Free Malware Removal Forum

by **mykewatson** » September 24th, 2008, 8:11 am

A quick thanks for anyone who can take some time to help me,

I have some sort of infection on my PC (P4 (3 Ghz), 2G Ram, Vista Home Premium). After installing a system monitoring program (which I had tested with Norton 360 before installing), I got a heap of spam that my pc was infected and directing me to download an anti virus program that would fix it. Couple of icons came up in the system tray as well. Norton zapped a few things, and I disabled a few dodgy looking files in the startup through msconfig, but I keep getting messages that windows can't find certain dll files. The dll files look random (ie., ghxdlsl.dll). Norton is periodically saying that it detects threats. I tried a Vundo remover tool but it said it could not find the virus on my pc. Here is the Hijackthis log. Can anyone see anything or give me some ideas where I might start to remove this infection.

Thanks again guys,
Mike
O4 - HKLM\..\Run: [BMfb056c49] Rundll32.exe "C:\Windows\system32\mslhhwnn.dll",s
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BandwidthMeterPro] C:\Program Files\BandwidthMeterPro\BWMeterPro.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: *.line6.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/f ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: yocqsr.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bandwidth Meter Pro Service (BandwidthMeterProService) - Unknown owner - C:\Program Files\BandwidthMeterPro\BWMeterService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 11153 bytes

by **DFW** » September 25th, 2008, 2:53 am

My name is DFW, and I will be helping you to remove any infection(s) that you may have.

Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a different computer or infection.

Please observe these rules while we work:
Perform all actions in the order given.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Stick with it till you're given the all clear.
REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.
Please not try and clean your computer with any tools other than the ones I ask you to use during the cleanup process

If you can do these things, everything should go smoothly.

First off please go back into MSConfig and allow any start ups you disabled, then reboot your system.

Make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

Click on the Save list... button and specify where you would like to save this file.

When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad here on your next reply.

Now run Highjackthis again and post the full log, you have missed off the top part of the log.

Post back with

A new HJT Log
The Uninstall list

by **mykewatson** » September 25th, 2008, 7:54 am

Thanks very much for your time DFW, I really appreciate it.

As discussed, the uninstall list is as follows:

3.1.2.12
ACDSee 10 Photo Manager
ACDSee Pro
ACDSee Pro 2
Ad-Aware
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Age of Empires III
Age of Empires III - The Asian Dynasties
AHV content for Acrobat and Flash
AppCore
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
avast! Antivirus
Azureus Vuze
Backup
Bandwidth Meter Pro 2.6 build 617
BioShock
Bonjour
ccCommon
CDDRV_Installer
Cisco Systems VPN Client 5.0.00.0340
C-Media PCI Audio Driver
Collab
Company of Heroes
Conduits Pocket Player v3.5
ConvertXtoDVD 3.1.0.18
CreativeNotes 3.2
Cricket Captain 2008
Deckadance
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DriverAgent by TouchStone Software
DVDFab Platinum 4.1.2.0
EA SPORTS online 2007
EA SPORTS(TM) Cricket 07
EndNote X.0.2 Volume License Edition
EVEREST Corporate Edition v4.50
FIFA 08
FL Studio 8
Galactic Civilizations II - Gold Edition
GearDrvs
Google Gears
Google Toolbar for Internet Explorer
GPGNet
Heroes of Might and Magic V - Tribes of the East
Heroes of Might and Magic V Collector Edition
HijackThis 2.0.2
IL Download Manager
ImTOO iPod Computer Transfer
ISI ResearchSoft - Export Helper
iTunes
Java(TM) 6 Update 7
KhalInstallWrapper
K-Lite Mega Codec Pack 3.4.5
LimeWire PRO 4.18.3
Line 6 Uninstaller
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech Desktop Messenger
Logitech SetPoint
LogonStudio Vista
Madden NFL 08
Magic ISO Maker v5.3 (build 0221)
MagicDisc 2.6.93
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
mIRC
MobileMe Control Panel
Mozilla Firefox (3.0.1)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 Parser and SDK
Nero 8 Ultra Edition HD
neroxml
Neverwinter Nights 2
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
Norton 360
Norton 360
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
Norton Ghost
NVIDIA Drivers
OLYMPUS Master 2
Paragon Partition Manager 9.0 Professional
PC Connectivity Solution
PDF Settings
PeerGuardian 2.0
PixiePack Codec Pack
Pocket Controller-Professional
Pocket Mechanic v2.72 (WM5)
PoiZone
PowerISO
QuickTime
Resco Utility Package
Safari
Sins of a Solar Empire
Sins of a Solar Empire
SiSoftware Sandra Professional Business 2009
Spb Diary
Spb Finance
Spb Mobile Shell
Spb Pocket Plus
SPBBC 32bit
SpellForce 2 - Shadow Wars
SpellForce 2 Update v1.02
Star Wars Battlefront II
Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
Stardock Central
Supreme Commander - Forged Alliance
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
The Witcher
Tiger Woods PGA TOUR 07
Toxic Biohazard
TrueCrypt
TuneUp Utilities 2008
TVUPlayer 2.3.7.1
Universe at War Earth Assault
Universe at War Earth Assault
VCRedistSetup
VideoLAN VLC media player 0.8.6c
WinAVIVideoConverter
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinRAR archiver
WinZip
WMA Encoder - Decoder v.1.4.6
World in Conflict
Xvid 1.1.3 final uninstall

The full HJT list is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:01 PM, on 25/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\BandwidthMeterPro\BWMeterPro.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: {0a0eb7f3-1138-f668-8054-ab17ef749ba6} - {6ab947fe-71ba-4508-866f-83113f7be0a0} - C:\Windows\system32\rebhly.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C4E0B96A-874A-43A3-8B8E-F29A57A0A5BA} - C:\Windows\system32\vtUmkKcD.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\rqRHaBTm.dll,#1
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [f8365fd5] rundll32.exe "C:\Windows\system32\qxbwkvbb.dll",b
O4 - HKLM\..\Run: [BMfb056c49] Rundll32.exe "C:\Windows\system32\ymujemnq.dll",s
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BandwidthMeterPro] C:\Program Files\BandwidthMeterPro\BWMeterPro.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: *.line6.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/f ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: rebhly.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bandwidth Meter Pro Service (BandwidthMeterProService) - Unknown owner - C:\Program Files\BandwidthMeterPro\BWMeterService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 11712 bytes

Thanks Again,
Mike.

by **DFW** » September 25th, 2008, 11:17 am

Hi mykewatson
You are running a P2P filesharing programme/s.

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Azureus Vuze
LimeWire PRO 4.18.3

Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.

The bad guys use P2P filesharing as a major conduit to spread their wares.
We see no purpose in cleaning your machine if you use P2P programmes, as it is pretty much certain that if you continue to use them then you will get infected again

Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.

Post back a new HijackThis, and comfirm you have removed them, so we can continue cleaning your pc.

by **mykewatson** » September 29th, 2008, 5:53 am

Fair enough. It must be tiring to have people coming back for the same old problem/vector.

Here is the new HJT file after removing P2P programs from the PC:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:16 PM, on 29/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\BandwidthMeterPro\BWMeterPro.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: {0a0eb7f3-1138-f668-8054-ab17ef749ba6} - {6ab947fe-71ba-4508-866f-83113f7be0a0} - C:\Windows\system32\rebhly.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {6E88349F-CD2D-4093-85FA-8DA2289B4455} - C:\Windows\system32\vtUmkKcD.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [f8365fd5] rundll32.exe "C:\Windows\system32\qxbwkvbb.dll",b
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BMfb056c49] Rundll32.exe "C:\Windows\system32\aprpuynf.dll",s
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BandwidthMeterPro] C:\Program Files\BandwidthMeterPro\BWMeterPro.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: *.line6.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/f ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bandwidth Meter Pro Service (BandwidthMeterProService) - Unknown owner - C:\Program Files\BandwidthMeterPro\BWMeterService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 11451 bytes

Thanks for your help,
Mike

by **DFW** » September 29th, 2008, 9:34 am

You are operating your computer with multiple Anti Virus programs running in memory at once:

Norton360 and Avast4

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
Having two anti-virus programs running at the same time will cause your computer to run very slow, become unstable and crash.

Please Go to add/remove programs and remove one, you decide which one.

I see your trying goolge chrome browser.
Have a read here and decide for yourself if you want to keep it.

http://www.tgdaily.com/content/view/39176/108/

RENAME HIJACKTHIS

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to: C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Right-click on HijackThis.exe & select Rename to seemenow.exe.

1.Download and Run combofix

For information regarding Combofix, please visit this webpage:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Download links on that page.

Please ensure you read this guide carefully and install the Recovery Console first
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode if needed
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed
Very Important!, before running Combofix Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results and unplug you system from the internet

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

by **mykewatson** » September 30th, 2008, 6:17 am

Hi DFW,

Thanks again for following through on this for me. I appreciate your time. I've got rid of Avast... Is 360 an ok internet security suite in your opinion? The pop-ups (for random DLL files through the rundll32 process) on booting have stopped after executing combofix. Here are the logs ....

ComboFix 08-09-28.03 - Mike 2008-09-30 19:38:34.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1106 [GMT 10:00]
Running from: C:\Users\Mike\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\MicroAV
C:\Program Files\MicroAV\MicroAV.ooo
C:\Program Files\MicroAV\MicroAV0.dat
C:\Program Files\MicroAV\MicroAV1.dat
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\sc.html
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\Mike\AppData\Roaming\Adobe\crc.dat
C:\Users\Mike\AppData\Roaming\inst.exe
C:\Windows\system32\1.ico
C:\Windows\system32\2.ico
C:\Windows\system32\aprpuynf.dll
C:\Windows\system32\aumgmptg.dll
C:\Windows\system32\bbvkwbxq.ini
C:\Windows\System32\bvttjctx.ini
C:\Windows\system32\caejdcmb.dll
C:\Windows\system32\cbXPfcYo.dll
C:\Windows\System32\DcKkmUtv.ini
C:\Windows\System32\DcKkmUtv.ini2
C:\Windows\system32\eucowrgg.dll
C:\Windows\System32\gtpmgmua.ini
C:\Windows\system32\gweliogy.dll
C:\Windows\system32\hbjwovvs.dll
C:\Windows\system32\hjlxihgw.ini
C:\Windows\system32\hwjvhmgr.ini
C:\Windows\system32\islhacis.dll
C:\Windows\system32\jolxne.dll
C:\Windows\System32\lSDJlUvw.ini
C:\Windows\System32\lSDJlUvw.ini2
C:\Windows\system32\lzrkpg.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\mjwbqj.dll
C:\Windows\system32\mslhhwnn.dll
C:\Windows\system32\nikdhf.dll
C:\Windows\system32\ntwwsgho.ini
C:\Windows\System32\ocnuqumq.ini
C:\Windows\system32\ufsldfnv.ini
C:\Windows\system32\uqpwbtku.dll
C:\Windows\system32\vtUmkKcD.dll
C:\Windows\system32\vvgathen.dll
C:\Windows\system32\wvUlJDSl.dll
C:\Windows\system32\ymujemnq.dll
C:\Windows\system32\yocqsr.dll

----- BITS: Possible infected sites -----

hxxp://78.157.143.163
.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 )))))))))))))))))))))))))))))))
.

