Sorry it took so long to get back to this but one of the new problems I am experiencing is that my network connection for my comps keeps failing.I cannot figure out if it is the comps being infected with something that causes them to lose the connection with the router or if the router is conking out,it is only about 6 months old.Here is the combofix log.
ComboFix 08-08-04.01 - Jeff 2008-08-05 0:21:20.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2570 [GMT -5:00]
Running from: C:\Users\Jeff\Desktop\ComboFix.exe
Command switches used :: C:\Users\Jeff\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Jeff\AppData\Roaming\macromedia\Flash Player\#SharedObjects\PJRTG2BC\interclick.com
C:\Users\Jeff\AppData\Roaming\macromedia\Flash Player\#SharedObjects\PJRTG2BC\interclick.com\ud.sol
C:\Users\Jeff\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\Jeff\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
.
((((((((((((((((((((((((( Files Created from 2008-07-05 to 2008-08-05 )))))))))))))))))))))))))))))))
.
2008-08-01 13:38 . 2008-08-01 13:39 153,950 --a------ C:\Windows\System32\Upload_This_file.zip
2008-07-27 16:33 . 2008-07-27 16:33 <DIR> d-------- C:\Windows\nvtmpinst
2008-07-27 16:32 . 2008-06-11 14:48 188,960 --a------ C:\Windows\System32\nvapps.xml
2008-07-22 03:31 . 2008-07-22 03:31 <DIR> d-------- C:\Deckard
2008-07-22 02:22 . 2008-07-22 02:22 <DIR> d-------- C:\Users\Jeff\AppData\Roaming\Malwarebytes
2008-07-22 02:22 . 2008-07-22 02:22 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-07-22 02:22 . 2008-07-22 02:22 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-07-22 02:22 . 2008-07-22 02:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-22 02:22 . 2008-07-20 20:21 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-07-22 02:22 . 2008-07-20 20:21 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-16 00:01 . 2008-07-16 00:01 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-07-16 00:01 . 2008-07-16 00:01 <DIR> d-------- C:\ProgramData\Apple Computer
2008-07-16 00:01 . 2008-07-16 00:02 <DIR> d-------- C:\Program Files\QuickTime
2008-07-12 22:42 . 2008-06-25 20:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-12 22:42 . 2008-06-25 20:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-12 22:42 . 2008-06-25 22:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-08 15:29 . 2008-07-08 15:29 <DIR> d-------- C:\Windows\SQL9_KB948109_ENU
2008-07-08 13:42 . 2008-04-26 03:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-08 13:42 . 2008-04-11 22:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 08:06 --------- d-----w C:\ProgramData\Google Updater
2008-07-27 21:35 --------- d-----w C:\ProgramData\NVIDIA
2008-07-27 04:42 --------- d-----w C:\Program Files\Java
2008-07-15 11:06 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-13 03:45 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-08 20:29 --------- d-----w C:\Program Files\Windows Mail
2008-07-08 20:29 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-06-26 10:46 --------- d-----w C:\Program Files\Total Video Converter
2008-06-25 06:53 --------- d-----w C:\Program Files\DivX
2008-06-24 08:21 2,834 ----a-w C:\Users\Jeff\AppData\Roaming\SAS7_000.DAT
2008-06-19 08:42 --------- d-----w C:\Users\Jeff\AppData\Roaming\CyberLink
2008-06-19 07:18 --------- d-----w C:\Users\Jeff\AppData\Roaming\dvdcss
2008-06-15 22:05 --------- d-----w C:\ProgramData\Nero
2008-06-15 22:05 --------- d-----w C:\Program Files\Common Files\Nero
2008-06-15 21:58 --------- d-----w C:\Program Files\Common Files\Steam
2008-06-15 21:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-15 21:40 --------- d-----w C:\Program Files\Common Files\SnapStream
2008-06-15 21:40 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-06-15 09:28 --------- d-----w C:\Program Files\SiSoftware
2008-06-15 09:15 --------- d---a-w C:\ProgramData\TEMP
2008-06-14 08:56 --------- d-----w C:\Users\Jeff\AppData\Roaming\Move Networks
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-05-22 22:22 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-05-16 16:48 446,464 ----a-w C:\Windows\System32\nvuninst.exe
2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll
2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll
2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll
2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll
2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll
2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe
2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe
2008-03-26 13:08 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((( snapshot@2008-07-25_14.13.54.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-14 06:21:48 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-07-27 21:33:15 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-06-14 06:21:48 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-07-27 21:33:14 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-06-14 06:21:48 143,360 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-07-27 21:33:15 143,360 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-05-16 19:01:00 768,544 ----a-w C:\Windows\nvtmpinst\nvcplui.exe
+ 2008-05-16 19:01:00 313,888 ----a-w C:\Windows\nvtmpinst\nvexpbar.dll
- 2008-07-25 17:29:25 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-08-05 05:11:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-07-25 17:29:25 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-08-05 05:11:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-03-15 14:10:00 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-01 05:19:02 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-15 14:10:00 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-01 05:19:02 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-15 14:10:00 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-01 05:19:02 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-25 17:32:23 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-05 05:13:00 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-05 05:13:00 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-03-26 13:08:30 2,641,057 -c--a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2008-07-26 07:37:52 2,641,057 -c--a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
- 2008-07-25 17:59:37 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-05 05:12:55 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-05 05:12:55 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-07-25 17:44:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-04 18:04:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-25 17:44:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-04 18:04:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-25 17:44:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-04 18:04:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-25 17:40:05 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-08-05 05:21:15 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2007-12-19 01:55:00 8,238,720 ----a-w C:\Windows\System32\drivers\nvlddmkm.sys
+ 2008-05-16 19:01:00 7,465,312 ----a-w C:\Windows\System32\drivers\nvlddmkm.sys
+ 2008-05-16 19:01:00 795,104 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\dpinst.exe
+ 2008-05-16 19:01:00 442,368 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvapi.dll
+ 2008-05-16 19:01:00 114,688 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvcod.dll
+ 2008-05-16 19:01:00 154,144 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvcolor.exe
+ 2008-05-16 19:01:00 13,535,776 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvcpl.dll
+ 2008-05-16 19:01:00 768,544 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvcplui.exe
+ 2008-05-16 19:01:00 5,689,344 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvd3dum.dll
+ 2008-05-16 19:01:00 6,588,960 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvdisps.dll
+ 2008-05-16 19:01:00 313,888 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvexpbar.dll
+ 2008-05-16 19:01:00 3,398,176 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvgames.dll
+ 2008-05-16 19:01:00 7,465,312 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvlddmkm.sys
+ 2008-05-16 19:01:00 236,064 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvmccs.dll
+ 2008-05-16 19:01:00 45,056 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvmccsrs.dll
+ 2008-05-16 19:01:00 195,104 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvmccss.dll
+ 2008-05-16 19:01:00 92,704 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvmctray.dll
+ 2008-05-16 19:01:00 1,264,160 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvmobls.dll
+ 2008-05-16 19:01:00 9,039,872 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvoglv32.dll
+ 2008-05-16 19:01:00 526,880 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvsvc.dll
+ 2008-05-16 19:01:00 446,464 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvudisp.exe
+ 2008-05-16 19:01:00 3,783,200 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvvitvs.dll
+ 2008-05-16 19:01:00 118,784 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvvsvc.exe
+ 2008-05-16 19:01:00 2,360,832 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvwgf2um.dll
+ 2008-05-16 19:01:00 2,636,320 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvwss.dll
- 2008-02-22 06:23:35 135,168 ----a-w C:\Windows\System32\java.exe
+ 2008-06-10 06:21:01 135,168 ----a-w C:\Windows\System32\java.exe
- 2008-02-22 06:23:39 135,168 ----a-w C:\Windows\System32\javaw.exe
+ 2008-06-10 06:21:04 135,168 ----a-w C:\Windows\System32\javaw.exe
