Hi DFW,
Back again. I've carried out your instructions and the logs are posted below. One worrying thing though... while I was running HJT the last time Norton processed some threats and detected a Vundo Trojan in 8 Processes, 14 files 1 Service and 122 Registry Entries. this is looking like an insidious little b@stard...
ComboFix 08-09-30.03 - Mike 2008-10-01 21:42:16.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1268 [GMT 10:00]
Running from: C:\Users\Mike\Desktop\ComboFix.exe
Command switches used :: C:\Users\Mike\Desktop\CFScript.txt
FILE ::
C:\Windows\System32\acftvfaf.dll
C:\Windows\System32\aqabngam.dll
C:\Windows\System32\cgxlmdvu.dll
C:\Windows\System32\cpyfymta.dll
C:\Windows\System32\drivers\aswMonFlt.sys
C:\Windows\System32\jusnepbi.dll
C:\Windows\System32\tphlnrds.ini
C:\Windows\System32\tphlnrds.ini2
C:\Windows\System32\tphlnrds.tmp
C:\Windows\System32\ypmnrmdu.dll
C:\Windows\System32\yuppbekp.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Alwil Software
C:\Program Files\Alwil Software\Avast4\Setup\setup.ini
C:\Program Files\Azureus
C:\Program Files\Azureus\bin-5037\Living.Mobile.Bomberman.Reloaded.240x320.v1.0.0.S60v3.J2ME.Retail-BiNPDA.jar
C:\Program Files\Azureus\hs_err_pid2948.log
C:\Program Files\Azureus\plugins\azemp\azemp_1.9.0.jar
C:\Program Files\Azureus\plugins\azemp\azemp_1.9.0.zip
C:\Program Files\Azureus\plugins\azemp\azemp_1.9.11.jar
C:\Program Files\Azureus\plugins\azemp\azemp_1.9.11.zip
C:\Program Files\Azureus\plugins\azemp\azemp_1.9.6.jar
C:\Program Files\Azureus\plugins\azemp\azemp_1.9.6.zip
C:\Program Files\Azureus\plugins\azemp\azemp_2.0.11.jar
C:\Program Files\Azureus\plugins\azemp\azemp_2.0.11.zip
C:\Program Files\Azureus\plugins\azemp\azemp_2.0.14.jar
C:\Program Files\Azureus\plugins\azemp\azemp_2.0.14.zip
C:\Program Files\Azureus\plugins\azemp\azemp_2.0.16.jar
C:\Program Files\Azureus\plugins\azemp\azemp_2.0.16.zip
C:\Program Files\Azureus\plugins\azemp\azmplay.exe.bak
C:\Program Files\Azureus\plugins\azemp\cp1250-a.raw.bak
C:\Program Files\Azureus\plugins\azemp\cp1250-b.raw.bak
C:\Program Files\Azureus\plugins\azemp\font.desc.bak
C:\Program Files\Azureus\plugins\azemp\libInfoGetter.dll
C:\Program Files\Azureus\plugins\azemp\mplayer\config
C:\Program Files\Azureus\plugins\azemp\osd-mplayer-a.raw.bak
C:\Program Files\Azureus\plugins\azemp\osd-mplayer-b.raw.bak
C:\Program Files\Azureus\plugins\azemp\plugin.properties_1.9.0
C:\Program Files\Azureus\plugins\azemp\plugin.properties_1.9.11
C:\Program Files\Azureus\plugins\azemp\plugin.properties_1.9.6
C:\Program Files\Azureus\plugins\azemp\plugin.properties_2.0.11
C:\Program Files\Azureus\plugins\azemp\plugin.properties_2.0.14
C:\Program Files\Azureus\plugins\azemp\plugin.properties_2.0.16
C:\Program Files\Azureus\plugins\azupdater\azupdater_1.8.8.zip
C:\Program Files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.8.jar
C:\Program Files\Azureus\plugins\azupdater\plugin.properties_1.8.8
C:\Program Files\Azureus\plugins\azupdater\Updater.jar.bak
C:\Program Files\Azureus\plugins\azupnpav\azupnpav_0.1.7.jar
C:\Program Files\Azureus\plugins\azupnpav\azupnpav_0.1.7.zip
C:\Program Files\Azureus\plugins\azupnpav\azupnpav_0.2.0.jar
C:\Program Files\Azureus\plugins\azupnpav\azupnpav_0.2.0.zip
C:\Program Files\Azureus\plugins\azupnpav\azupnpav_0.2.1.jar
C:\Program Files\Azureus\plugins\azupnpav\azupnpav_0.2.1.zip
C:\Program Files\Azureus\plugins\azupnpav\azupnpav_0.2.2.jar
C:\Program Files\Azureus\plugins\azupnpav\azupnpav_0.2.2.zip
C:\Program Files\Azureus\plugins\azupnpav\plugin.properties_0.1.7
C:\Program Files\Azureus\plugins\azupnpav\plugin.properties_0.2.0
C:\Program Files\Azureus\plugins\azupnpav\plugin.properties_0.2.1
C:\Program Files\Azureus\plugins\azupnpav\plugin.properties_0.2.2
C:\Users\Mike\AppData\Roaming\Azureus
C:\Users\Mike\AppData\Roaming\Azureus\.certs
C:\Users\Mike\AppData\Roaming\Azureus\.keystore
C:\Users\Mike\AppData\Roaming\Azureus\.lock
C:\Users\Mike\AppData\Roaming\Azureus\active\
0403F47A2A5D0C56FD542220C5B4F67B74C2AC66.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\
0403F47A2A5D0C56FD542220C5B4F67B74C2AC66.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\
05000486714438AD732CE66A79AC5A438ABDD7B4.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\
05000486714438AD732CE66A79AC5A438ABDD7B4.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\
0EB143E8C85C191C2AB8867F854C868DB0497E87.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\
0EB143E8C85C191C2AB8867F854C868DB0497E87.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\10730C930FF51019515DAC7117B9EBCD97F9AA29.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\10730C930FF51019515DAC7117B9EBCD97F9AA29.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\1810F5C62EA2D19A58992EF2B44CDCE7ABFEE592.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\1810F5C62EA2D19A58992EF2B44CDCE7ABFEE592.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\1B6CC497DE4A08E6F3295E2D8618A45B24C6FDD0.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\1B6CC497DE4A08E6F3295E2D8618A45B24C6FDD0.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\1E221168F57D3B6A2BB127133BABBB13174C2730.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\1E221168F57D3B6A2BB127133BABBB13174C2730.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\1E4A8B88050A1C97314B294F8DF3A5F728E7B708.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\1E4A8B88050A1C97314B294F8DF3A5F728E7B708.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\2027CE83040D55EA72CBC2A7ACD3295EC29826B3.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\2027CE83040D55EA72CBC2A7ACD3295EC29826B3.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\2DFCEEA587D646F650713528C16B2C715B5D8AD9.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\2DFCEEA587D646F650713528C16B2C715B5D8AD9.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\3040BE51CEA1420F86E0047FF3E38EA266511863.