2008-09-24 22:32 . 2008-09-30 19:46 258,198,458 --a------ C:\Windows\MEMORY.DMP
2008-09-24 22:23 . 2008-09-24 22:23 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-24 22:23 . 2008-07-20 00:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-09-23 21:32 . 2008-09-23 21:32 <DIR> d-------- C:\BM2005
2008-09-23 21:04 . 2008-09-23 21:04 <DIR> d-------- C:\VundoFix Backups
2008-09-23 20:47 . 2008-09-23 20:47 107,520 --a------ C:\Windows\System32\acftvfaf.dll
2008-09-23 19:29 . 2008-09-23 19:29 107,520 --a------ C:\Windows\System32\jusnepbi.dll
2008-09-22 23:09 . 2008-09-22 23:09 107,520 --a------ C:\Windows\System32\yuppbekp.dll
2008-09-21 07:30 . 2008-09-21 16:05 294 ---hs---- C:\Windows\System32\tphlnrds.ini2
2008-09-21 07:30 . 2008-09-21 07:30 233 ---hs---- C:\Windows\System32\tphlnrds.tmp
2008-09-21 07:30 . 2008-09-21 07:30 177 ---hs---- C:\Windows\System32\tphlnrds.ini
2008-09-21 07:22 . 2008-09-21 07:22 107,520 --a------ C:\Windows\System32\aqabngam.dll
2008-09-21 04:46 . 2008-09-21 04:46 107,520 --a------ C:\Windows\System32\ypmnrmdu.dll
2008-09-20 22:54 . 2008-09-20 22:58 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-09-20 22:54 . 2008-09-20 22:58 <DIR> d-------- C:\ProgramData\Lavasoft
2008-09-20 22:54 . 2008-09-20 22:54 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-20 22:44 . 2008-09-20 22:44 107,520 --a------ C:\Windows\System32\cgxlmdvu.dll
2008-09-20 22:32 . 2008-09-20 22:32 107,520 --a------ C:\Windows\System32\cpyfymta.dll
2008-09-20 22:23 . 2008-01-21 17:43 4,244,744 --a------ C:\Windows\System32\qtp-mt334.dll
2008-09-20 22:23 . 2008-01-21 17:43 247,560 --a------ C:\Windows\System32\prgiso.dll
2008-09-20 22:23 . 2008-01-21 17:43 39,472 --a------ C:\Windows\System32\drivers\hotcore3.sys
2008-09-20 22:23 . 2008-01-21 17:43 13,576 --a------ C:\Windows\System32\wnaspi32.dll
2008-09-20 22:22 . 2008-09-20 22:22 <DIR> d-------- C:\Program Files\Paragon Software
2008-09-13 11:25 . 2008-09-13 11:25 <DIR> d-------- C:\Program Files\SiSoftware
2008-09-12 21:32 . 2008-09-12 21:32 <DIR> d-------- C:\Users\Mike\AppData\Roaming\BWMeterPro
2008-09-12 21:31 . 2008-09-12 21:39 <DIR> d-------- C:\Program Files\BandwidthMeterPro
2008-09-10 23:26 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll
2008-09-10 23:26 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys
2008-09-10 23:25 . 2008-09-10 23:26 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-10 23:25 . 2008-09-10 23:26 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-10 23:25 . 2008-09-10 23:26 <DIR> d-------- C:\Program Files\iTunes
2008-09-10 23:25 . 2008-09-10 23:25 <DIR> d-------- C:\Program Files\iPod
2008-09-10 22:34 . 2008-09-10 22:34 <DIR> d-------- C:\Program Files\ImTOO
2008-09-10 19:18 . 2008-07-31 11:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 19:18 . 2008-07-31 13:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-10 19:17 . 2008-08-02 11:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 19:17 . 2008-06-26 13:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 19:17 . 2008-06-26 13:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 19:17 . 2008-05-09 05:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 19:17 . 2008-05-20 12:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 19:17 . 2008-06-26 13:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 19:17 . 2008-08-02 13:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-09-05 22:16 . 2008-09-05 22:16 1,900,544 --a------ C:\Windows\System32\usbaaplrc.dll
2008-09-05 22:16 . 2008-09-05 22:16 36,864 --a------ C:\Windows\System32\drivers\usbaapl.sys
2008-09-01 22:08 . 2008-09-24 09:05 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\Windows\System32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\Windows\System32\dnssd.dll
2008-08-23 12:12 . 2008-09-24 09:08 <DIR> d-------- C:\Users\Mike\AppData\Roaming\LimeWire
2008-08-23 12:10 . 2008-08-23 12:11 <DIR> d-------- C:\Program Files\Java
2008-08-23 12:09 . 2008-08-23 12:09 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-21 18:19 . 2008-08-21 18:19 17,844,736 --a------ C:\Windows\System32\imageres.dll
2008-08-19 22:49 . 2008-08-19 22:49 <DIR> d-------- C:\Program Files\Atari
2008-08-19 19:15 . 2008-07-19 15:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-19 19:15 . 2008-07-19 13:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-19 19:15 . 2008-07-19 15:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-19 19:15 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-19 19:15 . 2008-07-19 13:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-19 19:15 . 2008-07-19 15:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-19 19:15 . 2008-07-19 15:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-19 19:15 . 2008-07-19 15:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-19 19:15 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-18 22:59 . 2008-08-18 23:12 <DIR> d-------- C:\logontemp
2008-08-16 13:43 . 2008-08-16 14:05 <DIR> d-------- C:\Windows\nvtmpinst
2008-08-13 18:29 . 2008-08-13 18:29 <DIR> d-------- C:\Program Files\Xplosiv
2008-08-13 18:02 . 2008-07-16 11:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-13 17:44 . 2008-06-27 11:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-13 17:44 . 2008-06-27 14:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-13 17:44 . 2008-06-19 13:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-13 17:44 . 2008-04-18 15:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-13 17:42 . 2008-04-10 15:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-13 17:07 . 2008-08-13 17:36 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-08-13 17:07 . 2008-08-13 17:36 10,671 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-08-13 17:07 . 2008-08-13 17:36 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-08-13 16:33 . 2008-08-13 16:33 <DIR> d-------- C:\Users\All Users\Symantec Temporary Files
2008-08-13 16:33 . 2008-08-13 16:33 <DIR> d-------- C:\ProgramData\Symantec Temporary Files
2008-08-11 20:28 . 2008-08-11 20:29 <DIR> d-------- C:\temp
2008-08-10 15:31 . 2008-08-10 15:31 <DIR> d-------- C:\Program Files\Xvid
2008-08-10 15:31 . 2007-06-28 18:55 77,824 --a------ C:\Windows\System32\xvid.ax
2008-08-08 18:58 . 2008-08-08 18:58 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-02 23:35 . 2008-08-02 23:35 168,304 --ah----- C:\Windows\System32\mlfcache.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 09:40 --------- d-----w C:\Program Files\Azureus
2008-09-24 20:00 --------- d-----w C:\Program Files\mIRC
2008-09-21 06:22 --------- d-----w C:\Users\Mike\AppData\Roaming\Bioshock
2008-09-20 12:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-20 12:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-18 15:16 --------- d-----w C:\Users\Mike\AppData\Roaming\Vso
2008-09-18 08:25 --------- d-----w C:\Program Files\Norton 360
2008-09-10 13:19 --------- d-----w C:\Program Files\Bonjour
2008-09-10 13:17 --------- d-----w C:\Program Files\QuickTime
2008-09-10 13:16 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-09 22:01 --------- d-----w C:\Users\Mike\AppData\Roaming\Azureus
2008-09-08 11:32 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-05 23:59 --------- d-----w C:\ProgramData\Symantec
2008-08-16 04:08 --------- d-----w C:\ProgramData\NVIDIA
2008-08-13 08:06 --------- d-----w C:\Program Files\Windows Mail
2008-08-13 07:36 --------- d-----w C:\Program Files\Symantec
2008-08-13 07:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-13 07:16 --------- d-----w C:\Users\Mike\AppData\Roaming\Symantec
2008-08-11 10:26 --------- d-----w C:\ProgramData\Media Center Programs
2008-08-11 10:08 --------- d-----w C:\Program Files\THQ
2008-07-31 11:05 --------- d-----w C:\Program Files\SpellForce
2008-07-31 11:04 --------- d-----w C:\Program Files\JoWooD
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-30 07:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-07-30 07:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-07-30 07:28 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-07-29 12:04 --------- d-----w C:\Program Files\LucasArts
2008-07-23 05:24 446,464 ----a-w C:\Windows\System32\nvuninst.exe
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-17 12:00 692,569 ----a-w C:\Windows\unins000.exe
2008-06-16 09:57 854,560 ----a-w C:\Windows\System32\nvcplui.exe
2008-06-16 09:57 5,806,624 ----a-w C:\Windows\System32\nvdispsr.dll
2008-06-16 09:57 465,440 ----a-w C:\Windows\System32\nvmccssr.dll
2008-06-16 09:57 4,155,936 ----a-w C:\Windows\System32\nvvitvsr.dll
2008-06-16 09:57 3,463,712 ----a-w C:\Windows\System32\nvgamesr.dll
2008-06-16 09:57 2,980,384 ----a-w C:\Windows\System32\nvwssr.dll
2008-06-16 09:57 2,861,600 ----a-w C:\Windows\System32\nvmoblsr.dll
2008-06-16 09:57 118,784 ----a-w C:\Windows\System32\nvcod130.dll
2008-06-16 09:57 1,079,840 ----a-w C:\Windows\System32\nvcpluir.dll
2008-06-12 12:01 307,968 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-06-12 11:27 47,360 ----a-w C:\Users\Mike\AppData\Roaming\pcouffin.sys
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-21 22:49 174 --sha-w C:\Program Files\desktop.ini
2008-06-23 11:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-23 11:42 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-23 11:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-18 171448]
"Google Update"="C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-08 133104]
"BandwidthMeterPro"="C:\Program Files\BandwidthMeterPro\BWMeterPro.exe" [2008-09-12 236032]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 988512]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-07-26 13576736]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-07-26 92704]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\Windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-16 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=mjwbqj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\Windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\Windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\Windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Mike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\Windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Mike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Heroes of Might & Magic 5 - Tribes of the East.LNK]
path=C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5 - Tribes of the East.LNK
backup=C:\Windows\pss\Registration Heroes of Might & Magic 5 - Tribes of the East.LNK.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Mike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Heroes of Might & Magic 5.LNK]
path=C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK
backup=C:\Windows\pss\Registration Heroes of Might & Magic 5.LNK.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 23:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 16:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 20:12 111936 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 18:07 132392 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 23:08 136136 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-08 23:02 289576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 17:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 12.0]
--a------ 2008-01-10 04:43 2037088 C:\Program Files\Norton Ghost\Agent\VProTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
--a------ 2007-09-11 18:43 95536 C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-11-09 17:15 1634304 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 17:33 1233920 C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-18 23:34 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
--a------ 2008-01-29 17:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Device Detector"=DevDetect.exe -autorun
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-164369667-1103530636-808841869-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0A844B56-72F1-4060-BBA2-ADDD224554BB}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{040FB95F-64FB-4F5C-94DC-DD5F4366B22F}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{4F4D656E-D7F9-4027-8FD3-57248724F8FD}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FC30D70B-8489-4617-805D-D043E031E4FF}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{498718F1-3319-437E-BF8B-71D66DB0AE89}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{3BB7F711-284C-4CA2-BF1E-82B2AF8B2A33}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{74D86FC1-2431-44E0-9583-730CB611A5E1}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{76C193D8-615A-41B2-8520-33598D004ED7}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{4F607B11-7113-4756-829B-79107F2755F9}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"{D7303E5F-8FA1-4FF0-B165-F9F1BC5065D5}"= UDP:3703:Adobe Version Cue CS3 Server
"{37AA15D7-065F-47C9-8FD6-E488BF862B13}"= UDP:3704:Adobe Version Cue CS3 Server
"{C3EC0936-4273-44E6-92FC-9E3921868361}"= UDP:50900:Adobe Version Cue CS3 Server
"{D773A94B-4E2D-4CBE-A6BB-DCB472294D9D}"= UDP:50901:Adobe Version Cue CS3 Server
"{DDC0A205-85B5-49F8-93CF-768C64A8AD77}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{6029CEA2-9294-440A-A51F-F9EA88CFE5B2}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{E67F2558-A7CE-41D5-8F2C-83B86842D3F3}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{72910BB9-772E-4303-AEFB-5118440D8034}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{865842B5-D5E6-413A-AA8B-6C2EE0910370}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{8DAB7002-D712-4C12-BB03-B63760EE0108}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{867DB97E-8B24-4A7D-96CD-52C7400E8064}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{DFA9C2FF-8CD7-44CD-B91F-E62B582C82A2}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{24741CC1-DF85-4EAE-BA4F-3D158EBAED69}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{7F1361E8-86B8-4560-9C76-83077180503C}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{465EFEA4-F691-4CAD-B491-ED4B7AE871C3}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{DFBB0F48-E6EA-47EB-AAAD-8ED11114292A}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{EDAB1331-DA3F-45C0-8CA7-13577AB74CFD}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{4DEA4DCA-5360-411A-8D1C-1CA2061F1C82}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F04980CB-1769-464B-A280-82EE7D88CC29}"= UDP:C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{0095E900-FAD5-41BB-A043-3375B14F7103}"= TCP:C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{C262FC5E-DBE2-4714-8958-5DE5710A2587}"= UDP:C:\Program Files\Sega\Universe At War Earth Assault\UAWEA.exe:Universe at War Earth Assault
"{3B6A3CEE-77C2-4B60-BA47-4D8D164532CB}"= TCP:C:\Program Files\Sega\Universe At War Earth Assault\UAWEA.exe:Universe at War Earth Assault
"{EF24C871-9626-4B39-86DB-3EBE73E7007F}"= UDP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{CB9C61A1-CE63-4D6B-9E5F-1A193C382F09}"= TCP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{4FE689B3-8E86-49D6-B68C-9160FD049FFB}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{E6EB8B68-DC1B-4BE3-8B31-144AB54EBA93}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{16B3A48E-3A6D-463C-A74B-ED0F7AF40F85}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{C42B9D69-4A64-4D1B-B51B-66146A365DAD}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{0DB9E5B9-0A11-46AA-952C-5DA9885EB075}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{C947A323-681E-409A-AE34-1E02310B070A}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{4D686F7B-C032-4398-A646-2E38F5BA9F42}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{E3AD8BE3-C5D7-4949-BBA8-99D16F5F7C92}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{1A019397-D989-4994-B97F-3C6AC2C6897F}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{713C6882-2A49-486A-A9C7-3BDF3D621AC4}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{3179BB92-1DE1-40F5-88AB-3E0BD60787A1}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{F56F7517-A9B7-4873-B2D0-0F2DEF81EB42}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{9DC92F17-DA12-4862-9DC5-708CF6E47CBF}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{AD941130-B9F2-417A-AC90-BC699E0B40EF}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{8F39571B-0C7E-498F-96D8-C5923F0CD7C1}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{AB4A2243-7FF8-40EC-B045-3ADEA56533E5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{D6E6E617-B44C-46BB-B2E2-201DB21F4767}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{98E023D6-1BD8-4B84-8A4D-543E358758FF}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 hotcore3;hotcore3;C:\Windows\system32\drivers\hotcore3.sys [2008-01-21 39472]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-20 78416]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080923.001\IDSvix86.sys [2008-09-12 270384]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-20 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-20 51280]
R2 BandwidthMeterProService;Bandwidth Meter Pro Service;C:\Program Files\BandwidthMeterPro\BWMeterService.exe [2008-08-15 184320]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2008-05-20 303616]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 GPWADrv;Service for L6 GuitarPort Driver (WDM);C:\Windows\system32\Drivers\GPWADrv.sys [2007-09-18 514432]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe [2008-09-01 98488]
S4 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-06-12 307968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a4b4302-95db-11dc-9903-0011d80c9c95}]
\shell\AutoRun\command - J:\Autorun.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{24b7f078-0e1d-482b-a239-2a706e9418cd} - C:\Windows\system32\mjwbqj.dll
BHO-{D4FD0238-28F8-4A0D-8444-E08CFCFE5BE0} - C:\Windows\system32\vtUmkKcD.dll
HKLM-Run-BMfb056c49 - C:\Windows\system32\eucowrgg.dll
HKLM-Run-f8365fd5 - C:\Windows\system32\aumgmptg.dll
HKLM-Run-CmPCIaudio - CMICNFG3.CPL
MSConfigStartUp-MSServer - C:\Windows\system32\rqRHaBTm.dll
MSConfigStartUp-NeroFilterCheck - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
MSConfigStartUp-Run - C:\Users\Mike\AppData\Roaming\Adobe\Player.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\akngass4.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.au/
FF -: plugin - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Users\Mike\AppData\Local\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\akngass4.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 19:56:04
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Windows\System32\IoctlSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-09-30 20:01:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-30 10:00:59

