00]
Running from: C:\Documents and Settings\Spartacus\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Spartacus\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\qkeftmxn.exe
C:\WINDOWS\system32\mcunnoop.ini
C:\WINDOWS\system32\YUR1.exe
C:\WINDOWS\system32\YUR214.exe
C:\WINDOWS\system32\YUR24B.exe
C:\WINDOWS\system32\YUR24C.exe
C:\WINDOWS\system32\YUR24D.exe
C:\WINDOWS\system32\YUR24E.exe
C:\WINDOWS\system32\YUR4.exe
C:\WINDOWS\system32\YUR6.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Rapid Antivirus
C:\Program Files\Rapid Antivirus\Buy.url
C:\Program Files\Rapid Antivirus\Help.url
C:\Program Files\Rapid Antivirus\HowToBuy.txt
C:\Program Files\Rapid Antivirus\ID.dat
C:\Program Files\Rapid Antivirus\License.txt
C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe
C:\Program Files\Rapid Antivirus\Uninstall.exe
C:\WINDOWS\qkeftmxn.exe
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\mcunnoop.ini
C:\WINDOWS\system32\YUR1.exe
C:\WINDOWS\system32\YUR214.exe
C:\WINDOWS\system32\YUR24B.exe
C:\WINDOWS\system32\YUR24C.exe
C:\WINDOWS\system32\YUR24D.exe
C:\WINDOWS\system32\YUR24E.exe
C:\WINDOWS\system32\YUR4.exe
C:\WINDOWS\system32\YUR6.exe

.
((((((((((((((((((((((((( Files Created from 2008-09-16 to 2008-10-16 )))))))))))))))))))))))))))))))
.