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\3040BE51CEA1420F86E0047FF3E38EA266511863.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\362046CFFE3F2D9DD5D6606E2AD752A46CF6CCFC.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\362046CFFE3F2D9DD5D6606E2AD752A46CF6CCFC.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\3C474E1E7ABE156EB791672F2819DDCD422FD26E.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\3C474E1E7ABE156EB791672F2819DDCD422FD26E.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\571AB7B080646FFADDDC164C08D52A3DBD82F657.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\571AB7B080646FFADDDC164C08D52A3DBD82F657.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\5733FE5870BC8065A8D0FCBB8166FAA476EF257C.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\5733FE5870BC8065A8D0FCBB8166FAA476EF257C.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\5733FE5870BC8065A8D0FCBB8166FAA476EF257C.dat.saving
C:\Users\Mike\AppData\Roaming\Azureus\active\5971351F8985E1D01D67FC57A9F1F3E9AB8E07DA.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\5971351F8985E1D01D67FC57A9F1F3E9AB8E07DA.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\6031475306AC153B2B9F300F55E993436D4BE3DC.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\6031475306AC153B2B9F300F55E993436D4BE3DC.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\6279C8F5F7E63175BD0E545CC7E063A3C8508E85.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\6279C8F5F7E63175BD0E545CC7E063A3C8508E85.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\66ACBABE1E41B49B00BF7A79E20B575007F6BA0E.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\66ACBABE1E41B49B00BF7A79E20B575007F6BA0E.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\69B5BD0F4D8B0CA8BAFE2D9FCB60EC34E8E5F706.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\69B5BD0F4D8B0CA8BAFE2D9FCB60EC34E8E5F706.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\710703FF98202CB04D9D87FF78A9D2CFBF0D195B.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\710703FF98202CB04D9D87FF78A9D2CFBF0D195B.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\7240BEF7F205902B6358324970F520D06FAEEBDF.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\7240BEF7F205902B6358324970F520D06FAEEBDF.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\731755598CCF4B75D85AA5DEC957E251993FF88C.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\731755598CCF4B75D85AA5DEC957E251993FF88C.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\84F00CA1F51711C2BFA1EE194C27CD8BF260E4D9.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\84F00CA1F51711C2BFA1EE194C27CD8BF260E4D9.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\8646DA22025FA47CC83591C35BC761B15714CE4A.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\8646DA22025FA47CC83591C35BC761B15714CE4A.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\9798C7EDC169199165CDE755621417766A0A9DC8.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\9798C7EDC169199165CDE755621417766A0A9DC8.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\9B5F74C216E573B0CFC250132B838684A59EB197.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\9B5F74C216E573B0CFC250132B838684A59EB197.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\9D8F9E63D26A0F53F67DEB5AC99A5802523ED9B5.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\9D8F9E63D26A0F53F67DEB5AC99A5802523ED9B5.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\B45F762AA97C95BBF294658A885FB104D0B0C720.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\B45F762AA97C95BBF294658A885FB104D0B0C720.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\B678565CAFEFEE8C1D28B1079E35435792D8F676.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\B678565CAFEFEE8C1D28B1079E35435792D8F676.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\C1FBA84E8E7BF0A3AF09C08D7F24A79B6B8A128C.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\C1FBA84E8E7BF0A3AF09C08D7F24A79B6B8A128C.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\C21C6B783B7AB3B76E960446A0E6D1A74BC10672.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\C21C6B783B7AB3B76E960446A0E6D1A74BC10672.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\C4738DBEC2C721C75482ADFB61FE6F5CD98B7B58.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\C4738DBEC2C721C75482ADFB61FE6F5CD98B7B58.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\D87C093912373F6C6A3FCBA9B3B99B0DEDCA837E.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\D87C093912373F6C6A3FCBA9B3B99B0DEDCA837E.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\E09AF701584772854CF175FC5AE002EA05027FD4.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\E09AF701584772854CF175FC5AE002EA05027FD4.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\E27F731C2C466D4CAE7174B3738E7FE782B7E63E.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\E27F731C2C466D4CAE7174B3738E7FE782B7E63E.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\E3A63E8E2D89DB6F3AE901D8F9D023758CFD360B.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\E3A63E8E2D89DB6F3AE901D8F9D023758CFD360B.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\E47162F61EE4EA7F7456CF99DFF5E5373838EE7C.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\E47162F61EE4EA7F7456CF99DFF5E5373838EE7C.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\E8063CE44F95EBDF139E08CC53405675211CB0A3.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\E8063CE44F95EBDF139E08CC53405675211CB0A3.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\E931700A73514AB66B1444416E29889E79036564.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\E931700A73514AB66B1444416E29889E79036564.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\EA1BFF0096C2A1A7E84A12C3FBF844D2A6998FC6.