Pre-Run: 120,689,311,744 bytes free
Post-Run: 120,488,767,488 bytes free

471 --- E O F --- 2008-09-10 10:17:44

HJT LOG ____________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:08:32 PM, on 30/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\BandwidthMeterPro\BWMeterPro.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\seemenow.exe.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BandwidthMeterPro] C:\Program Files\BandwidthMeterPro\BWMeterPro.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O15 - Trusted Zone: *.line6.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/f ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: mjwbqj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bandwidth Meter Pro Service (BandwidthMeterProService) - Unknown owner - C:\Program Files\BandwidthMeterPro\BWMeterService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10011 bytes

Are we looking good now?

Cheers,
Mike.

by **DFW** » September 30th, 2008, 12:05 pm

Hi mykewatson

We are not out of the woods yet, but getting there, you asked me if Norton 360 is ok as a internet security suite, but first, do you have a subscription to Norton
or is it a trail version that come with your system

Open up Hijackthis
Click on do a system scan only.
Place a checkmark next to these lines(if still present)

O20 - AppInit_DLLs: mjwbqj.dll
O15 - Trusted Zone: *.line6.net

Then close all windows except Hijackthis and click Fix Checked

Very Important!, before running Combofix Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results and unplug you system from the internet

Now please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code: Select all

File::
C:\Windows\System32\acftvfaf.dll
C:\Windows\System32\jusnepbi.dll
C:\Windows\System32\yuppbekp.dll
C:\Windows\System32\tphlnrds.ini2
C:\Windows\System32\tphlnrds.tmp
C:\Windows\System32\tphlnrds.ini
C:\Windows\System32\aqabngam.dll
C:\Windows\System32\ypmnrmdu.dll
C:\Windows\System32\cgxlmdvu.dll
C:\Windows\System32\cpyfymta.dll
C:\Windows\System32\drivers\aswMonFlt.sys 

Folder::
C:\Program Files\LimeWire
C:\Users\Mike\AppData\Roaming\LimeWire
C:\Program Files\Azureus
C:\Users\Mike\AppData\Roaming\Azureus
C:\Program Files\Alwil Software 

DirLook::
C:\temp

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Next Please download ATF Cleaner here by Atribune.
This program is for XP and Windows 2000 only. It does not require any installation and uses minimal system resources.
It is set up to clean IE, FireFox and Opera, and detects the browsers you have and grays out the other(s.[/b]

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Recommend UNCHECKING COOKIES if you rely on system remembered passwords.
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
Click the Empty Selected button.
NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Please download Malwarebytes' Anti-Malware and save it to a convenient location.
Double click on mbam-setup.exe to install it.
Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
Select the Scanner tab. Click on Perform full scan, then click on Scan.
Leave the default options as it is and click on Start Scan.
When done, you will be prompted. Click OK, then click on Show Results.
Checked (ticked) all items and click on Remove Selected.
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

Please post back
Combofix Log
Malwarebytes' Anti-Malware Log
A New Highjackthis Log

by **mykewatson** » October 1st, 2008, 6:17 pm

Hi DFW,

Back again. I've carried out your instructions and the logs are posted below. One worrying thing though... while I was running HJT the last time Norton processed some threats and detected a Vundo Trojan in 8 Processes, 14 files 1 Service and 122 Registry Entries. this is looking like an insidious little b@stard...