- 2008-02-22 07:33:32 139,264 ----a-w C:\Windows\System32\javaws.exe
+ 2008-06-10 07:32:34 139,264 ----a-w C:\Windows\System32\javaws.exe
+ 2008-03-25 02:32:44 218,496 ----a-r C:\Windows\System32\Macromed\Flash\FlashUtil9f.exe
- 2007-12-31 09:27:45 74,649 ----a-w C:\Windows\System32\Macromed\Flash\uninstall_activeX.exe
+ 2008-07-30 07:20:45 74,137 ----a-w C:\Windows\System32\Macromed\Flash\uninstall_activeX.exe
- 2008-01-19 07:34:49 35,328 ----a-w C:\Windows\System32\mimefilt.dll
+ 2008-05-27 05:18:32 40,448 ----a-w C:\Windows\System32\mimefilt.dll
- 2008-01-19 07:35:13 248,832 ----a-w C:\Windows\System32\msshsq.dll
+ 2008-05-27 05:18:32 231,936 ----a-w C:\Windows\System32\msshsq.dll
- 2008-01-19 07:35:13 333,824 ----a-w C:\Windows\System32\mssph.dll
+ 2008-05-27 05:18:25 350,208 ----a-w C:\Windows\System32\mssph.dll
- 2008-01-19 07:35:13 167,936 ----a-w C:\Windows\System32\mssphtb.dll
+ 2008-05-27 05:18:55 203,776 ----a-w C:\Windows\System32\mssphtb.dll
- 2008-01-19 07:35:13 52,224 ----a-w C:\Windows\System32\msstrc.dll
+ 2008-05-27 05:18:40 44,032 ----a-w C:\Windows\System32\msstrc.dll
- 2008-01-19 07:35:13 1,696,768 ----a-w C:\Windows\System32\mssvp.dll
+ 2008-05-27 05:18:56 670,208 ----a-w C:\Windows\System32\mssvp.dll
- 2008-01-19 07:35:38 122,368 ----a-w C:\Windows\System32\nlhtml.dll
+ 2008-05-27 05:18:30 136,704 ----a-w C:\Windows\System32\nlhtml.dll
- 2007-12-19 01:55:00 385,024 ----a-w C:\Windows\System32\nvapi.dll
+ 2008-05-16 19:01:00 442,368 ----a-w C:\Windows\System32\nvapi.dll
- 2007-12-19 01:55:00 35,328 ----a-w C:\Windows\System32\nvcod.dll
+ 2008-05-16 19:01:00 114,688 ----a-w C:\Windows\System32\nvcod.dll
+ 2008-05-16 19:01:00 114,688 ----a-w C:\Windows\System32\nvcod130.dll
+ 2008-05-16 19:01:00 114,688 ----a-w C:\Windows\System32\nvcodh.dll
+ 2008-05-16 19:01:00 114,688 ----a-w C:\Windows\System32\nvcodhins.dll
- 2007-12-19 01:55:00 147,456 ----a-w C:\Windows\System32\nvcolor.exe
+ 2008-05-16 19:01:00 154,144 ----a-w C:\Windows\System32\nvcolor.exe
- 2007-12-19 01:55:00 8,530,464 ----a-w C:\Windows\System32\nvcpl.dll
+ 2008-05-16 19:01:00 13,535,776 ----a-w C:\Windows\System32\nvcpl.dll
- 2007-12-19 01:55:00 753,664 ----a-w C:\Windows\System32\nvcplui.exe
+ 2008-05-16 19:01:00 768,544 ----a-w C:\Windows\System32\nvcplui.exe
- 2007-12-19 01:55:00 5,263,360 ----a-w C:\Windows\System32\nvd3dum.dll
+ 2008-05-16 19:01:00 5,689,344 ----a-w C:\Windows\System32\nvd3dum.dll
- 2007-12-19 01:55:00 6,549,504 ----a-w C:\Windows\System32\nvdisps.dll
+ 2008-05-16 19:01:00 6,588,960 ----a-w C:\Windows\System32\nvdisps.dll
- 2007-12-19 01:55:00 307,200 ----a-w C:\Windows\System32\nvexpbar.dll
+ 2008-05-16 19:01:00 313,888 ----a-w C:\Windows\System32\nvexpbar.dll
- 2007-12-19 01:55:00 3,420,160 ----a-w C:\Windows\System32\nvgames.dll
+ 2008-05-16 19:01:00 3,398,176 ----a-w C:\Windows\System32\nvgames.dll
- 2007-12-19 01:55:00 229,376 ----a-w C:\Windows\System32\nvmccs.dll
+ 2008-05-16 19:01:00 236,064 ----a-w C:\Windows\System32\nvmccs.dll
- 2007-12-19 01:55:00 45,056 ----a-w C:\Windows\System32\nvmccsrs.dll
+ 2008-05-16 19:01:00 45,056 ----a-w C:\Windows\System32\nvmccsrs.dll
- 2007-12-19 01:55:00 188,416 ----a-w C:\Windows\System32\nvmccss.dll
+ 2008-05-16 19:01:00 195,104 ----a-w C:\Windows\System32\nvmccss.dll
- 2007-12-19 01:55:00 81,920 ----a-w C:\Windows\System32\nvmctray.dll
+ 2008-05-16 19:01:00 92,704 ----a-w C:\Windows\System32\nvmctray.dll
- 2007-12-19 01:55:00 1,228,800 ----a-w C:\Windows\System32\nvmobls.dll
+ 2008-05-16 19:01:00 1,264,160 ----a-w C:\Windows\System32\nvmobls.dll
- 2007-12-19 01:55:00 7,098,368 ----a-w C:\Windows\System32\nvoglv32.dll
+ 2008-05-16 19:01:00 9,039,872 ----a-w C:\Windows\System32\nvoglv32.dll
- 2007-12-19 01:55:00 86,016 ----a-w C:\Windows\System32\nvsvc.dll
+ 2008-05-16 19:01:00 526,880 ----a-w C:\Windows\System32\nvsvc.dll
- 2007-12-19 01:55:00 356,352 ----a-w C:\Windows\System32\nvudisp.exe
+ 2008-05-16 19:01:00 446,464 ----a-w C:\Windows\System32\nvudisp.exe
- 2007-12-19 01:55:00 3,710,976 ----a-w C:\Windows\System32\nvvitvs.dll
+ 2008-05-16 19:01:00 3,783,200 ----a-w C:\Windows\System32\nvvitvs.dll
+ 2008-05-16 19:01:00 118,784 ----a-w C:\Windows\System32\nvvsvc.exe
- 2007-12-19 01:55:00 1,830,912 ----a-w C:\Windows\System32\nvwgf2um.dll
+ 2008-05-16 19:01:00 2,360,832 ----a-w C:\Windows\System32\nvwgf2um.dll
- 2007-12-19 01:55:00 2,498,560 ----a-w C:\Windows\System32\nvwss.dll
+ 2008-05-16 19:01:00 2,636,320 ----a-w C:\Windows\System32\nvwss.dll
- 2008-01-19 07:36:11 65,536 ----a-w C:\Windows\System32\propdefs.dll
+ 2008-05-27 05:18:06 71,680 ----a-w C:\Windows\System32\propdefs.dll
- 2008-01-19 07:36:17 26,624 ----a-w C:\Windows\System32\rtffilt.dll
+ 2008-05-27 05:18:30 38,400 ----a-w C:\Windows\System32\rtffilt.dll