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\EA1BFF0096C2A1A7E84A12C3FBF844D2A6998FC6.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\EADD52FA45BB1B7143A02563B8E49B94C610A684.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\EADD52FA45BB1B7143A02563B8E49B94C610A684.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\F43FA1F2E047CB29FD47D9955A838EB27B42CA77.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\F43FA1F2E047CB29FD47D9955A838EB27B42CA77.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\F4746D777CAEF66788A7B9E38696176D67AB19E4.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\F4746D777CAEF66788A7B9E38696176D67AB19E4.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\F670C345D5938BBEA261AC758B6570EB808D25F5.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\F670C345D5938BBEA261AC758B6570EB808D25F5.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\F7C207B3D274ABD2795FA3F6685EE5ACD9EE4451.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\F7C207B3D274ABD2795FA3F6685EE5ACD9EE4451.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\FA2A07DDAE6FD43305B9B696398B391B2B3B4B1F.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\FA2A07DDAE6FD43305B9B696398B391B2B3B4B1F.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\azureus.config
C:\Users\Mike\AppData\Roaming\Azureus\azureus.config.bak
C:\Users\Mike\AppData\Roaming\Azureus\azureus.statistics
C:\Users\Mike\AppData\Roaming\Azureus\azureus.statistics.bak
C:\Users\Mike\AppData\Roaming\Azureus\banips.config
C:\Users\Mike\AppData\Roaming\Azureus\banips.config.bak
C:\Users\Mike\AppData\Roaming\Azureus\dht\addresses.dat
C:\Users\Mike\AppData\Roaming\Azureus\dht\contacts.dat
C:\Users\Mike\AppData\Roaming\Azureus\dht\diverse.dat
C:\Users\Mike\AppData\Roaming\Azureus\dht\general.dat
C:\Users\Mike\AppData\Roaming\Azureus\dht\net3\addresses.dat
C:\Users\Mike\AppData\Roaming\Azureus\dht\net3\contacts.dat
C:\Users\Mike\AppData\Roaming\Azureus\dht\net3\diverse.dat
C:\Users\Mike\AppData\Roaming\Azureus\dht\net3\version.dat
C:\Users\Mike\AppData\Roaming\Azureus\dht\version.dat
C:\Users\Mike\AppData\Roaming\Azureus\downloads.config
C:\Users\Mike\AppData\Roaming\Azureus\downloads.config.bak
C:\Users\Mike\AppData\Roaming\Azureus\friends.config
C:\Users\Mike\AppData\Roaming\Azureus\friends.config.bak
C:\Users\Mike\AppData\Roaming\Azureus\ipfilter.cache
C:\Users\Mike\AppData\Roaming\Azureus\logs\alerts_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\AutoSpeed_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\AutoSpeed_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\AutoSpeedSearchHistory_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\AutoSpeedSearchHistory_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\debug_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\debug_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\Friends_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\Friends_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\MetaSearch_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\MetaSearch_Engine_3.txt
C:\Users\Mike\AppData\Roaming\Azureus\logs\MetaSearch_Engine_4.txt
C:\Users\Mike\AppData\Roaming\Azureus\logs\MetaSearch_Engine_5.txt
C:\Users\Mike\AppData\Roaming\Azureus\logs\MetaSearch_Engine_6.txt
C:\Users\Mike\AppData\Roaming\Azureus\logs\MetaSearch_Engine_9.txt
C:\Users\Mike\AppData\Roaming\Azureus\logs\NetStatus_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_alerts_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_AutoSpeed_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_AutoSpeed_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_AutoSpeedSearchHistory_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_AutoSpeedSearchHistory_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_debug_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_debug_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_Friends_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_Friends_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_MetaSearch_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_MetaSearch_Engine_3.txt
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_MetaSearch_Engine_4.txt
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_MetaSearch_Engine_5.txt
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_MetaSearch_Engine_6.txt
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_MetaSearch_Engine_9.txt
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_NetStatus_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_seltrace_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_seltrace_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_SpeedMan_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_SpeedMan_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_thread_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_thread_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_v3.ads_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_v3.CMsgr_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_v3.emp_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_v3.Friends_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_v3.Friends_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_v3.MD_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_v3.PMsgr_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_v3.PMsgr_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_v3.Stream_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_v3.Stream_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\seltrace_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\seltrace_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\SpeedMan_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\SpeedMan_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\thread_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\thread_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\v3.ads_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\v3.CMsgr_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\v3.emp_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\v3.Friends_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\v3.Friends_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\v3.MD_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\v3.PMsgr_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\v3.PMsgr_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\v3.Stream_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\v3.Stream_2.log