ComboFix 08-09-30.03 - Mike 2008-10-01 21:42:16.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1268 [GMT 10:00]
Running from: C:\Users\Mike\Desktop\ComboFix.exe
Command switches used :: C:\Users\Mike\Desktop\CFScript.txt

FILE ::
C:\Windows\System32\acftvfaf.dll
C:\Windows\System32\aqabngam.dll
C:\Windows\System32\cgxlmdvu.dll
C:\Windows\System32\cpyfymta.dll
C:\Windows\System32\drivers\aswMonFlt.sys
C:\Windows\System32\jusnepbi.dll
C:\Windows\System32\tphlnrds.ini
C:\Windows\System32\tphlnrds.ini2
C:\Windows\System32\tphlnrds.tmp
C:\Windows\System32\ypmnrmdu.dll
C:\Windows\System32\yuppbekp.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Alwil Software
C:\Program Files\Alwil Software\Avast4\Setup\setup.ini
C:\Program Files\Azureus
C:\Program Files\Azureus\bin-5037\Living.Mobile.Bomberman.Reloaded.240x320.v1.0.0.S60v3.J2ME.Retail-BiNPDA.jar
C:\Program Files\Azureus\hs_err_pid2948.log
C:\Program Files\Azureus\plugins\azemp\azemp_1.9.0.jar
C:\Program Files\Azureus\plugins\azemp\azemp_1.9.0.zip
C:\Program Files\Azureus\plugins\azemp\azemp_1.9.11.jar
C:\Program Files\Azureus\plugins\azemp\azemp_1.9.11.zip
C:\Program Files\Azureus\plugins\azemp\azemp_1.9.6.jar
C:\Program Files\Azureus\plugins\azemp\azemp_1.9.6.zip
C:\Program Files\Azureus\plugins\azemp\azemp_2.0.11.jar
C:\Program Files\Azureus\plugins\azemp\azemp_2.0.11.zip
C:\Program Files\Azureus\plugins\azemp\azemp_2.0.14.jar
C:\Program Files\Azureus\plugins\azemp\azemp_2.0.14.zip
C:\Program Files\Azureus\plugins\azemp\azemp_2.0.16.jar
C:\Program Files\Azureus\plugins\azemp\azemp_2.0.16.zip
C:\Program Files\Azureus\plugins\azemp\azmplay.exe.bak
C:\Program Files\Azureus\plugins\azemp\cp1250-a.raw.bak
C:\Program Files\Azureus\plugins\azemp\cp1250-b.raw.bak
C:\Program Files\Azureus\plugins\azemp\font.desc.bak
C:\Program Files\Azureus\plugins\azemp\libInfoGetter.dll
C:\Program Files\Azureus\plugins\azemp\mplayer\config
C:\Program Files\Azureus\plugins\azemp\osd-mplayer-a.raw.bak
C:\Program Files\Azureus\plugins\azemp\osd-mplayer-b.raw.bak
C:\Program Files\Azureus\plugins\azemp\plugin.properties_1.9.0
C:\Program Files\Azureus\plugins\azemp\plugin.properties_1.9.11
C:\Program Files\Azureus\plugins\azemp\plugin.properties_1.9.6
C:\Program Files\Azureus\plugins\azemp\plugin.properties_2.0.11
C:\Program Files\Azureus\plugins\azemp\plugin.properties_2.0.14
C:\Program Files\Azureus\plugins\azemp\plugin.properties_2.0.16
C:\Program Files\Azureus\plugins\azupdater\azupdater_1.8.8.zip
C:\Program Files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.8.jar
C:\Program Files\Azureus\plugins\azupdater\plugin.properties_1.8.8
C:\Program Files\Azureus\plugins\azupdater\Updater.jar.bak
C:\Program Files\Azureus\plugins\azupnpav\azupnpav_0.1.7.jar
C:\Program Files\Azureus\plugins\azupnpav\azupnpav_0.1.7.zip
C:\Program Files\Azureus\plugins\azupnpav\azupnpav_0.2.0.jar
C:\Program Files\Azureus\plugins\azupnpav\azupnpav_0.2.0.zip
C:\Program Files\Azureus\plugins\azupnpav\azupnpav_0.2.1.jar
C:\Program Files\Azureus\plugins\azupnpav\azupnpav_0.2.1.zip
C:\Program Files\Azureus\plugins\azupnpav\azupnpav_0.2.2.jar
C:\Program Files\Azureus\plugins\azupnpav\azupnpav_0.2.2.zip
C:\Program Files\Azureus\plugins\azupnpav\plugin.properties_0.1.7
C:\Program Files\Azureus\plugins\azupnpav\plugin.properties_0.2.0
C:\Program Files\Azureus\plugins\azupnpav\plugin.properties_0.2.1
C:\Program Files\Azureus\plugins\azupnpav\plugin.properties_0.2.2
C:\Users\Mike\AppData\Roaming\Azureus
C:\Users\Mike\AppData\Roaming\Azureus\.certs
C:\Users\Mike\AppData\Roaming\Azureus\.keystore
C:\Users\Mike\AppData\Roaming\Azureus\.lock
C:\Users\Mike\AppData\Roaming\Azureus\active\0403F47A2A5D0C56FD542220C5B4F67B74C2AC66.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\0403F47A2A5D0C56FD542220C5B4F67B74C2AC66.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\05000486714438AD732CE66A79AC5A438ABDD7B4.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\05000486714438AD732CE66A79AC5A438ABDD7B4.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\0EB143E8C85C191C2AB8867F854C868DB0497E87.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\0EB143E8C85C191C2AB8867F854C868DB0497E87.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\10730C930FF51019515DAC7117B9EBCD97F9AA29.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\10730C930FF51019515DAC7117B9EBCD97F9AA29.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\1810F5C62EA2D19A58992EF2B44CDCE7ABFEE592.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\1810F5C62EA2D19A58992EF2B44CDCE7ABFEE592.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\1B6CC497DE4A08E6F3295E2D8618A45B24C6FDD0.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\1B6CC497DE4A08E6F3295E2D8618A45B24C6FDD0.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\1E221168F57D3B6A2BB127133BABBB13174C2730.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\1E221168F57D3B6A2BB127133BABBB13174C2730.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\1E4A8B88050A1C97314B294F8DF3A5F728E7B708.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\1E4A8B88050A1C97314B294F8DF3A5F728E7B708.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\2027CE83040D55EA72CBC2A7ACD3295EC29826B3.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\2027CE83040D55EA72CBC2A7ACD3295EC29826B3.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\2DFCEEA587D646F650713528C16B2C715B5D8AD9.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\2DFCEEA587D646F650713528C16B2C715B5D8AD9.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\3040BE51CEA1420F86E0047FF3E38EA266511863.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\3040BE51CEA1420F86E0047FF3E38EA266511863.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\362046CFFE3F2D9DD5D6606E2AD752A46CF6CCFC.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\362046CFFE3F2D9DD5D6606E2AD752A46CF6CCFC.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\3C474E1E7ABE156EB791672F2819DDCD422FD26E.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\3C474E1E7ABE156EB791672F2819DDCD422FD26E.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\571AB7B080646FFADDDC164C08D52A3DBD82F657.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\571AB7B080646FFADDDC164C08D52A3DBD82F657.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\5733FE5870BC8065A8D0FCBB8166FAA476EF257C.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\5733FE5870BC8065A8D0FCBB8166FAA476EF257C.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\5733FE5870BC8065A8D0FCBB8166FAA476EF257C.dat.saving
C:\Users\Mike\AppData\Roaming\Azureus\active\5971351F8985E1D01D67FC57A9F1F3E9AB8E07DA.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\5971351F8985E1D01D67FC57A9F1F3E9AB8E07DA.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\6031475306AC153B2B9F300F55E993436D4BE3DC.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\6031475306AC153B2B9F300F55E993436D4BE3DC.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\6279C8F5F7E63175BD0E545CC7E063A3C8508E85.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\6279C8F5F7E63175BD0E545CC7E063A3C8508E85.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\66ACBABE1E41B49B00BF7A79E20B575007F6BA0E.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\66ACBABE1E41B49B00BF7A79E20B575007F6BA0E.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\69B5BD0F4D8B0CA8BAFE2D9FCB60EC34E8E5F706.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\69B5BD0F4D8B0CA8BAFE2D9FCB60EC34E8E5F706.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\710703FF98202CB04D9D87FF78A9D2CFBF0D195B.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\710703FF98202CB04D9D87FF78A9D2CFBF0D195B.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\7240BEF7F205902B6358324970F520D06FAEEBDF.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\7240BEF7F205902B6358324970F520D06FAEEBDF.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\731755598CCF4B75D85AA5DEC957E251993FF88C.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\731755598CCF4B75D85AA5DEC957E251993FF88C.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\84F00CA1F51711C2BFA1EE194C27CD8BF260E4D9.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\84F00CA1F51711C2BFA1EE194C27CD8BF260E4D9.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\8646DA22025FA47CC83591C35BC761B15714CE4A.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\8646DA22025FA47CC83591C35BC761B15714CE4A.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\9798C7EDC169199165CDE755621417766A0A9DC8.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\9798C7EDC169199165CDE755621417766A0A9DC8.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\9B5F74C216E573B0CFC250132B838684A59EB197.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\9B5F74C216E573B0CFC250132B838684A59EB197.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\9D8F9E63D26A0F53F67DEB5AC99A5802523ED9B5.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\9D8F9E63D26A0F53F67DEB5AC99A5802523ED9B5.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\B45F762AA97C95BBF294658A885FB104D0B0C720.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\B45F762AA97C95BBF294658A885FB104D0B0C720.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\B678565CAFEFEE8C1D28B1079E35435792D8F676.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\B678565CAFEFEE8C1D28B1079E35435792D8F676.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\C1FBA84E8E7BF0A3AF09C08D7F24A79B6B8A128C.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\C1FBA84E8E7BF0A3AF09C08D7F24A79B6B8A128C.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\C21C6B783B7AB3B76E960446A0E6D1A74BC10672.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\C21C6B783B7AB3B76E960446A0E6D1A74BC10672.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\C4738DBEC2C721C75482ADFB61FE6F5CD98B7B58.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\C4738DBEC2C721C75482ADFB61FE6F5CD98B7B58.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\D87C093912373F6C6A3FCBA9B3B99B0DEDCA837E.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\D87C093912373F6C6A3FCBA9B3B99B0DEDCA837E.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\E09AF701584772854CF175FC5AE002EA05027FD4.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\E09AF701584772854CF175FC5AE002EA05027FD4.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\E27F731C2C466D4CAE7174B3738E7FE782B7E63E.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\E27F731C2C466D4CAE7174B3738E7FE782B7E63E.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\E3A63E8E2D89DB6F3AE901D8F9D023758CFD360B.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\E3A63E8E2D89DB6F3AE901D8F9D023758CFD360B.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\E47162F61EE4EA7F7456CF99DFF5E5373838EE7C.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\E47162F61EE4EA7F7456CF99DFF5E5373838EE7C.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\E8063CE44F95EBDF139E08CC53405675211CB0A3.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\E8063CE44F95EBDF139E08CC53405675211CB0A3.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\E931700A73514AB66B1444416E29889E79036564.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\E931700A73514AB66B1444416E29889E79036564.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\EA1BFF0096C2A1A7E84A12C3FBF844D2A6998FC6.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\EA1BFF0096C2A1A7E84A12C3FBF844D2A6998FC6.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\EADD52FA45BB1B7143A02563B8E49B94C610A684.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\EADD52FA45BB1B7143A02563B8E49B94C610A684.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\F43FA1F2E047CB29FD47D9955A838EB27B42CA77.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\F43FA1F2E047CB29FD47D9955A838EB27B42CA77.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\F4746D777CAEF66788A7B9E38696176D67AB19E4.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\F4746D777CAEF66788A7B9E38696176D67AB19E4.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\F670C345D5938BBEA261AC758B6570EB808D25F5.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\F670C345D5938BBEA261AC758B6570EB808D25F5.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\F7C207B3D274ABD2795FA3F6685EE5ACD9EE4451.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\F7C207B3D274ABD2795FA3F6685EE5ACD9EE4451.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\active\FA2A07DDAE6FD43305B9B696398B391B2B3B4B1F.dat