- 2008-01-19 07:33:28 302,080 ----a-w C:\Windows\System32\SearchIndexer.exe
+ 2008-05-27 05:18:43 439,808 ----a-w C:\Windows\System32\SearchIndexer.exe
- 2008-01-19 07:33:28 179,200 ----a-w C:\Windows\System32\SearchProtocolHost.exe
+ 2008-05-27 05:18:16 184,832 ----a-w C:\Windows\System32\SearchProtocolHost.exe
- 2008-07-13 03:47:31 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
+ 2008-07-26 09:09:17 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
- 2008-07-25 17:33:18 16,930 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-969393467-3198209037-4009577033-1000_UserData.bin
+ 2008-08-05 05:13:28 17,276 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-969393467-3198209037-4009577033-1000_UserData.bin
- 2008-07-25 17:33:17 77,902 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-05 05:13:28 79,202 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-25 17:33:14 89,194 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-05 05:13:27 90,450 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-01-19 07:37:11 27,136 ----a-w C:\Windows\System32\wsepno.dll
+ 2008-05-27 05:18:35 29,184 ----a-w C:\Windows\System32\wsepno.dll
- 2008-01-19 07:37:12 110,592 ----a-w C:\Windows\System32\xmlfilter.dll
+ 2008-05-27 05:18:32 56,320 ----a-w C:\Windows\System32\xmlfilter.dll
- 2008-07-13 03:40:52 550,023 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-07-26 07:34:40 2,720,435 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-05-27 05:17:28 301,568 ----a-w C:\Windows\winsxs\x86_desktop_shell-search-srchadmin_31bf3856ad364e35_7.0.6001.16503_none_13fcab3737a334c2\srchadmin.dll
+ 2008-05-27 05:18:30 136,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-content-filter-html_31bf3856ad364e35_7.0.6001.16503_none_13ff1de93d266b97\nlhtml.dll
+ 2008-05-27 05:18:32 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-content-filter-html_31bf3856ad364e35_7.0.6001.16503_none_13ff1de93d266b97\xmlfilter.dll
+ 2008-05-27 05:18:32 40,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-content-filter-mime_31bf3856ad364e35_7.0.6001.16503_none_10a358dd3f57c0de\mimefilt.dll
+ 2008-05-27 05:17:23 194,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-content-filter-office_31bf3856ad364e35_7.0.6001.16503_none_fab3f42bbfadf408\offfilt.dll
+ 2008-05-27 05:18:30 38,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-content-filter-rtf_31bf3856ad364e35_7.0.6001.16503_none_485964bf76e0570a\rtffilt.dll
+ 2008-05-27 05:17:46 754,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-propsys_31bf3856ad364e35_7.0.6001.16503_none_f3d11aeeb9526bbb\propsys.dll
+ 2008-05-27 05:18:35 29,184 ----a-w C:\Windows\winsxs\x86_microsoft-windows-search-profilenotify_31bf3856ad364e35_7.0.6001.16503_none_d86cd72c8d3c237e\wsepno.dll
+ 2008-05-27 05:17:16 6,103,040 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..-chinesetraditional_31bf3856ad364e35_7.0.6001.16503_none_df2000cce0d8c017\chtbrkr.dll
+ 2008-05-27 05:17:16 313,344 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..breakerstemmer-thai_31bf3856ad364e35_7.0.6001.16503_none_d40428cfc6b6fdf9\thawbrkr.dll
+ 2008-05-27 05:17:16 143,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..eakerstemmer-korean_31bf3856ad364e35_7.0.6001.16503_none_14072d09797cf93d\korwbrkr.dll
+ 2008-05-27 05:17:13 1,671,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..r-chinesesimplified_31bf3856ad364e35_7.0.6001.16503_none_4cbdb704b61543d2\chsbrkr.dll
+ 2008-05-27 05:18:43 13,824 ----a-w C:\Windows\winsxs\x86_windowssearch-wtrservicingsupport_31bf3856ad364e35_7.0.6001.16503_none_163fe74a2171e12e\WSWTRSvc.exe
+ 2008-05-27 05:18:32 231,936 ----a-w C:\Windows\winsxs\x86_windowssearchengine-structuredquery_31bf3856ad364e35_7.0.6001.16503_none_98586419f9103903\msshsq.dll
+ 2008-05-27 04:59:39 106,605 ----a-w C:\Windows\winsxs\x86_windowssearchengine..uredqueryschema.bin_31bf3856ad364e35_7.0.6001.16503_none_88f88929e3c77aa3\StructuredQuerySchema.bin
+ 2008-05-27 04:59:40 18,904 ----a-w C:\Windows\winsxs\x86_windowssearchengine..uredqueryschema.bin_31bf3856ad364e35_7.0.6001.16503_none_88f88929e3c77aa3\StructuredQuerySchemaTrivial.bin
+ 2008-05-27 05:17:42 34,816 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\msscb.dll
+ 2008-05-27 05:17:25 60,416 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\msscntrs.dll
+ 2008-05-27 05:17:36 11,776 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\msshooks.dll
+ 2008-05-27 05:17:25 87,552 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssitlb.dll
+ 2008-05-27 05:18:25 350,208 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssph.dll
+ 2008-05-27 05:18:55 203,776 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssphtb.dll
+ 2008-05-27 05:17:26 32,768 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssprxy.dll