C:\Users\Mike\AppData\Roaming\Azureus\metasearch.config
C:\Users\Mike\AppData\Roaming\Azureus\metasearch.config.bak
C:\Users\Mike\AppData\Roaming\Azureus\net\pm_4804.dat
C:\Users\Mike\AppData\Roaming\Azureus\net\pm_default.dat
C:\Users\Mike\AppData\Roaming\Azureus\tables.config
C:\Users\Mike\AppData\Roaming\Azureus\tables.config.bak
C:\Users\Mike\AppData\Roaming\Azureus\timingstats.dat
C:\Users\Mike\AppData\Roaming\Azureus\tmp\AZU55218.tmp
C:\Users\Mike\AppData\Roaming\Azureus\tmp\AZU55219.tmp
C:\Users\Mike\AppData\Roaming\Azureus\tmp\AZU55220.tmp
C:\Users\Mike\AppData\Roaming\Azureus\tmp\AZU55221.tmp
C:\Users\Mike\AppData\Roaming\Azureus\tmp\AZU55222.tmp
C:\Users\Mike\AppData\Roaming\Azureus\tmp\AZU55223.tmp
C:\Users\Mike\AppData\Roaming\Azureus\tmp\AZU55224.tmp
C:\Users\Mike\AppData\Roaming\Azureus\tmp\AZU55225.tmp
C:\Users\Mike\AppData\Roaming\Azureus\tmp\AZU55226.tmp
C:\Users\Mike\AppData\Roaming\Azureus\torrents\AZU28203.tmp
C:\Users\Mike\AppData\Roaming\Azureus\tracker.config
C:\Users\Mike\AppData\Roaming\Azureus\tracker.config.bak
C:\Users\Mike\AppData\Roaming\Azureus\unsentdata.config
C:\Users\Mike\AppData\Roaming\Azureus\unsentdata.config.bak
C:\Users\Mike\AppData\Roaming\Azureus\update.log
C:\Users\Mike\AppData\Roaming\Azureus\update.properties
C:\Users\Mike\AppData\Roaming\Azureus\v3.Friends.dat
C:\Users\Mike\AppData\Roaming\Azureus\v3.Friends.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\VuzeActivities.config
C:\Users\Mike\AppData\Roaming\Azureus\VuzeActivities.config.bak
C:\Users\Mike\AppData\Roaming\LimeWire
C:\Users\Mike\AppData\Roaming\LimeWire\active.mojito
C:\Users\Mike\AppData\Roaming\LimeWire\certificate\limewire.keystore
C:\Users\Mike\AppData\Roaming\LimeWire\createtimes.cache
C:\Users\Mike\AppData\Roaming\LimeWire\downloads.dat
C:\Users\Mike\AppData\Roaming\LimeWire\fileurns.bak
C:\Users\Mike\AppData\Roaming\LimeWire\fileurns.cache
C:\Users\Mike\AppData\Roaming\LimeWire\filters.props
C:\Users\Mike\AppData\Roaming\LimeWire\gnutella.net
C:\Users\Mike\AppData\Roaming\LimeWire\installation.props
C:\Users\Mike\AppData\Roaming\LimeWire\library.dat
C:\Users\Mike\AppData\Roaming\LimeWire\limewire.props
C:\Users\Mike\AppData\Roaming\LimeWire\mojito.props
C:\Users\Mike\AppData\Roaming\LimeWire\promotion\promodb.backup
C:\Users\Mike\AppData\Roaming\LimeWire\promotion\promodb.data
C:\Users\Mike\AppData\Roaming\LimeWire\promotion\promodb.properties
C:\Users\Mike\AppData\Roaming\LimeWire\promotion\promodb.script
C:\Users\Mike\AppData\Roaming\LimeWire\questions.props
C:\Users\Mike\AppData\Roaming\LimeWire\responses.cache
C:\Users\Mike\AppData\Roaming\LimeWire\simpp.xml
C:\Users\Mike\AppData\Roaming\LimeWire\spam.dat
C:\Users\Mike\AppData\Roaming\LimeWire\tables.props
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme.lwtp
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\
01_star.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\
02_star.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\
03_star.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\
04_star.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\
05_star.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\chat.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\dir_closed.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\dir_open.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\forward_dn.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\forward_up.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\kill.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\kill_on.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\lime.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\lw_logo.png
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\pause_dn.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\pause_up.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\play_dn.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\play_up.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\question.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\rewind_dn.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\rewind_up.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\stop_dn.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\stop_up.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\theme.txt
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\version.txt
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\warning.gif
C:\Users\Mike\AppData\Roaming\LimeWire\ttrees.cache
C:\Users\Mike\AppData\Roaming\LimeWire\ttroot.cache
C:\Users\Mike\AppData\Roaming\LimeWire\version.xml
C:\Users\Mike\AppData\Roaming\LimeWire\versions.props
C:\Users\Mike\AppData\Roaming\LimeWire\xml\data\audio.sxml2
C:\Users\Mike\AppData\Roaming\LimeWire\xml\data\image.sxml2
C:\Users\Mike\AppData\Roaming\LimeWire\xml\data\video.sxml2
C:\Windows\System32\acftvfaf.dll
C:\Windows\System32\aqabngam.dll
C:\Windows\System32\cgxlmdvu.dll
C:\Windows\System32\cpyfymta.dll
C:\Windows\System32\jusnepbi.dll
C:\Windows\System32\tphlnrds.ini
C:\Windows\System32\tphlnrds.ini2
C:\Windows\System32\tphlnrds.tmp
C:\Windows\System32\ypmnrmdu.dll
C:\Windows\System32\yuppbekp.dll
.
((((((((((((((((((((((((( Files Created from 2008-09-01 to 2008-10-01 )))))))))))))))))))))))))))))))
.