C:\Users\Mike\AppData\Roaming\Azureus\active\FA2A07DDAE6FD43305B9B696398B391B2B3B4B1F.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\azureus.config
C:\Users\Mike\AppData\Roaming\Azureus\azureus.config.bak
C:\Users\Mike\AppData\Roaming\Azureus\azureus.statistics
C:\Users\Mike\AppData\Roaming\Azureus\azureus.statistics.bak
C:\Users\Mike\AppData\Roaming\Azureus\banips.config
C:\Users\Mike\AppData\Roaming\Azureus\banips.config.bak
C:\Users\Mike\AppData\Roaming\Azureus\dht\addresses.dat
C:\Users\Mike\AppData\Roaming\Azureus\dht\contacts.dat
C:\Users\Mike\AppData\Roaming\Azureus\dht\diverse.dat
C:\Users\Mike\AppData\Roaming\Azureus\dht\general.dat
C:\Users\Mike\AppData\Roaming\Azureus\dht\net3\addresses.dat
C:\Users\Mike\AppData\Roaming\Azureus\dht\net3\contacts.dat
C:\Users\Mike\AppData\Roaming\Azureus\dht\net3\diverse.dat
C:\Users\Mike\AppData\Roaming\Azureus\dht\net3\version.dat
C:\Users\Mike\AppData\Roaming\Azureus\dht\version.dat
C:\Users\Mike\AppData\Roaming\Azureus\downloads.config
C:\Users\Mike\AppData\Roaming\Azureus\downloads.config.bak
C:\Users\Mike\AppData\Roaming\Azureus\friends.config
C:\Users\Mike\AppData\Roaming\Azureus\friends.config.bak
C:\Users\Mike\AppData\Roaming\Azureus\ipfilter.cache
C:\Users\Mike\AppData\Roaming\Azureus\logs\alerts_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\AutoSpeed_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\AutoSpeed_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\AutoSpeedSearchHistory_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\AutoSpeedSearchHistory_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\debug_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\debug_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\Friends_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\Friends_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\MetaSearch_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\MetaSearch_Engine_3.txt
C:\Users\Mike\AppData\Roaming\Azureus\logs\MetaSearch_Engine_4.txt
C:\Users\Mike\AppData\Roaming\Azureus\logs\MetaSearch_Engine_5.txt
C:\Users\Mike\AppData\Roaming\Azureus\logs\MetaSearch_Engine_6.txt
C:\Users\Mike\AppData\Roaming\Azureus\logs\MetaSearch_Engine_9.txt
C:\Users\Mike\AppData\Roaming\Azureus\logs\NetStatus_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_alerts_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_AutoSpeed_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_AutoSpeed_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_AutoSpeedSearchHistory_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_AutoSpeedSearchHistory_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_debug_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_debug_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_Friends_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_Friends_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_MetaSearch_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_MetaSearch_Engine_3.txt
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_MetaSearch_Engine_4.txt
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_MetaSearch_Engine_5.txt
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_MetaSearch_Engine_6.txt
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_MetaSearch_Engine_9.txt
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_NetStatus_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_seltrace_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_seltrace_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_SpeedMan_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_SpeedMan_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_thread_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_thread_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_v3.ads_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_v3.CMsgr_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_v3.emp_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_v3.Friends_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_v3.Friends_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_v3.MD_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_v3.PMsgr_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_v3.PMsgr_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_v3.Stream_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\save\1220959449979_v3.Stream_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\seltrace_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\seltrace_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\SpeedMan_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\SpeedMan_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\thread_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\thread_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\v3.ads_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\v3.CMsgr_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\v3.emp_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\v3.Friends_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\v3.Friends_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\v3.MD_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\v3.PMsgr_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\v3.PMsgr_2.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\v3.Stream_1.log
C:\Users\Mike\AppData\Roaming\Azureus\logs\v3.Stream_2.log
C:\Users\Mike\AppData\Roaming\Azureus\metasearch.config
C:\Users\Mike\AppData\Roaming\Azureus\metasearch.config.bak
C:\Users\Mike\AppData\Roaming\Azureus\net\pm_4804.dat
C:\Users\Mike\AppData\Roaming\Azureus\net\pm_default.dat
C:\Users\Mike\AppData\Roaming\Azureus\tables.config
C:\Users\Mike\AppData\Roaming\Azureus\tables.config.bak
C:\Users\Mike\AppData\Roaming\Azureus\timingstats.dat
C:\Users\Mike\AppData\Roaming\Azureus\tmp\AZU55218.tmp
C:\Users\Mike\AppData\Roaming\Azureus\tmp\AZU55219.tmp
C:\Users\Mike\AppData\Roaming\Azureus\tmp\AZU55220.tmp
C:\Users\Mike\AppData\Roaming\Azureus\tmp\AZU55221.tmp
C:\Users\Mike\AppData\Roaming\Azureus\tmp\AZU55222.tmp
C:\Users\Mike\AppData\Roaming\Azureus\tmp\AZU55223.tmp
C:\Users\Mike\AppData\Roaming\Azureus\tmp\AZU55224.tmp
C:\Users\Mike\AppData\Roaming\Azureus\tmp\AZU55225.tmp
C:\Users\Mike\AppData\Roaming\Azureus\tmp\AZU55226.tmp
C:\Users\Mike\AppData\Roaming\Azureus\torrents\AZU28203.tmp
C:\Users\Mike\AppData\Roaming\Azureus\tracker.config
C:\Users\Mike\AppData\Roaming\Azureus\tracker.config.bak
C:\Users\Mike\AppData\Roaming\Azureus\unsentdata.config
C:\Users\Mike\AppData\Roaming\Azureus\unsentdata.config.bak
C:\Users\Mike\AppData\Roaming\Azureus\update.log
C:\Users\Mike\AppData\Roaming\Azureus\update.properties
C:\Users\Mike\AppData\Roaming\Azureus\v3.Friends.dat
C:\Users\Mike\AppData\Roaming\Azureus\v3.Friends.dat.bak
C:\Users\Mike\AppData\Roaming\Azureus\VuzeActivities.config
C:\Users\Mike\AppData\Roaming\Azureus\VuzeActivities.config.bak
C:\Users\Mike\AppData\Roaming\LimeWire
C:\Users\Mike\AppData\Roaming\LimeWire\active.mojito
C:\Users\Mike\AppData\Roaming\LimeWire\certificate\limewire.keystore
C:\Users\Mike\AppData\Roaming\LimeWire\createtimes.cache
C:\Users\Mike\AppData\Roaming\LimeWire\downloads.dat
C:\Users\Mike\AppData\Roaming\LimeWire\fileurns.bak
C:\Users\Mike\AppData\Roaming\LimeWire\fileurns.cache
C:\Users\Mike\AppData\Roaming\LimeWire\filters.props
C:\Users\Mike\AppData\Roaming\LimeWire\gnutella.net
C:\Users\Mike\AppData\Roaming\LimeWire\installation.props
C:\Users\Mike\AppData\Roaming\LimeWire\library.dat
C:\Users\Mike\AppData\Roaming\LimeWire\limewire.props
C:\Users\Mike\AppData\Roaming\LimeWire\mojito.props
C:\Users\Mike\AppData\Roaming\LimeWire\promotion\promodb.backup
C:\Users\Mike\AppData\Roaming\LimeWire\promotion\promodb.data
C:\Users\Mike\AppData\Roaming\LimeWire\promotion\promodb.properties
C:\Users\Mike\AppData\Roaming\LimeWire\promotion\promodb.script
C:\Users\Mike\AppData\Roaming\LimeWire\questions.props
C:\Users\Mike\AppData\Roaming\LimeWire\responses.cache
C:\Users\Mike\AppData\Roaming\LimeWire\simpp.xml
C:\Users\Mike\AppData\Roaming\LimeWire\spam.dat
C:\Users\Mike\AppData\Roaming\LimeWire\tables.props
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme.lwtp
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\01_star.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\02_star.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\03_star.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\04_star.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\05_star.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\chat.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\dir_closed.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\dir_open.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\forward_dn.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\forward_up.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\kill.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\kill_on.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\lime.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\lw_logo.png
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\pause_dn.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\pause_up.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\play_dn.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\play_up.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\question.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\rewind_dn.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\rewind_up.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\stop_dn.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\stop_up.gif
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\theme.txt
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\version.txt
C:\Users\Mike\AppData\Roaming\LimeWire\themes\limewirePro_theme\warning.gif
C:\Users\Mike\AppData\Roaming\LimeWire\ttrees.cache
C:\Users\Mike\AppData\Roaming\LimeWire\ttroot.cache
C:\Users\Mike\AppData\Roaming\LimeWire\version.xml
C:\Users\Mike\AppData\Roaming\LimeWire\versions.props
C:\Users\Mike\AppData\Roaming\LimeWire\xml\data\audio.sxml2
C:\Users\Mike\AppData\Roaming\LimeWire\xml\data\image.sxml2
C:\Users\Mike\AppData\Roaming\LimeWire\xml\data\video.sxml2
C:\Windows\System32\acftvfaf.dll
C:\Windows\System32\aqabngam.dll
C:\Windows\System32\cgxlmdvu.dll
C:\Windows\System32\cpyfymta.dll
C:\Windows\System32\jusnepbi.dll
C:\Windows\System32\tphlnrds.ini
C:\Windows\System32\tphlnrds.ini2
C:\Windows\System32\tphlnrds.tmp
C:\Windows\System32\ypmnrmdu.dll
C:\Windows\System32\yuppbekp.dll