2008-10-16 03:02 . 2008-10-16 03:03 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-16 00:01 . 2008-08-14 06:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 00:01 . 2008-08-14 06:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 00:01 . 2008-08-14 05:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 00:01 . 2008-08-14 05:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 00:01 . 2008-09-15 08:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-16 00:01 . 2008-09-08 06:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 22:03 . 2008-10-15 22:03 <DIR> d-------- C:\Program Files\ERUNT
2008-10-10 18:04 . 2008-10-11 13:46 978 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-10 17:40 . 2008-10-10 10:36 74,752 --a------ C:\WINDOWS\system32\YUR48.exe
2008-10-09 16:24 . 2008-10-09 16:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-09 09:13 . 2008-10-10 19:31 <DIR> d-------- C:\Documents and Settings\Spartacus\Application Data\sp2
2008-10-07 20:18 . 2008-10-07 20:18 <DIR> d-------- C:\Program Files\iPod
2008-10-07 20:18 . 2008-10-07 20:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-03 00:12 . 2008-10-03 00:12 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-10-01 22:50 . 2008-10-01 22:50 0 --a----t- C:\WINDOWS\001701_.tmp
2008-10-01 21:46 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\001700_.tmp
2008-10-01 21:38 . 2004-08-03 18:59 49,558 --a------ C:\WINDOWS\system32\drivers\atapi.SY_
2008-10-01 19:43 . 2008-05-09 06:53 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll
2008-10-01 19:43 . 2008-05-09 06:53 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll
2008-10-01 19:43 . 2008-05-08 07:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe
2008-10-01 19:43 . 2008-05-09 04:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe
2008-10-01 19:43 . 2008-05-09 06:53 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll
2008-09-30 22:47 . 2008-05-07 01:12 1,288,192 -----c--- C:\WINDOWS\system32\dllcache\quartz.dll
2008-09-30 22:47 . 2008-04-11 15:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-30 22:47 . 2008-06-20 07:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-09-30 22:47 . 2008-07-07 16:26 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll
2008-09-30 22:47 . 2008-06-20 13:46 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-09-30 22:47 . 2008-06-20 07:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-09-30 22:47 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-30 22:47 . 2008-06-20 13:46 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-09-30 22:47 . 2008-08-14 06:04 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-09-30 22:47 . 2008-06-24 12:43 74,240 -----c--- C:\WINDOWS\system32\dllcache\mscms.dll
2008-09-30 22:37 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\001697_.tmp
2008-09-30 22:26 . 2008-09-30 22:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
2008-09-30 20:24 . 2008-10-05 20:44 1,905 --a------ C:\WINDOWS\diagwrn.xml
2008-09-30 20:24 . 2008-10-05 20:44 1,905 --a------ C:\WINDOWS\diagerr.xml
2008-09-27 21:22 . 2008-09-27 21:22 <DIR> d-------- C:\Program Files\Western Digital Technologies
2008-09-24 23:14 . 2008-09-24 23:14 <DIR> d-------- C:\WINDOWS\Performance
2008-09-24 23:14 . 2008-09-25 00:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-09-19 07:26 . 2008-09-19 07:26 1,697,280 --a------ C:\Documents and Settings\Spartacus\Application Data\WinEXPLOR.exe
2008-09-18 22:10 . 2008-09-19 07:27 246 --a------ C:\Documents and Settings\Spartacus\Application Data\shedl.bat
2008-09-18 22:09 . 2008-09-18 22:09 1,697,280 --a------ C:\Documents and Settings\Spartacus\Application Data\winexpl.exe
2008-09-16 22:08 . 2008-09-16 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-09-16 21:57 . 2008-09-16 21:58 <DIR> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 07:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-16 02:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-16 00:18 --------- d-----w C:\Documents and Settings\Spartacus\Application Data\WeatherBug
2008-10-11 03:47 --------- d-----w C:\Program Files\Enigma Software Group
2008-10-01 01:28 --------- d-----w C:\Documents and Settings\Spartacus\Application Data\LimeWire
2008-09-30 04:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-26 04:09 --------- d-----w C:\Documents and Settings\Spartacus\Application Data\uTorrent
2008-09-17 01:57 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-17 01:56 676,224 ----a-w C:\WINDOWS\system32\OGACheckControl.DLL
2008-09-17 01:53 --------- d-----w C:\Program Files\Bonjour
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-09 03:24 --------- d-----w C:\Documents and Settings\Spartacus\Application Data\DAEMON Tools
2008-09-09 01:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-29 14:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-22 01:29 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-19 02:08 --------- d-----w C:\Documents and Settings\Spartacus\Application Data\Vso
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2007-09-10 22:04 94,208 ----a-w C:\Documents and Settings\Spartacus\Application Data\ezplay.sys
2007-09-10 22:04 47,360 ----a-w C:\Documents and Settings\Spartacus\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((( snapshot@2008-10-15_22.32.31.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-14 10:09:26 2,145,280 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:33:16 2,066,048 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,023,936 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 10:11:02 2,189,184 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2005-10-20 16:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\AutoBackup\2008-10-15\ERDNT.EXE
+ 2008-10-16 02:22:12 13,836,288 ----a-w C:\WINDOWS\ERDNT\AutoBackup\2008-10-15\Users\00000001\NTUSER.DAT
+ 2008-10-16 02:22:13 204,800 ----a-w C:\WINDOWS\ERDNT\AutoBackup\2008-10-15\Users\00000002\UsrClass.dat
+ 2008-06-23 16:57:27 124,928 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 16:57:27 347,136 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 16:57:27 214,528 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 16:57:27 133,120 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 16:57:28 63,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 09:20:25 70,656 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 16:57:29 153,088 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 16:57:29 230,400 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 16:57:29 383,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 16:57:29 384,512 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 16:57:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 16:57:33 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 16:57:34 267,776 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 09:20:52 625,664 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 16:57:35 27,648 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 16:57:36 459,264 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 16:57:36 52,224 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-24 14:57:40 3,592,192 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 16:57:39 477,696 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 16:57:39 193,024 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msrating.dll
+ 2008-06-23 16:57:40 671,232 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 16:57:40 102,912 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 16:57:40 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:57:40 105,984 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 16:57:40 1,159,680 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 16:57:41 233,472 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 16:57:41 826,368 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll
- 2008-09-11 01:26:52 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-10-16 07:03:58 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-09-11 01:26:52 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-10-16 07:03:58 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-09-11 01:26:52 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-10-16 07:03:58 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-09-11 01:26:52 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-10-16 07:03:58 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-09-11 01:26:52 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-10-16 07:03:58 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-09-11 01:26:52 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-10-16 07:03:58 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-09-11 01:26:52 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-10-16 07:03:58 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-09-11 01:26:52 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-10-16 07:03:58 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-09-11 01:26:52 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-10-16 07:03:58 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-09-11 01:26:52 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-10-16 07:03:58 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-09-11 01:26:52 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-10-16 07:03:58 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-09-11 01:26:52 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-10-16 07:03:58 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-06-23 16:57:27 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-08-26 07:24:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-10-16 23:49:42 16,384 ----atw C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_2d8.dat
- 2008-06-23 16:57:27 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-08-26 07:24:28 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-06-23 16:57:27 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-06-23 16:57:27 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-06-23 16:57:27 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-08-26 07:24:28 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-06-23 16:57:28 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-08-26 07:24:28 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-06-23 09:20:25 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-06-23 16:57:29 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-06-23 16:57:29 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-06-21 05:23:54 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-08-23 05:54:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-06-23 16:57:29 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-06-23 16:57:29 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-06-23 16:57:33 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-06-23 16:57:33 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-08-26 07:24:29 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-06-23 16:57:34 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-08-26 07:24:29 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-06-23 09:20:52 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-08-23 05:56:15 635,848 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-06-23 16:57:35 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-06-23 16:57:36 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-06-23 16:57:36 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-06-24 14:57:40 3,592,192 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-08-27 17:54:32 3,593,216 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-06-23 16:57:39 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-06-23 16:57:39 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-08-26 07:24:30 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-06-23 16:57:40 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-08-26 07:24:30 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-06-23 16:57:40 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-08-26 07:24:30 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-06-23 16:57:40 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-06-23 16:57:40 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-08-26 07:24:30 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2008-06-23 16:57:40 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-06-23 16:57:41 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-08-26 07:24:31 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-06-23 16:57:41 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-08-26 07:24:31 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-08-14 10:04:36 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
- 2008-06-23 16:57:27 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-06-23 16:57:27 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-06-23 16:57:27 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-05-17 00:16:17 1,621,424 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-16 23:50:13 1,621,424 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-06-23 16:57:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-08-26 07:24:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-06-23 09:20:25 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-06-23 16:57:29 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-06-23 16:57:29 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-06-21 05:23:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-06-23 16:57:29 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-06-23 16:57:29 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-06-23 16:57:33 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-06-23 16:57:33 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-08-26 07:24:29 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-06-23 16:57:34 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-08-26 07:24:29 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-06-23 16:57:35 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-10-07 19:19:40 16,721,856 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-06-23 16:57:36 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-06-23 16:57:36 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-06-24 14:57:40 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-08-27 17:54:32 3,593,216 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-06-23 16:57:39 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-06-23 16:57:39 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-08-26 07:24:30 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-06-23 16:57:40 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-08-26 07:24:30 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-06-23 16:57:40 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-08-26 07:24:30 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-08-26 07:24:30 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-06-23 16:57:41 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-08-26 07:24:31 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2006-04-07 1343488]
"ODS Connector"="D:\Program Files\ODS Connector\ODSConnector.exe" [2003-02-07 316416]
"NoAds"="D:\Program Files\NoAds\NoAds.exe" [2007-04-28 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="D:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-10-07 125368]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-09-17 13574144]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-09-17 86016]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"nwiz"="nwiz.exe" [2008-09-17 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\Spartacus\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2007-04-27 12:10 18744 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= L3codecp.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"vidc.CDVC"= CDVCCODC.DLL
"VIDC.HFYU"= huffyuv.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.FFDS"= d:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\ICQLite\\ICQLite.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"D:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"D:\\Program Files\\uTorrent\\utorrent.exe"=
"D:\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe"=
"D:\\Program Files\\Symantec\\pcAnywhere\\Winaw32.exe"=
"D:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"D:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"D:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\battlegrounds_x1.exe"=
"D:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"C:\\WINDOWS\\system32\\drivers\\etc\\smss.exe"=
"D:\\Program Files\\Nero 8\\Nero ShowTime\\ShowTime.exe"=
"D:\\Program Files\\Sierra Entertainment\\Empire Earth III\\EE3.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"D:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4000:TCP"= 4000:TCP:*:Disabled:Bittorrent
"4001:TCP"= 4001:TCP:*:Disabled:Bittorrent
"4002:TCP"= 4002:TCP:*:Disabled:Bittorrent
"4003:TCP"= 4003:TCP:*:Disabled:Bittorrent
"4004:TCP"= 4004:TCP:*:Disabled:Bittorrent
"4005:TCP"= 4005:TCP:*:Disabled:Bittorrent
"50021:TCP"= 50021:TCP:*:Disabled:Bittorrent
"22:TCP"= 22:TCP:ssh