2008-09-30 23:17 . 2008-09-30 23:17 <DIR> d-------- C:\Windows\System32\AGEIA
2008-09-30 23:17 . 2008-09-30 23:17 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-09-24 22:32 . 2008-09-30 19:46 258,198,458 --a------ C:\Windows\MEMORY.DMP
2008-09-23 21:32 . 2008-09-23 21:32 <DIR> d-------- C:\BM2005
2008-09-23 21:04 . 2008-09-23 21:04 <DIR> d-------- C:\VundoFix Backups
2008-09-20 22:54 . 2008-09-20 22:58 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-09-20 22:54 . 2008-09-20 22:58 <DIR> d-------- C:\ProgramData\Lavasoft
2008-09-20 22:54 . 2008-09-20 22:54 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-20 22:23 . 2008-01-21 17:43 4,244,744 --a------ C:\Windows\System32\qtp-mt334.dll
2008-09-20 22:23 . 2008-01-21 17:43 247,560 --a------ C:\Windows\System32\prgiso.dll
2008-09-20 22:23 . 2008-01-21 17:43 39,472 --a------ C:\Windows\System32\drivers\hotcore3.sys
2008-09-20 22:23 . 2008-01-21 17:43 13,576 --a------ C:\Windows\System32\wnaspi32.dll
2008-09-20 22:22 . 2008-09-20 22:22 <DIR> d-------- C:\Program Files\Paragon Software
2008-09-13 11:25 . 2008-09-13 11:25 <DIR> d-------- C:\Program Files\SiSoftware
2008-09-12 21:32 . 2008-09-12 21:32 <DIR> d-------- C:\Users\Mike\AppData\Roaming\BWMeterPro
2008-09-12 21:31 . 2008-09-12 21:39 <DIR> d-------- C:\Program Files\BandwidthMeterPro
2008-09-10 23:26 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll
2008-09-10 23:26 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys
2008-09-10 23:25 . 2008-09-10 23:26 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-10 23:25 . 2008-09-10 23:26 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-10 23:25 . 2008-09-10 23:26 <DIR> d-------- C:\Program Files\iTunes
2008-09-10 23:25 . 2008-09-10 23:25 <DIR> d-------- C:\Program Files\iPod
2008-09-10 22:34 . 2008-09-10 22:34 <DIR> d-------- C:\Program Files\ImTOO
2008-09-10 19:18 . 2008-07-31 11:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 19:18 . 2008-07-31 13:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-10 19:17 . 2008-08-02 11:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 19:17 . 2008-06-26 13:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 19:17 . 2008-06-26 13:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 19:17 . 2008-05-09 05:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 19:17 . 2008-05-20 12:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 19:17 . 2008-06-26 13:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 19:17 . 2008-08-02 13:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-09-05 22:16 . 2008-09-05 22:16 1,900,544 --a------ C:\Windows\System32\usbaaplrc.dll
2008-09-05 22:16 . 2008-09-05 22:16 36,864 --a------ C:\Windows\System32\drivers\usbaapl.sys
2008-09-04 09:31 . 2008-09-04 09:31 288,024 --a------ C:\Windows\System32\PhysXCplUI.exe
2008-09-04 09:31 . 2008-09-04 09:31 181,528 --a------ C:\Windows\System32\PhysX.cpl
2008-09-01 22:08 . 2008-09-24 09:05 <DIR> d-------- C:\Program Files\PeerGuardian2
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 23:00 --------- d-----w C:\ProgramData\NVIDIA
2008-09-30 13:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-24 20:00 --------- d-----w C:\Program Files\mIRC
2008-09-21 06:22 --------- d-----w C:\Users\Mike\AppData\Roaming\Bioshock
2008-09-20 12:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-18 15:16 --------- d-----w C:\Users\Mike\AppData\Roaming\Vso
2008-09-18 08:25 --------- d-----w C:\Program Files\Norton 360
2008-09-10 13:19 --------- d-----w C:\Program Files\Bonjour
2008-09-10 13:17 --------- d-----w C:\Program Files\QuickTime
2008-09-10 13:16 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-08 11:32 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-05 23:59 --------- d-----w C:\ProgramData\Symantec
2008-08-29 00:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe
2008-08-28 23:53 61,440 ----a-w C:\Windows\System32\dnssd.dll
2008-08-28 22:57 70,936 ----a-w C:\Windows\System32\PhysXLoader.dll
2008-08-23 02:11 --------- d-----w C:\Program Files\Java
2008-08-23 02:09 --------- d-----w C:\Program Files\Common Files\Java
2008-08-21 08:19 17,844,736 ----a-w C:\Windows\System32\imageres.dll
2008-08-19 12:49 --------- d-----w C:\Program Files\Atari
2008-08-13 08:29 --------- d-----w C:\Program Files\Xplosiv
2008-08-13 08:06 --------- d-----w C:\Program Files\Windows Mail
2008-08-13 07:36 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-08-13 07:36 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-08-13 07:36 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-08-13 07:36 --------- d-----w C:\Program Files\Symantec
2008-08-13 07:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-13 07:16 --------- d-----w C:\Users\Mike\AppData\Roaming\Symantec
2008-08-13 06:33 --------- d-----w C:\ProgramData\Symantec Temporary Files
2008-08-11 10:26 --------- d-----w C:\ProgramData\Media Center Programs
2008-08-11 10:08 --------- d-----w C:\Program Files\THQ
2008-08-10 05:31 --------- d-----w C:\Program Files\Xvid
2008-08-08 08:58 --------- d-----w C:\Program Files\Apple Software Update
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-26 02:48 122,880 ----a-w C:\Windows\System32\nvcod133.dll
2008-07-23 05:24 446,464 ----a-w C:\Windows\System32\nvuninst.exe
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 12:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 10:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-06-12 11:27 47,360 ----a-w C:\Users\Mike\AppData\Roaming\pcouffin.sys
2008-03-21 22:49 174 --sha-w C:\Program Files\desktop.ini
2008-06-23 11:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-23 11:42 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-23 11:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\temp ----
2008-08-11 20:29 1909 --a------ C:\temp\gpgnet0.log
2008-08-11 20:29 0 --a------ C:\temp\quazal.log
((((((((((((((((((((((((((((( snapshot@2008-09-30_19.59.42.83 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-10 13:10:29 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-09-30 13:15:54 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-09-10 13:10:29 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-09-30 13:15:52 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-09-10 13:10:29 143,360 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-09-30 13:15:54 143,360 ----a-w C:\Windows\inf\infstrng.dat