.
((((((((((((((((((((((((( Files Created from 2008-09-01 to 2008-10-01 )))))))))))))))))))))))))))))))
.

2008-09-30 23:17 . 2008-09-30 23:17 <DIR> d-------- C:\Windows\System32\AGEIA
2008-09-30 23:17 . 2008-09-30 23:17 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-09-24 22:32 . 2008-09-30 19:46 258,198,458 --a------ C:\Windows\MEMORY.DMP
2008-09-23 21:32 . 2008-09-23 21:32 <DIR> d-------- C:\BM2005
2008-09-23 21:04 . 2008-09-23 21:04 <DIR> d-------- C:\VundoFix Backups
2008-09-20 22:54 . 2008-09-20 22:58 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-09-20 22:54 . 2008-09-20 22:58 <DIR> d-------- C:\ProgramData\Lavasoft
2008-09-20 22:54 . 2008-09-20 22:54 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-20 22:23 . 2008-01-21 17:43 4,244,744 --a------ C:\Windows\System32\qtp-mt334.dll
2008-09-20 22:23 . 2008-01-21 17:43 247,560 --a------ C:\Windows\System32\prgiso.dll
2008-09-20 22:23 . 2008-01-21 17:43 39,472 --a------ C:\Windows\System32\drivers\hotcore3.sys
2008-09-20 22:23 . 2008-01-21 17:43 13,576 --a------ C:\Windows\System32\wnaspi32.dll
2008-09-20 22:22 . 2008-09-20 22:22 <DIR> d-------- C:\Program Files\Paragon Software
2008-09-13 11:25 . 2008-09-13 11:25 <DIR> d-------- C:\Program Files\SiSoftware
2008-09-12 21:32 . 2008-09-12 21:32 <DIR> d-------- C:\Users\Mike\AppData\Roaming\BWMeterPro
2008-09-12 21:31 . 2008-09-12 21:39 <DIR> d-------- C:\Program Files\BandwidthMeterPro
2008-09-10 23:26 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll
2008-09-10 23:26 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys
2008-09-10 23:25 . 2008-09-10 23:26 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-10 23:25 . 2008-09-10 23:26 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-10 23:25 . 2008-09-10 23:26 <DIR> d-------- C:\Program Files\iTunes
2008-09-10 23:25 . 2008-09-10 23:25 <DIR> d-------- C:\Program Files\iPod
2008-09-10 22:34 . 2008-09-10 22:34 <DIR> d-------- C:\Program Files\ImTOO
2008-09-10 19:18 . 2008-07-31 11:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 19:18 . 2008-07-31 13:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-10 19:17 . 2008-08-02 11:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 19:17 . 2008-06-26 13:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 19:17 . 2008-06-26 13:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 19:17 . 2008-05-09 05:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 19:17 . 2008-05-20 12:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 19:17 . 2008-06-26 13:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 19:17 . 2008-08-02 13:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-09-05 22:16 . 2008-09-05 22:16 1,900,544 --a------ C:\Windows\System32\usbaaplrc.dll
2008-09-05 22:16 . 2008-09-05 22:16 36,864 --a------ C:\Windows\System32\drivers\usbaapl.sys
2008-09-04 09:31 . 2008-09-04 09:31 288,024 --a------ C:\Windows\System32\PhysXCplUI.exe
2008-09-04 09:31 . 2008-09-04 09:31 181,528 --a------ C:\Windows\System32\PhysX.cpl
2008-09-01 22:08 . 2008-09-24 09:05 <DIR> d-------- C:\Program Files\PeerGuardian2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 23:00 --------- d-----w C:\ProgramData\NVIDIA
2008-09-30 13:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-24 20:00 --------- d-----w C:\Program Files\mIRC
2008-09-21 06:22 --------- d-----w C:\Users\Mike\AppData\Roaming\Bioshock
2008-09-20 12:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-18 15:16 --------- d-----w C:\Users\Mike\AppData\Roaming\Vso
2008-09-18 08:25 --------- d-----w C:\Program Files\Norton 360
2008-09-10 13:19 --------- d-----w C:\Program Files\Bonjour
2008-09-10 13:17 --------- d-----w C:\Program Files\QuickTime
2008-09-10 13:16 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-08 11:32 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-05 23:59 --------- d-----w C:\ProgramData\Symantec
2008-08-29 00:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe
2008-08-28 23:53 61,440 ----a-w C:\Windows\System32\dnssd.dll
2008-08-28 22:57 70,936 ----a-w C:\Windows\System32\PhysXLoader.dll
2008-08-23 02:11 --------- d-----w C:\Program Files\Java
2008-08-23 02:09 --------- d-----w C:\Program Files\Common Files\Java
2008-08-21 08:19 17,844,736 ----a-w C:\Windows\System32\imageres.dll
2008-08-19 12:49 --------- d-----w C:\Program Files\Atari
2008-08-13 08:29 --------- d-----w C:\Program Files\Xplosiv
2008-08-13 08:06 --------- d-----w C:\Program Files\Windows Mail
2008-08-13 07:36 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-08-13 07:36 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-08-13 07:36 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-08-13 07:36 --------- d-----w C:\Program Files\Symantec
2008-08-13 07:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-13 07:16 --------- d-----w C:\Users\Mike\AppData\Roaming\Symantec
2008-08-13 06:33 --------- d-----w C:\ProgramData\Symantec Temporary Files
2008-08-11 10:26 --------- d-----w C:\ProgramData\Media Center Programs
2008-08-11 10:08 --------- d-----w C:\Program Files\THQ
2008-08-10 05:31 --------- d-----w C:\Program Files\Xvid
2008-08-08 08:58 --------- d-----w C:\Program Files\Apple Software Update
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-26 02:48 122,880 ----a-w C:\Windows\System32\nvcod133.dll
2008-07-23 05:24 446,464 ----a-w C:\Windows\System32\nvuninst.exe
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 12:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 10:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-06-12 11:27 47,360 ----a-w C:\Users\Mike\AppData\Roaming\pcouffin.sys
2008-03-21 22:49 174 --sha-w C:\Program Files\desktop.ini
2008-06-23 11:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-23 11:42 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-23 11:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\temp ----

2008-08-11 20:29 1909 --a------ C:\temp\gpgnet0.log
2008-08-11 20:29 0 --a------ C:\temp\quazal.log