+ 2008-05-27 05:21:24 1,418,240 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssrch.dll
+ 2008-05-27 05:18:40 44,032 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\msstrc.dll
+ 2008-05-27 05:18:56 670,208 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssvp.dll
+ 2008-05-27 05:18:06 71,680 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\propdefs.dll
+ 2008-05-27 05:17:55 87,552 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\SearchFilterHost.exe
+ 2008-05-27 05:18:43 439,808 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\SearchIndexer.exe
+ 2008-05-27 05:18:16 184,832 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\SearchProtocolHost.exe
+ 2008-05-27 05:21:07 1,582,592 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\tquery.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 02:33 125952]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 19:16 454784]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 02:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"auditadmin"="C:\windows\options\auditadmin.cmd" [2007-04-05 19:58 476]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 18:04 2348584]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-01 08:08 949376]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2008-01-19 02:33 227840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 14:01 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 14:01 92704]
"PhiBtn"="C:\Windows\System32\Drivers\PhiBtn.exe" [BU]
"TrayMin900"="C:\Windows\System32\Drivers\Tray900.exe" [BU]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 16:46 4349952 C:\Windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\Windows\KHALMNPR.Exe]
C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-25 19:56:27 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-29 23:31:09 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"VIDC.NSVI"= NSVIDEO.DLL
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\Windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
--a------ 2007-03-19 10:20 259624 C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 12:16 42032 C:\Program Files\Common Files\aol\1199568448\ee\aolsoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-12-10 22:52 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPPDetect]
--a------ 2004-03-16 14:49 40960 C:\Program Files\NewSoft\Presto! VideoWorks 6\IPP4Detect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-06 19:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
--a------ 2007-10-22 12:52 75584 C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-10-25 10:03 210472 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-15 12:52 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"= C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D9016ED6-7E6A-4733-9451-4B947E3B4DBE}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B849EBEF-F8BF-47D5-AE84-FFDF2619C5E3}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5DF82768-3AD3-42C3-890B-67FFB6087F6F}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe:Beyond TV Registration Service
"{8D45B4C1-774C-44AB-99F5-03FCBCB867D1}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe:Beyond TV Registration Service
"{777120E9-BB54-458B-82AB-841A3EB7FB7D}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe:Beyond TV Library Service
"{9B099D0E-B636-47C0-9E0D-95CF0469060F}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe:Beyond TV Library Service
"{8023A7CE-BB5D-4536-90CF-8EF6B8C8B41D}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe:Beyond TV Network Service
"{5BBF1454-DDB2-4DFD-97D1-4A7ADB187C2C}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe:Beyond TV Network Service
"{CF2228F7-FF8C-4EA0-AC79-05EDC8493784}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe:Beyond TV Recording Engine
"{915A84C2-0551-4E71-80D7-1FCB0ECE91D5}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe:Beyond TV Recording Engine
"{E8D2CCF1-0928-4037-9751-46C22A32EADC}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe:Beyond TV Guide Data Loader
"{226F141E-F1D1-4575-885B-BF478BB4DB80}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe:Beyond TV Guide Data Loader
"{AA4C1154-3C8B-4603-9B65-4862763BAC67}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe:Beyond TV Settings Service
"{8DB49E7C-5F22-459F-A177-22A8088BF304}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe:Beyond TV Settings Service
"{2DC4135F-AD50-46C4-B41F-17C3DD747C51}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe:Beyond TV Task Manager Service
"{3119FF8A-2B25-48C0-85A9-087FDEE547C8}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe:Beyond TV Task Manager Service
"{4B9FFAEE-C62F-4542-909B-14B85AD48E04}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe:Beyond TV ViewScape