- 2008-09-30 09:46:26 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-01 10:56:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-09-30 09:46:26 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-01 10:56:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-30 09:55:45 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-01 10:59:15 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-01 10:59:15 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-09-30 09:55:45 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-01 10:59:10 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-01 10:59:10 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2008-06-10 23:02:32 58,648 ----a-w C:\Windows\System32\AgCPanelFrench.dll
+ 2008-06-10 23:02:32 58,648 ----a-w C:\Windows\System32\AgCPanelGerman.dll
+ 2008-06-10 23:02:32 58,648 ----a-w C:\Windows\System32\AgCPanelJapanese.dll
+ 2008-06-10 23:02:34 58,648 ----a-w C:\Windows\System32\AgCPanelKorean.dll
+ 2008-06-10 23:02:34 58,648 ----a-w C:\Windows\System32\AgCPanelPortugese.dll
+ 2008-06-10 23:02:34 58,648 ----a-w C:\Windows\System32\AgCPanelSimplifiedChinese.dll
+ 2008-06-10 23:02:34 58,648 ----a-w C:\Windows\System32\AgCPanelSpanish.dll
+ 2008-06-10 23:02:34 58,648 ----a-w C:\Windows\System32\AgCPanelSwedish.dll
+ 2008-06-10 23:02:34 58,648 ----a-w C:\Windows\System32\AgCPanelTraditionalChinese.dll
+ 2007-07-22 23:02:42 199,885 ----a-w C:\Windows\System32\AGEIA\AG1011\app.bin
+ 2008-02-29 00:18:36 119,473 ----a-w C:\Windows\System32\AGEIA\AG1011\diag.bin
+ 2008-02-29 00:18:36 214,629 ----a-w C:\Windows\System32\AGEIA\AG1021\app.bin
+ 2008-03-19 22:24:14 116,977 ----a-w C:\Windows\System32\AGEIA\AG1021\diag.bin
- 2008-09-30 09:47:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-01 11:12:25 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-30 09:47:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-01 11:12:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-30 09:47:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-01 11:12:25 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-30 09:38:18 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-10-01 11:42:04 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-07-26 02:48:00 7,281,056 ----a-w C:\Windows\System32\drivers\nvlddmkm.sys
+ 2008-09-16 23:55:00 7,379,872 ----a-w C:\Windows\System32\drivers\nvlddmkm.sys
+ 2008-09-16 23:55:00 795,104 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\dpinst.exe
+ 2008-09-16 23:55:00 483,328 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvapi.dll
+ 2008-09-16 23:55:00 122,880 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvcod.dll
+ 2008-09-16 23:55:00 143,360 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvcolor.exe
+ 2008-09-16 23:55:00 13,580,832 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvcpl.dll
+ 2008-09-16 23:55:00 797,216 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvcplui.exe
+ 2008-09-16 23:55:00 1,486,848 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvcuda.dll
+ 2008-09-16 23:55:00 5,963,776 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvd3dum.dll
+ 2008-09-16 23:55:00 3,996,192 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvdisps.dll
+ 2008-09-16 23:55:00 3,451,424 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvgames.dll
+ 2008-09-16 23:55:00 7,379,872 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvlddmkm.sys
+ 2008-09-16 23:55:00 236,064 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvmccs.dll
+ 2008-09-16 23:55:00 45,056 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvmccsrs.dll
+ 2008-09-16 23:55:00 195,104 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvmccss.dll
+ 2008-09-16 23:55:00 92,704 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvmctray.dll
+ 2008-09-16 23:55:00 1,264,160 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvmobls.dll
+ 2008-09-16 23:55:00 9,011,200 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvoglv32.dll
+ 2008-09-16 23:55:00 612,896 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvsvc.dll
+ 2008-09-16 23:55:00 1,269,760 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvsvs.dll
+ 2008-09-16 23:55:00 704,512 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvsvsr.dll
+ 2008-09-16 23:55:00 453,152 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvudisp.exe
+ 2008-09-16 23:55:00 3,770,912 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvvitvs.dll
+ 2008-09-16 23:55:00 196,608 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvvsvc.exe
+ 2008-09-16 23:55:00 2,502,656 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvwgf2um.dll
+ 2008-09-16 23:55:00 2,693,664 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvwss.dll
- 2008-07-26 02:48:00 483,328 ----a-w C:\Windows\System32\nvapi.dll
+ 2008-09-16 23:55:00 483,328 ----a-w C:\Windows\System32\nvapi.dll
- 2008-07-26 02:48:00 122,880 ----a-w C:\Windows\System32\nvcod.dll
+ 2008-09-16 23:55:00 122,880 ----a-w C:\Windows\System32\nvcod.dll
+ 2008-09-16 23:55:00 122,880 ----a-w C:\Windows\System32\nvcod134.dll
- 2008-07-26 02:48:00 122,880 ----a-w C:\Windows\System32\nvcodh.dll
+ 2008-09-16 23:55:00 122,880 ----a-w C:\Windows\System32\nvcodh.dll
- 2008-07-26 02:48:00 122,880 ----a-w C:\Windows\System32\nvcodhins.dll
+ 2008-09-16 23:55:00 122,880 ----a-w C:\Windows\System32\nvcodhins.dll
- 2008-07-26 02:48:00 150,048 ----a-w C:\Windows\System32\nvcolor.exe
+ 2008-09-16 23:55:00 143,360 ----a-w C:\Windows\System32\nvcolor.exe
- 2008-07-26 02:48:00 13,576,736 ----a-w C:\Windows\System32\nvcpl.dll
+ 2008-09-16 23:55:00 13,580,832 ----a-w C:\Windows\System32\nvcpl.dll
- 2008-07-26 02:48:00 1,482,752 ----a-w C:\Windows\System32\nvcuda.dll
+ 2008-09-16 23:55:00 1,486,848 ----a-w C:\Windows\System32\nvcuda.dll
- 2008-07-26 02:48:00 5,955,584 ----a-w C:\Windows\System32\nvd3dum.dll
+ 2008-09-16 23:55:00 5,963,776 ----a-w C:\Windows\System32\nvd3dum.dll
- 2008-07-26 02:48:00 3,996,192 ----a-w C:\Windows\System32\nvdisps.dll
+ 2008-09-16 23:55:00 3,996,192 ----a-w C:\Windows\System32\nvdisps.dll
- 2008-07-26 02:48:00 3,447,328 ----a-w C:\Windows\System32\nvgames.dll
+ 2008-09-16 23:55:00 3,451,424 ----a-w C:\Windows\System32\nvgames.dll
- 2008-07-26 02:48:00 236,064 ----a-w C:\Windows\System32\nvmccs.dll
+ 2008-09-16 23:55:00 236,064 ----a-w C:\Windows\System32\nvmccs.dll
- 2008-07-26 02:48:00 45,056 ----a-w C:\Windows\System32\nvmccsrs.dll
+ 2008-09-16 23:55:00 45,056 ----a-w C:\Windows\System32\nvmccsrs.dll
- 2008-07-26 02:48:00 195,104 ----a-w C:\Windows\System32\nvmccss.dll
+ 2008-09-16 23:55:00 195,104 ----a-w C:\Windows\System32\nvmccss.dll
- 2008-07-26 02:48:00 92,704 ----a-w C:\Windows\System32\nvmctray.dll
+ 2008-09-16 23:55:00 92,704 ----a-w C:\Windows\System32\nvmctray.dll
- 2008-07-26 02:48:00 1,264,160 ----a-w C:\Windows\System32\nvmobls.dll
+ 2008-09-16 23:55:00 1,264,160 ----a-w C:\Windows\System32\nvmobls.dll