((((((((((((((((((((((((((((( snapshot@2008-09-30_19.59.42.83 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-10 13:10:29 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-09-30 13:15:54 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-09-10 13:10:29 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-09-30 13:15:52 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-09-10 13:10:29 143,360 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-09-30 13:15:54 143,360 ----a-w C:\Windows\inf\infstrng.dat
- 2008-09-30 09:46:26 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-01 10:56:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-09-30 09:46:26 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-01 10:56:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-30 09:55:45 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-01 10:59:15 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-01 10:59:15 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-09-30 09:55:45 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-01 10:59:10 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-01 10:59:10 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2008-06-10 23:02:32 58,648 ----a-w C:\Windows\System32\AgCPanelFrench.dll
+ 2008-06-10 23:02:32 58,648 ----a-w C:\Windows\System32\AgCPanelGerman.dll
+ 2008-06-10 23:02:32 58,648 ----a-w C:\Windows\System32\AgCPanelJapanese.dll
+ 2008-06-10 23:02:34 58,648 ----a-w C:\Windows\System32\AgCPanelKorean.dll
+ 2008-06-10 23:02:34 58,648 ----a-w C:\Windows\System32\AgCPanelPortugese.dll
+ 2008-06-10 23:02:34 58,648 ----a-w C:\Windows\System32\AgCPanelSimplifiedChinese.dll
+ 2008-06-10 23:02:34 58,648 ----a-w C:\Windows\System32\AgCPanelSpanish.dll
+ 2008-06-10 23:02:34 58,648 ----a-w C:\Windows\System32\AgCPanelSwedish.dll
+ 2008-06-10 23:02:34 58,648 ----a-w C:\Windows\System32\AgCPanelTraditionalChinese.dll
+ 2007-07-22 23:02:42 199,885 ----a-w C:\Windows\System32\AGEIA\AG1011\app.bin
+ 2008-02-29 00:18:36 119,473 ----a-w C:\Windows\System32\AGEIA\AG1011\diag.bin
+ 2008-02-29 00:18:36 214,629 ----a-w C:\Windows\System32\AGEIA\AG1021\app.bin
+ 2008-03-19 22:24:14 116,977 ----a-w C:\Windows\System32\AGEIA\AG1021\diag.bin
- 2008-09-30 09:47:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-01 11:12:25 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-30 09:47:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-01 11:12:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-30 09:47:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-01 11:12:25 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-30 09:38:18 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-10-01 11:42:04 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-07-26 02:48:00 7,281,056 ----a-w C:\Windows\System32\drivers\nvlddmkm.sys
+ 2008-09-16 23:55:00 7,379,872 ----a-w C:\Windows\System32\drivers\nvlddmkm.sys
+ 2008-09-16 23:55:00 795,104 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\dpinst.exe
+ 2008-09-16 23:55:00 483,328 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvapi.dll
+ 2008-09-16 23:55:00 122,880 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvcod.dll
+ 2008-09-16 23:55:00 143,360 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvcolor.exe
+ 2008-09-16 23:55:00 13,580,832 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvcpl.dll
+ 2008-09-16 23:55:00 797,216 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvcplui.exe
+ 2008-09-16 23:55:00 1,486,848 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvcuda.dll
+ 2008-09-16 23:55:00 5,963,776 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvd3dum.dll
+ 2008-09-16 23:55:00 3,996,192 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvdisps.dll
+ 2008-09-16 23:55:00 3,451,424 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvgames.dll
+ 2008-09-16 23:55:00 7,379,872 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvlddmkm.sys
+ 2008-09-16 23:55:00 236,064 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvmccs.dll
+ 2008-09-16 23:55:00 45,056 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvmccsrs.dll
+ 2008-09-16 23:55:00 195,104 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvmccss.dll
+ 2008-09-16 23:55:00 92,704 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvmctray.dll
+ 2008-09-16 23:55:00 1,264,160 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvmobls.dll
+ 2008-09-16 23:55:00 9,011,200 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvoglv32.dll
+ 2008-09-16 23:55:00 612,896 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvsvc.dll
+ 2008-09-16 23:55:00 1,269,760 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvsvs.dll
+ 2008-09-16 23:55:00 704,512 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvsvsr.dll
+ 2008-09-16 23:55:00 453,152 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvudisp.exe
+ 2008-09-16 23:55:00 3,770,912 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvvitvs.dll
+ 2008-09-16 23:55:00 196,608 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvvsvc.exe
+ 2008-09-16 23:55:00 2,502,656 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvwgf2um.dll
+ 2008-09-16 23:55:00 2,693,664 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_6448c044\nvwss.dll
- 2008-07-26 02:48:00 483,328 ----a-w C:\Windows\System32\nvapi.dll
+ 2008-09-16 23:55:00 483,328 ----a-w C:\Windows\System32\nvapi.dll
- 2008-07-26 02:48:00 122,880 ----a-w C:\Windows\System32\nvcod.dll
+ 2008-09-16 23:55:00 122,880 ----a-w C:\Windows\System32\nvcod.dll
+ 2008-09-16 23:55:00 122,880 ----a-w C:\Windows\System32\nvcod134.dll
- 2008-07-26 02:48:00 122,880 ----a-w C:\Windows\System32\nvcodh.dll
+ 2008-09-16 23:55:00 122,880 ----a-w C:\Windows\System32\nvcodh.dll
- 2008-07-26 02:48:00 122,880 ----a-w C:\Windows\System32\nvcodhins.dll
+ 2008-09-16 23:55:00 122,880 ----a-w C:\Windows\System32\nvcodhins.dll
- 2008-07-26 02:48:00 150,048 ----a-w C:\Windows\System32\nvcolor.exe
+ 2008-09-16 23:55:00 143,360 ----a-w C:\Windows\System32\nvcolor.exe
- 2008-07-26 02:48:00 13,576,736 ----a-w C:\Windows\System32\nvcpl.dll
+ 2008-09-16 23:55:00 13,580,832 ----a-w C:\Windows\System32\nvcpl.dll
- 2008-07-26 02:48:00 1,482,752 ----a-w C:\Windows\System32\nvcuda.dll
+ 2008-09-16 23:55:00 1,486,848 ----a-w C:\Windows\System32\nvcuda.dll
- 2008-07-26 02:48:00 5,955,584 ----a-w C:\Windows\System32\nvd3dum.dll
+ 2008-09-16 23:55:00 5,963,776 ----a-w C:\Windows\System32\nvd3dum.dll
- 2008-07-26 02:48:00 3,996,192 ----a-w C:\Windows\System32\nvdisps.dll
+ 2008-09-16 23:55:00 3,996,192 ----a-w C:\Windows\System32\nvdisps.dll
- 2008-07-26 02:48:00 3,447,328 ----a-w C:\Windows\System32\nvgames.dll
+ 2008-09-16 23:55:00 3,451,424 ----a-w C:\Windows\System32\nvgames.dll
- 2008-07-26 02:48:00 236,064 ----a-w C:\Windows\System32\nvmccs.dll
+ 2008-09-16 23:55:00 236,064 ----a-w C:\Windows\System32\nvmccs.dll
- 2008-07-26 02:48:00 45,056 ----a-w C:\Windows\System32\nvmccsrs.dll
+ 2008-09-16 23:55:00 45,056 ----a-w C:\Windows\System32\nvmccsrs.dll
- 2008-07-26 02:48:00 195,104 ----a-w C:\Windows\System32\nvmccss.dll
+ 2008-09-16 23:55:00 195,104 ----a-w C:\Windows\System32\nvmccss.dll
- 2008-07-26 02:48:00 92,704 ----a-w C:\Windows\System32\nvmctray.dll
+ 2008-09-16 23:55:00 92,704 ----a-w C:\Windows\System32\nvmctray.dll
- 2008-07-26 02:48:00 1,264,160 ----a-w C:\Windows\System32\nvmobls.dll
+ 2008-09-16 23:55:00 1,264,160 ----a-w C:\Windows\System32\nvmobls.dll
- 2008-07-26 02:48:00 9,003,008 ----a-w C:\Windows\System32\nvoglv32.dll
+ 2008-09-16 23:55:00 9,011,200 ----a-w C:\Windows\System32\nvoglv32.dll
- 2008-07-26 02:48:00 608,800 ----a-w C:\Windows\System32\nvsvc.dll
+ 2008-09-16 23:55:00 612,896 ----a-w C:\Windows\System32\nvsvc.dll
- 2008-07-26 02:48:00 1,265,664 ----a-w C:\Windows\System32\nvsvs.dll
+ 2008-09-16 23:55:00 1,269,760 ----a-w C:\Windows\System32\nvsvs.dll
- 2008-07-26 02:48:00 704,512 ----a-w C:\Windows\System32\nvsvsr.dll
+ 2008-09-16 23:55:00 704,512 ----a-w C:\Windows\System32\nvsvsr.dll
- 2008-07-26 02:48:00 446,464 ----a-w C:\Windows\System32\nvudisp.exe
+ 2008-09-16 23:55:00 453,152 ----a-w C:\Windows\System32\nvudisp.exe
- 2008-07-26 02:48:00 3,770,912 ----a-w C:\Windows\System32\nvvitvs.dll
+ 2008-09-16 23:55:00 3,770,912 ----a-w C:\Windows\System32\nvvitvs.dll
- 2008-07-26 02:48:00 196,608 ----a-w C:\Windows\System32\nvvsvc.exe
+ 2008-09-16 23:55:00 196,608 ----a-w C:\Windows\System32\nvvsvc.exe
- 2008-07-26 02:48:00 2,499,584 ----a-w C:\Windows\System32\nvwgf2um.dll
+ 2008-09-16 23:55:00 2,502,656 ----a-w C:\Windows\System32\nvwgf2um.dll
- 2008-07-26 02:48:00 2,693,664 ----a-w C:\Windows\System32\nvwss.dll
+ 2008-09-16 23:55:00 2,693,664 ----a-w C:\Windows\System32\nvwss.dll
- 2008-09-30 09:51:07 106,292 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-01 11:02:13 106,292 ----a-w C:\Windows\System32\perfc009.dat
- 2008-09-30 09:51:07 602,846 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-01 11:02:13 602,846 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-04 22:58:26 197,912 ----a-w C:\Windows\System32\physxcudart_20.dll
- 2008-09-29 09:38:27 12,206 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-164369667-1103530636-808841869-1000_UserData.bin
+ 2008-10-01 11:00:13 12,422 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-164369667-1103530636-808841869-1000_UserData.bin
- 2008-09-29 09:38:23 83,770 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-01 11:00:12 84,650 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-29 09:48:49 49,052 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-01 11:00:11 49,164 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-18 171448]
"Google Update"="C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-08 133104]
"BandwidthMeterPro"="C:\Program Files\BandwidthMeterPro\BWMeterPro.exe" [2008-09-12 236032]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 988512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-09-17 92704]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\Windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-16 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\Windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\Windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\Windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Mike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\Windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Mike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Heroes of Might & Magic 5 - Tribes of the East.LNK]
path=C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5 - Tribes of the East.LNK
backup=C:\Windows\pss\Registration Heroes of Might & Magic 5 - Tribes of the East.LNK.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Mike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Heroes of Might & Magic 5.LNK]
path=C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK
backup=C:\Windows\pss\Registration Heroes of Might & Magic 5.LNK.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 23:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 16:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 20:12 111936 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 18:07 132392 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 23:08 136136 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-08 23:02 289576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 17:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 12.0]
--a------ 2008-01-10 04:43 2037088 C:\Program Files\Norton Ghost\Agent\VProTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
--a------ 2007-09-11 18:43 95536 C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-11-09 17:15 1634304 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 17:33 1233920 C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-18 23:34 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
--a------ 2008-01-29 17:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Device Detector"=DevDetect.exe -autorun
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-164369667-1103530636-808841869-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0A844B56-72F1-4060-BBA2-ADDD224554BB}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{040FB95F-64FB-4F5C-94DC-DD5F4366B22F}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{4F4D656E-D7F9-4027-8FD3-57248724F8FD}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FC30D70B-8489-4617-805D-D043E031E4FF}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{498718F1-3319-437E-BF8B-71D66DB0AE89}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{3BB7F711-284C-4CA2-BF1E-82B2AF8B2A33}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{74D86FC1-2431-44E0-9583-730CB611A5E1}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{76C193D8-615A-41B2-8520-33598D004ED7}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{4F607B11-7113-4756-829B-79107F2755F9}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"{D7303E5F-8FA1-4FF0-B165-F9F1BC5065D5}"= UDP:3703:Adobe Version Cue CS3 Server
"{37AA15D7-065F-47C9-8FD6-E488BF862B13}"= UDP:3704:Adobe Version Cue CS3 Server
"{C3EC0936-4273-44E6-92FC-9E3921868361}"= UDP:50900:Adobe Version Cue CS3 Server
"{D773A94B-4E2D-4CBE-A6BB-DCB472294D9D}"= UDP:50901:Adobe Version Cue CS3 Server
"{DDC0A205-85B5-49F8-93CF-768C64A8AD77}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{6029CEA2-9294-440A-A51F-F9EA88CFE5B2}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{E67F2558-A7CE-41D5-8F2C-83B86842D3F3}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{72910BB9-772E-4303-AEFB-5118440D8034}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{865842B5-D5E6-413A-AA8B-6C2EE0910370}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{8DAB7002-D712-4C12-BB03-B63760EE0108}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{867DB97E-8B24-4A7D-96CD-52C7400E8064}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{DFA9C2FF-8CD7-44CD-B91F-E62B582C82A2}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{24741CC1-DF85-4EAE-BA4F-3D158EBAED69}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{7F1361E8-86B8-4560-9C76-83077180503C}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{465EFEA4-F691-4CAD-B491-ED4B7AE871C3}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{DFBB0F48-E6EA-47EB-AAAD-8ED11114292A}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{EDAB1331-DA3F-45C0-8CA7-13577AB74CFD}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{4DEA4DCA-5360-411A-8D1C-1CA2061F1C82}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F04980CB-1769-464B-A280-82EE7D88CC29}"= UDP:C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{0095E900-FAD5-41BB-A043-3375B14F7103}"= TCP:C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{C262FC5E-DBE2-4714-8958-5DE5710A2587}"= UDP:C:\Program Files\Sega\Universe At War Earth Assault\UAWEA.exe:Universe at War Earth Assault
"{3B6A3CEE-77C2-4B60-BA47-4D8D164532CB}"= TCP:C:\Program Files\Sega\Universe At War Earth Assault\UAWEA.exe:Universe at War Earth Assault
"{EF24C871-9626-4B39-86DB-3EBE73E7007F}"= UDP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{CB9C61A1-CE63-4D6B-9E5F-1A193C382F09}"= TCP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{4FE689B3-8E86-49D6-B68C-9160FD049FFB}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{E6EB8B68-DC1B-4BE3-8B31-144AB54EBA93}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{16B3A48E-3A6D-463C-A74B-ED0F7AF40F85}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{C42B9D69-4A64-4D1B-B51B-66146A365DAD}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{0DB9E5B9-0A11-46AA-952C-5DA9885EB075}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{C947A323-681E-409A-AE34-1E02310B070A}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{4D686F7B-C032-4398-A646-2E38F5BA9F42}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{E3AD8BE3-C5D7-4949-BBA8-99D16F5F7C92}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{1A019397-D989-4994-B97F-3C6AC2C6897F}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{713C6882-2A49-486A-A9C7-3BDF3D621AC4}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{3179BB92-1DE1-40F5-88AB-3E0BD60787A1}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{F56F7517-A9B7-4873-B2D0-0F2DEF81EB42}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{9DC92F17-DA12-4862-9DC5-708CF6E47CBF}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{AD941130-B9F2-417A-AC90-BC699E0B40EF}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{8F39571B-0C7E-498F-96D8-C5923F0CD7C1}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{AB4A2243-7FF8-40EC-B045-3ADEA56533E5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{D6E6E617-B44C-46BB-B2E2-201DB21F4767}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{98E023D6-1BD8-4B84-8A4D-543E358758FF}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 hotcore3;hotcore3;C:\Windows\system32\drivers\hotcore3.sys [2008-01-21 39472]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080926.001\IDSvix86.sys [2008-09-12 270384]
R2 BandwidthMeterProService;Bandwidth Meter Pro Service;C:\Program Files\BandwidthMeterPro\BWMeterService.exe [2008-08-15 184320]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2008-05-20 303616]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 GPWADrv;Service for L6 GuitarPort Driver (WDM);C:\Windows\system32\Drivers\GPWADrv.sys [2007-09-18 514432]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe [2008-09-01 98488]
S4 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-06-12 307968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a4b4302-95db-11dc-9903-0011d80c9c95}]
\shell\AutoRun\command - J:\Autorun.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-01 21:46:44
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
MalwareBytes Log