"{D707EE12-5C6C-440E-AA88-00FBF416BAC8}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe:Beyond TV ViewScape
"{3DE595B0-F6A2-4C9E-9DAD-21A657341822}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe:Beyond TV Setup Wizard
"{189DF32D-B5C3-45CD-9817-EFB04270C016}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe:Beyond TV Setup Wizard
"TCP Query User{CBD6BDBD-44BB-4F7A-94A7-75BF7385F2C0}C:\\program files\\world of warcraft\\wow-2.2.0-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{F11CE85A-96BE-4CD1-9683-B3690EB1F28A}C:\\program files\\world of warcraft\\wow-2.2.0-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.0-enus-downloader.exe:Blizzard Downloader
"TCP Query User{AB74DB35-565A-44BA-A990-ED7C09A86A82}C:\\program files\\world of warcraft\\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe:Blizzard Downloader
"UDP Query User{6D98AC01-E756-487C-ADF5-92620DF73489}C:\\program files\\world of warcraft\\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe:Blizzard Downloader
"TCP Query User{042043E3-3F1F-4490-8F0E-710AA396C1C1}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{FC47FCBA-3798-4052-A345-1B6B4ED62570}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{8A752FFF-F0CE-40A5-B9FB-B75E694BD64C}C:\\program files\\world of warcraft\\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe:Blizzard Downloader
"UDP Query User{761E2616-B5B5-4991-851A-D0A16F2A2AF7}C:\\program files\\world of warcraft\\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe:Blizzard Downloader
"{3F8DBF73-452C-495E-A32B-6A37B8D379A0}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{F4084399-4C7C-4A6A-A50A-8ED8C53221CA}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{46C0492C-5087-4B5F-960C-72AE499A60E0}"= UDP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"{0FA74659-9970-4A6A-9FB2-4FE12FDC6E6C}"= TCP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"TCP Query User{739789E4-4AD8-44C8-B313-B6556C16A9A2}C:\\program files\\shades of truth\\underlight.exe"= UDP:C:\program files\shades of truth\underlight.exe:P-Lyra
"UDP Query User{D966E2C2-018E-45FB-B2A4-BF88FF9C8893}C:\\program files\\shades of truth\\underlight.exe"= TCP:C:\program files\shades of truth\underlight.exe:P-Lyra
"TCP Query User{5838DC9E-F0EF-4EB5-812A-C28A73F7985D}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{7C563B76-CBC8-4272-B9DD-44770B56244F}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{F5DFC06C-43B6-467A-83C8-13101C202104}C:\\users\\jeff\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\jeff\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{3DDB5C3A-CF7D-4BFF-8E2B-1F4B1B3323F6}C:\\users\\jeff\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\jeff\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{A396B86C-019C-4DBF-894D-5256C36D0794}C:\\program files\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe:Blizzard Downloader
"UDP Query User{B40BE65D-8913-43CD-9905-F97E444E43B1}C:\\program files\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe:Blizzard Downloader
"TCP Query User{B40F5858-707B-457C-83C8-D7C3358C336C}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{99A8B560-063C-4731-9551-81DBEFA6C07C}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{464184D5-4886-4399-A83E-23F4407D173B}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{8F34C19E-081E-4538-9A27-48140C769DE2}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{001796E6-5BC5-4BEB-9671-C71B89C9ECCE}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{F40C2A12-3865-412C-968D-FD3F618CCB2F}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{1C7BD611-8ECA-422F-A7BC-1BB70E0A68CA}"= UDP:C:\Program Files\AOL 9.0a\waol.exe:AOL
"{0023D449-D9B6-4252-8F38-F24A5468D9B7}"= TCP:C:\Program Files\AOL 9.0a\waol.exe:AOL
"{ABFF9636-F8E3-4E20-A498-0D888A77D5E5}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{5E11565F-D08D-464D-878C-01B905986E1F}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{1A34A367-E1F2-4F14-898F-47A17B189F40}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{C1E987EA-6BFF-48A5-8F33-01EF09DE182F}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{36E84982-0C4C-47BE-BC5C-369FBCD22943}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{E5928EC5-59F7-431C-B004-93C786DED980}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{3F128E8C-76C1-4777-848D-9E04B629D438}"= UDP:C:\Program Files\AOL 9.0b\waol.exe:AOL
"{1DF66FF6-541C-45B8-B808-7C07F750E258}"= TCP:C:\Program Files\AOL 9.0b\waol.exe:AOL
"{BC2C87A8-DD05-49CF-9F96-B4E5E33256BA}"= UDP:C:\Program Files\Common Files\aol\1199566442\ee\aolsoftware.exe:AOL Shared Components
"{D0E8E484-E01A-4E3E-85F8-ADC9B6B0336B}"= TCP:C:\Program Files\Common Files\aol\1199566442\ee\aolsoftware.exe:AOL Shared Components
"{38198640-A2AD-464B-AB44-BF0AEC0BFC9C}"= UDP:C:\Program Files\Common Files\aol\1199568448\ee\aolsoftware.exe:AOL Shared Components