- 2008-07-26 02:48:00 9,003,008 ----a-w C:\Windows\System32\nvoglv32.dll
+ 2008-09-16 23:55:00 9,011,200 ----a-w C:\Windows\System32\nvoglv32.dll
- 2008-07-26 02:48:00 608,800 ----a-w C:\Windows\System32\nvsvc.dll
+ 2008-09-16 23:55:00 612,896 ----a-w C:\Windows\System32\nvsvc.dll
- 2008-07-26 02:48:00 1,265,664 ----a-w C:\Windows\System32\nvsvs.dll
+ 2008-09-16 23:55:00 1,269,760 ----a-w C:\Windows\System32\nvsvs.dll
- 2008-07-26 02:48:00 704,512 ----a-w C:\Windows\System32\nvsvsr.dll
+ 2008-09-16 23:55:00 704,512 ----a-w C:\Windows\System32\nvsvsr.dll
- 2008-07-26 02:48:00 446,464 ----a-w C:\Windows\System32\nvudisp.exe
+ 2008-09-16 23:55:00 453,152 ----a-w C:\Windows\System32\nvudisp.exe
- 2008-07-26 02:48:00 3,770,912 ----a-w C:\Windows\System32\nvvitvs.dll
+ 2008-09-16 23:55:00 3,770,912 ----a-w C:\Windows\System32\nvvitvs.dll
- 2008-07-26 02:48:00 196,608 ----a-w C:\Windows\System32\nvvsvc.exe
+ 2008-09-16 23:55:00 196,608 ----a-w C:\Windows\System32\nvvsvc.exe
- 2008-07-26 02:48:00 2,499,584 ----a-w C:\Windows\System32\nvwgf2um.dll
+ 2008-09-16 23:55:00 2,502,656 ----a-w C:\Windows\System32\nvwgf2um.dll
- 2008-07-26 02:48:00 2,693,664 ----a-w C:\Windows\System32\nvwss.dll
+ 2008-09-16 23:55:00 2,693,664 ----a-w C:\Windows\System32\nvwss.dll
- 2008-09-30 09:51:07 106,292 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-01 11:02:13 106,292 ----a-w C:\Windows\System32\perfc009.dat
- 2008-09-30 09:51:07 602,846 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-01 11:02:13 602,846 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-04 22:58:26 197,912 ----a-w C:\Windows\System32\physxcudart_20.dll
- 2008-09-29 09:38:27 12,206 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-164369667-1103530636-808841869-1000_UserData.bin
+ 2008-10-01 11:00:13 12,422 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-164369667-1103530636-808841869-1000_UserData.bin
- 2008-09-29 09:38:23 83,770 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-01 11:00:12 84,650 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-29 09:48:49 49,052 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-01 11:00:11 49,164 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-18 171448]
"Google Update"="C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-08 133104]
"BandwidthMeterPro"="C:\Program Files\BandwidthMeterPro\BWMeterPro.exe" [2008-09-12 236032]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 988512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-09-17 92704]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\Windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-16 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\Windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\Windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\Windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Mike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\Windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Mike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Heroes of Might & Magic 5 - Tribes of the East.LNK]
path=C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5 - Tribes of the East.LNK
backup=C:\Windows\pss\Registration Heroes of Might & Magic 5 - Tribes of the East.LNK.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Mike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Heroes of Might & Magic 5.LNK]
path=C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK
backup=C:\Windows\pss\Registration Heroes of Might & Magic 5.LNK.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 23:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 16:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 20:12 111936 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 18:07 132392 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 23:08 136136 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-08 23:02 289576 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 17:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 12.0]
--a------ 2008-01-10 04:43 2037088 C:\Program Files\Norton Ghost\Agent\VProTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
--a------ 2007-09-11 18:43 95536 C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-11-09 17:15 1634304 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 17:33 1233920 C:\Program Files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-18 23:34 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
--a------ 2008-01-29 17:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Device Detector"=DevDetect.exe -autorun
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-164369667-1103530636-808841869-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0A844B56-72F1-4060-BBA2-ADDD224554BB}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{040FB95F-64FB-4F5C-94DC-DD5F4366B22F}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{4F4D656E-D7F9-4027-8FD3-57248724F8FD}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FC30D70B-8489-4617-805D-D043E031E4FF}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{498718F1-3319-437E-BF8B-71D66DB0AE89}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{3BB7F711-284C-4CA2-BF1E-82B2AF8B2A33}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{74D86FC1-2431-44E0-9583-730CB611A5E1}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{76C193D8-615A-41B2-8520-33598D004ED7}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{4F607B11-7113-4756-829B-79107F2755F9}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"{D7303E5F-8FA1-4FF0-B165-F9F1BC5065D5}"= UDP:3703:Adobe Version Cue CS3 Server
"{37AA15D7-065F-47C9-8FD6-E488BF862B13}"= UDP:3704:Adobe Version Cue CS3 Server
"{C3EC0936-4273-44E6-92FC-9E3921868361}"= UDP:50900:Adobe Version Cue CS3 Server
"{D773A94B-4E2D-4CBE-A6BB-DCB472294D9D}"= UDP:50901:Adobe Version Cue CS3 Server
"{DDC0A205-85B5-49F8-93CF-768C64A8AD77}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{6029CEA2-9294-440A-A51F-F9EA88CFE5B2}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{E67F2558-A7CE-41D5-8F2C-83B86842D3F3}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{72910BB9-772E-4303-AEFB-5118440D8034}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{865842B5-D5E6-413A-AA8B-6C2EE0910370}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{8DAB7002-D712-4C12-BB03-B63760EE0108}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{867DB97E-8B24-4A7D-96CD-52C7400E8064}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{DFA9C2FF-8CD7-44CD-B91F-E62B582C82A2}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{24741CC1-DF85-4EAE-BA4F-3D158EBAED69}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{7F1361E8-86B8-4560-9C76-83077180503C}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{465EFEA4-F691-4CAD-B491-ED4B7AE871C3}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{DFBB0F48-E6EA-47EB-AAAD-8ED11114292A}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{EDAB1331-DA3F-45C0-8CA7-13577AB74CFD}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{4DEA4DCA-5360-411A-8D1C-1CA2061F1C82}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F04980CB-1769-464B-A280-82EE7D88CC29}"= UDP:C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{0095E900-FAD5-41BB-A043-3375B14F7103}"= TCP:C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{C262FC5E-DBE2-4714-8958-5DE5710A2587}"= UDP:C:\Program Files\Sega\Universe At War Earth Assault\UAWEA.exe:Universe at War Earth Assault