R2 copSSHD;Openssh SSHD;d:\Program Files\copSSH\bin\cygrunsrv.exe [2008-03-31 68096]
R3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys [2008-06-24 113896]
S3 WmaCDriverV32;WmaCDriverV32;C:\WINDOWS\system32\drivers\WmaCDriverV32.sys [2007-06-04 513152]
.
Contents of the 'Scheduled Tasks' folder

2008-10-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-16 C:\WINDOWS\Tasks\HP Usg Daily.job
- D:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2005-07-08 00:55]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-\YUR24D.exe - C:\Windows\system32\YUR24D.exe
HKCU-Run-\YUR24E.exe - C:\Windows\system32\YUR24E.exe
HKCU-Run-\YUR1.exe - C:\Windows\system32\YUR1.exe
HKCU-Run-\YUR4.exe - C:\Windows\system32\YUR4.exe
HKCU-Run-\YUR6.exe - C:\Windows\system32\YUR6.exe
HKLM-Run-\YUR1.exe - C:\Windows\system32\YUR1.exe
HKLM-Run-\YUR4.exe - C:\Windows\system32\YUR4.exe
HKLM-Run-\YUR6.exe - C:\Windows\system32\YUR6.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 19:51:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\copSSH\bin\sshd.exe
D:\Program Files\Nero 8\Nero BackItUp\NBService.exe
D:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\MRT.exe
.
**************************************************************************
.
Completion time: 2008-10-16 20:01:47 - machine was rebooted [Spartacus]
ComboFix-quarantined-files.txt 2008-10-17 00:01:43
ComboFix2.txt 2008-10-16 02:32:53

Pre-Run: 14,874,570,752 bytes free
Post-Run: 14,787,620,864 bytes free

450 --- E O F --- 2008-10-16 07:04:00


MBAM Log:

Malwarebytes' Anti-Malware 1.28
Database version: 1276
Windows 5.1.2600 Service Pack 3

10/16/2008 8:10:18 PM
mbam-log-2008-10-16 (20-10-18).txt

Scan type: Quick Scan
Objects scanned: 59728
Time elapsed: 2 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\olnmraew.bavm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\olnmraew.bmkg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\olnmraew.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\Rapid Antivirus (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\YUR48.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Rapid Antivirus\Purchase License.lnk (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Rapid Antivirus\Start Rapid Antivirus.lnk (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Rapid Antivirus\Support Page.lnk (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Rapid Antivirus\Uninstall.lnk (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Spartacus\Desktop\BEST BDSM PORN.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Spartacus\Desktop\GAY FETISH SEX.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Spartacus\Favorites\Malware Defender.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Spartacus\Favorites\Protect Your Privacy.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Spartacus\Favorites\System Error Fixer.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\etc\smss.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:16:37, on 10/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
d:\Program Files\copSSH\bin\cygrunsrv.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
d:\Program Files\copSSH\bin\sshd.exe
D:\Program Files\Nero 8\Nero BackItUp\NBService.exe
D:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
D:\Program Files\ODS Connector\ODSConnector.exe
D:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ODS Connector] "D:\Program Files\ODS Connector\ODSConnector.exe"
O4 - HKCU\..\Run: [NoAds] "D:\Program Files\NoAds\NoAds.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-515967899-1682526488-725345543-1031\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SvcCOPSSH')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - d:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - d:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - D:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Openssh SSHD (copSSHD) - Unknown owner - d:\Program Files\copSSH\bin\cygrunsrv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 11312 bytes

#13 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:24 PM

Posted 16 October 2008 - 07:29 PM

Hello Spart.

Looks much better :thumbsup: .

Weather Bug
You appear to have Weather Bug installed. The free version of Weather Bug is generally considered to be adware. As such, it is up to you whether you wish to remove it or leave it installed. The information here and here may help you decide. If you wish to uninstall this: First, right click the WeatherBug icon in the systray and disable it, then go to Add/Remove Programs and uninstall from there.

Update Java to Version 6 Update 7
Your current version of Java is outdated. Malware creators can exploit the lesser security of older versions. Please uninstall your current version through Add/Remove Programs. Remove all instances of Java, J2SE Runtime, Java Runtime, and Java Runtime Environment. Restart your computer after uninstalling.

Please then install the latest Java from this page. Follow the prompts and select the appropriate settings for your machine (most likely "Windows"). Click on the "Required File" jdk-6u7-windows-i586-p.exe to download the installer. Double click the installer to run. Delete the installer after use.

Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
This scanner will only scan. It does not remove any malware it finds.[/color]

Please post back with:
-the Kaspersky log
-a new HijackThis log
-a new ComboFix log (just double click it)

Any problems on your side?

With Regards,
The Panda

Edited by PropagandaPanda, 16 October 2008 - 07:31 PM.


#14 spart

spart
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 16 October 2008 - 09:38 PM

Panda,
I updated JAVA however Internet Explorer won't come up when I click on it. What do I do?

Does it matter that I updated from the JAVA website itself?

Edited by spart, 16 October 2008 - 09:41 PM.


#15 spart

spart
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 16 October 2008 - 09:47 PM

Actually one of my programs disabled it. I'll fix it in a minute.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users