"{D2C1036C-8765-4195-9A38-151AA42CD2AD}"= TCP:C:\Program Files\Common Files\aol\1199568448\ee\aolsoftware.exe:AOL Shared Components
"{51A3F9F5-26F1-4D38-838E-A999A224829E}"= UDP:C:\Program Files\AOL 9.1\waol.exe:AOL
"{04766688-1A24-4B23-896E-A93221CFDFC2}"= TCP:C:\Program Files\AOL 9.1\waol.exe:AOL
"TCP Query User{DCF7E62A-8574-497E-A898-94B59FABD5FD}C:\\users\\jeff\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\jeff\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{1A545066-588A-4FBB-AFCE-40F3FBA3446D}C:\\users\\jeff\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\jeff\program files\utorrent\utorrent.exe:utorrent.exe
"{CD3A12C0-0983-48E0-AA1E-08DF6A173C03}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{26886B81-95CD-4DA6-B7C2-78DE0DC64DFA}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{204CDFC4-4328-4276-92CB-DEDDB5D6683C}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A7B5323B-EB80-490C-80BE-04BD997B06EA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C14AAE9C-412E-4A50-9F59-443D121A32E9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C34DE1C0-2859-4C47-B693-2148EA0D623A}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{826F8499-49EF-401C-9BD3-A5E0DB4B9C97}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"{2D9BCDD3-7344-4CBA-9DD2-82D85F1ECA06}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{65DCB432-5C13-4D87-949C-654E878BB3BE}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B83BF5C1-E82C-4E6C-BCF4-83FB91341630}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{E578A938-E364-4870-B631-140D4E426A67}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{D6CDD40E-72D7-4372-8E49-B6FA399EA6E2}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{BED51DCB-521F-4BB4-8435-52F7ABD59C11}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{B3411FE4-D09C-42F7-847E-090677D38247}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{1B470EA0-99DD-4D2C-805B-BF280980CC94}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{A0C410C7-F5C2-45E4-B792-2F4ADA510A73}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{F6D479C4-1A04-4127-A60A-022A838EA18C}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"{8842ED0A-4911-4742-9720-6A76C3D5FB6E}"= UDP:C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"{B9886591-77E7-4E58-A306-F34CD7A25843}"= TCP:C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"TCP Query User{EE57C978-7A91-4CEB-98CA-BA09181F9C42}C:\\users\\jeff\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= UDP:C:\users\jeff\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"UDP Query User{4158E73A-0103-4098-85C5-8FB6F5837274}C:\\users\\jeff\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= TCP:C:\users\jeff\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"TCP Query User{DEE29D52-2C70-4724-BE77-522247FCD489}C:\\program files\\oovoo\\oovoo.exe"= UDP:C:\program files\oovoo\oovoo.exe:ooVoo
"UDP Query User{B7761C7F-717B-41F7-BF9B-060B9233CCB9}C:\\program files\\oovoo\\oovoo.exe"= TCP:C:\program files\oovoo\oovoo.exe:ooVoo
"{4888903E-B6B1-40E5-95D3-A68F99D3ACAB}"= Disabled:UDP:443:ooVoo TCP port 443
"{8F1132E3-1BA4-4659-B17B-7F7979094AC0}"= Disabled:TCP:443:ooVoo UDP port 443
"{16455A28-1DDB-4F19-AF78-9166A4EC843B}"= Disabled:UDP:37674:ooVoo TCP port 37674
"{1C937F7F-7A08-4C76-82AD-3EEE697C6362}"= Disabled:TCP:37674:ooVoo UDP port 37674
"{C165B523-4A89-48A1-820E-EA752A37D4EA}"= Disabled:TCP:37675:ooVoo UDP port 37675
"{66E86256-E406-4D8B-A412-DAD1FC3F63D2}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVNotifierService.exe:TV Notifier Service
"{E8FB135C-D536-4CD8-B219-5E9BF7A0C8C2}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVNotifierService.exe:TV Notifier Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"= C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 18:23]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 16:38]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);C:\Windows\system32\DRIVERS\xcbda.sys [2006-11-30 22:39]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 10:51]
S2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 18:50]
S3 camdrv41;Philips SPC 900NC PC Camera;C:\Windows\system32\DRIVERS\camdrv41.sys [2007-05-04 09:45]
S3 mr97310c;CIF Dual-Mode Camera;C:\Windows\system32\DRIVERS\mr97310c.sys [2005-04-11 15:26]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 02:30]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-05 00:46:04
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-05 0:59:55
ComboFix-quarantined-files.txt 2008-08-05 05:58:59
ComboFix2.txt 2008-07-25 19:50:18
Pre-Run: 309,135,859,712 bytes free
Post-Run: 309,544,534,016 bytes free
481 --- E O F --- 2008-08-02 04:40:46
Here is the Pandascan log.
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-05 02:34:28