"{3B6A3CEE-77C2-4B60-BA47-4D8D164532CB}"= TCP:C:\Program Files\Sega\Universe At War Earth Assault\UAWEA.exe:Universe at War Earth Assault
"{EF24C871-9626-4B39-86DB-3EBE73E7007F}"= UDP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{CB9C61A1-CE63-4D6B-9E5F-1A193C382F09}"= TCP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{4FE689B3-8E86-49D6-B68C-9160FD049FFB}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{E6EB8B68-DC1B-4BE3-8B31-144AB54EBA93}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{16B3A48E-3A6D-463C-A74B-ED0F7AF40F85}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{C42B9D69-4A64-4D1B-B51B-66146A365DAD}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{0DB9E5B9-0A11-46AA-952C-5DA9885EB075}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{C947A323-681E-409A-AE34-1E02310B070A}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{4D686F7B-C032-4398-A646-2E38F5BA9F42}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{E3AD8BE3-C5D7-4949-BBA8-99D16F5F7C92}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{1A019397-D989-4994-B97F-3C6AC2C6897F}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{713C6882-2A49-486A-A9C7-3BDF3D621AC4}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{3179BB92-1DE1-40F5-88AB-3E0BD60787A1}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{F56F7517-A9B7-4873-B2D0-0F2DEF81EB42}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{9DC92F17-DA12-4862-9DC5-708CF6E47CBF}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{AD941130-B9F2-417A-AC90-BC699E0B40EF}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{8F39571B-0C7E-498F-96D8-C5923F0CD7C1}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{AB4A2243-7FF8-40EC-B045-3ADEA56533E5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{D6E6E617-B44C-46BB-B2E2-201DB21F4767}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{98E023D6-1BD8-4B84-8A4D-543E358758FF}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 hotcore3;hotcore3;C:\Windows\system32\drivers\hotcore3.sys [2008-01-21 39472]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080926.001\IDSvix86.sys [2008-09-12 270384]
R2 BandwidthMeterProService;Bandwidth Meter Pro Service;C:\Program Files\BandwidthMeterPro\BWMeterService.exe [2008-08-15 184320]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2008-05-20 303616]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 GPWADrv;Service for L6 GuitarPort Driver (WDM);C:\Windows\system32\Drivers\GPWADrv.sys [2007-09-18 514432]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe [2008-09-01 98488]
S4 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-06-12 307968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a4b4302-95db-11dc-9903-0011d80c9c95}]
\shell\AutoRun\command - J:\Autorun.exe
*Newly Created Service* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-10-01 21:46:44
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
MalwareBytes Log
Completion time: 2008-10-01 21:48:34
ComboFix-quarantined-files.txt 2008-10-01 11:48:29
ComboFix2.txt 2008-09-30 10:01:17
Pre-Run: 120,308,482,048 bytes free
Post-Run: 120,276,357,120 bytes free
831 --- E O F --- 2008-09-10 10:17:44
----------------------------------------------------------------
Windows 6.0.6001 Service Pack 1
2/10/2008 8:07:03 AM
mbam-log-2008-10-02 (08-07-03).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 357808
Time elapsed: 1 hour(s), 54 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 23
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\QooBox\Quarantine\C\Windows\System32\acftvfaf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\aprpuynf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\aqabngam.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\caejdcmb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\cgxlmdvu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\cpyfymta.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\gweliogy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\islhacis.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\jolxne.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\jusnepbi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\lzrkpg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\mslhhwnn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\nikdhf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\uqpwbtku.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\vtUmkKcD.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\vvgathen.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\wvUlJDSl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\ymujemnq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\yocqsr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\ypmnrmdu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\yuppbekp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Appz\Adobe\Adobe.Acrobat.Professional.v8.PROPER-ZWTiSO\Adobe Acrobat 8 pro keygen.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\Pocket PC\Pocket Pc Best Software 2005\Tweaks2k2 Net v3.0 Arm Xscale Ppc Cracked-Corepda\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
-----------------------------------------------------------------
HJT LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:52 AM, on 2/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\BandwidthMeterPro\BWMeterPro.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\seemenow.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BandwidthMeterPro] C:\Program Files\BandwidthMeterPro\BWMeterPro.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
https://fpdownload.macromedia.com/get/f ... wflash.cabO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bandwidth Meter Pro Service (BandwidthMeterProService) - Unknown owner - C:\Program Files\BandwidthMeterPro\BWMeterService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 10196 bytes
Thanks for persisting,
Mike.