PROTECTIONS: 1
MALWARE: 43
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.3806.0 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@trafficmp[1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@trafficmp[2].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@casalemedia[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@tradedoubler[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@tradedoubler[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@mediaplex[2].txt
00147806 Cookie/7search TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@7search[2].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@clickbank[1].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@ccbill[2].txt
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@findwhat[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@yadro[2].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@yadro[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@xiti[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.azjmp.com/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@azjmp[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@statcounter[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@perf.overture[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@burstnet[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@bs.serving-sys[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@www.burstbeacon[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@adtech[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@server.iad.liveperson[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.advertising.com/]
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@media.adrevolver[1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@media.adrevolver[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@statse.webtrendslive[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[statse.webtrendslive.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@ads.pointroll[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@ads.pointroll[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@realmedia[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@realmedia[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.zedo.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@adrevolver[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@adrevolver[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.adrevolver.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@target[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@target[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@atwola[1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@ads.addynamix[1].txt
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@enhance[2].txt
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@enhance[2].txt
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.adserver.easyad.info/]
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@adserver.easyad[1].txt
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@adserver.easyad[1].txt
03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\Program Files\ESET\infected\FC33OIDA.NQF
03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\Program Files\ESET\infected\IHL5OLAA.NQF
;===================================================================================================================================================================================
SUSPECTS
Sent Location ���`�r
s5
;===================================================================================================================================================================================
No C:\Deckard\System Scanner\20080722033348\backup\Users\Jeff\AppData\Local\Temp\aax4FA3.tmp.exe[²ÇÇ\y_toolbar.exe][²èÇ]
No C:\Users\Jeff\Desktop\ComboFix.exe ���`�r
s5
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description ���`�r
s5
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Here is a new HJT log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:48, on 2008-08-05
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.smunet.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [auditadmin] C:\windows\options\auditadmin.cmd
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PhiBtn] C:\Windows\System32\Drivers\PhiBtn.exe
O4 - HKLM\..\Run: [TrayMin900] C:\Windows\System32\Drivers\Tray900.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -
http://www.srtest.com/srl_bin/sysreqlab3.cabO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoftware.com/activescan ... stubie.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resourc ... oscan8.cabO16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) -
http://chat.yahoo.com/cab/yuplapp.cabO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8939 bytes