Completion time: 2008-10-01 21:48:34
ComboFix-quarantined-files.txt 2008-10-01 11:48:29
ComboFix2.txt 2008-09-30 10:01:17

Pre-Run: 120,308,482,048 bytes free
Post-Run: 120,276,357,120 bytes free

831 --- E O F --- 2008-09-10 10:17:44

----------------------------------------------------------------

Windows 6.0.6001 Service Pack 1

2/10/2008 8:07:03 AM
mbam-log-2008-10-02 (08-07-03).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 357808
Time elapsed: 1 hour(s), 54 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 23

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\Windows\System32\acftvfaf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\aprpuynf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\aqabngam.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\caejdcmb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\cgxlmdvu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\cpyfymta.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\gweliogy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\islhacis.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\jolxne.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\jusnepbi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\lzrkpg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\mslhhwnn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\nikdhf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\uqpwbtku.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\vtUmkKcD.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\vvgathen.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\wvUlJDSl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\ymujemnq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\yocqsr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\ypmnrmdu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\yuppbekp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Appz\Adobe\Adobe.Acrobat.Professional.v8.PROPER-ZWTiSO\Adobe Acrobat 8 pro keygen.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\Pocket PC\Pocket Pc Best Software 2005\Tweaks2k2 Net v3.0 Arm Xscale Ppc Cracked-Corepda\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

-----------------------------------------------------------------
HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:52 AM, on 2/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\BandwidthMeterPro\BWMeterPro.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\seemenow.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BandwidthMeterPro] C:\Program Files\BandwidthMeterPro\BWMeterPro.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/f ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bandwidth Meter Pro Service (BandwidthMeterProService) - Unknown owner - C:\Program Files\BandwidthMeterPro\BWMeterService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10196 bytes

Thanks for persisting,
Mike.

by **DFW** » October 2nd, 2008, 3:38 am

Hi mykewatson

Ok did Norton give you that alert after you ran Combofix last time?

Very Important!, before running Combofix Temporarily disable ALL your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results and unplug you system from the internet

Now please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Code: Select all
```
DirLook::
C:\BM2005
C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
```
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Please run ATF cleaner on each user account before doing the online scan, this cuts down on
scan time and log size.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Please go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

Please post back
Combofix Log
kaspersky online scan Log
A New Highjackthis Log

by **mykewatson** » October 3rd, 2008, 12:55 am

Hi DFW,

Nope it did not give me a warning last time... On reflection though, a difference was that due to the length of the scan I think Norton had come back on again before running combofix. Must have interfered with the scan.

Here are the logs you asked for:

ComboFix 08-09-30.03 - Mike 2008-10-02 19:56:23.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1188 [GMT 10:00]
Running from: C:\Users\Mike\Desktop\ComboFix.exe
Command switches used :: C:\Users\Mike\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2008-09-02 to 2008-10-02 )))))))))))))))))))))))))))))))
.

2008-10-01 21:59 . 2008-10-01 21:59 <DIR> d-------- C:\Users\Mike\AppData\Roaming\Malwarebytes
2008-10-01 21:59 . 2008-10-01 21:59 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-10-01 21:59 . 2008-10-01 21:59 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-10-01 21:59 . 2008-10-01 22:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-01 21:59 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-01 21:59 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-30 23:17 . 2008-09-30 23:17 <DIR> d-------- C:\Windows\System32\AGEIA
2008-09-30 23:17 . 2008-09-30 23:17 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-09-24 22:32 . 2008-09-30 19:46 258,198,458 --a------ C:\Windows\MEMORY.DMP
2008-09-23 21:32 . 2008-09-23 21:32 <DIR> d-------- C:\BM2005
2008-09-23 21:04 . 2008-09-23 21:04 <DIR> d-------- C:\VundoFix Backups
2008-09-20 22:54 . 2008-09-20 22:58 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-09-20 22:54 . 2008-09-20 22:58 <DIR> d-------- C:\ProgramData\Lavasoft
2008-09-20 22:54 . 2008-09-20 22:54 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-20 22:23 . 2008-01-21 17:43 4,244,744 --a------ C:\Windows\System32\qtp-mt334.dll
2008-09-20 22:23 . 2008-01-21 17:43 247,560 --a------ C:\Windows\System32\prgiso.dll
2008-09-20 22:23 . 2008-01-21 17:43 39,472 --a------ C:\Windows\System32\drivers\hotcore3.sys
2008-09-20 22:23 . 2008-01-21 17:43 13,576 --a------ C:\Windows\System32\wnaspi32.dll
2008-09-20 22:22 . 2008-09-20 22:22 <DIR> d-------- C:\Program Files\Paragon Software
2008-09-13 11:25 . 2008-09-13 11:25 <DIR> d-------- C:\Program Files\SiSoftware
2008-09-12 21:32 . 2008-09-12 21:32 <DIR> d-------- C:\Users\Mike\AppData\Roaming\BWMeterPro
2008-09-12 21:31 . 2008-09-12 21:39 <DIR> d-------- C:\Program Files\BandwidthMeterPro
2008-09-10 23:26 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll
2008-09-10 23:26 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys
2008-09-10 23:25 . 2008-09-10 23:26 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-10 23:25 . 2008-09-10 23:26 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-10 23:25 . 2008-09-10 23:26 <DIR> d-------- C:\Program Files\iTunes
2008-09-10 23:25 . 2008-09-10 23:25 <DIR> d-------- C:\Program Files\iPod
2008-09-10 22:34 . 2008-09-10 22:34 <DIR> d-------- C:\Program Files\ImTOO
2008-09-10 19:18 . 2008-07-31 11:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 19:18 . 2008-07-31 13:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-10 19:17 . 2008-08-02 11:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 19:17 . 2008-06-26 13:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 19:17 . 2008-06-26 13:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 19:17 . 2008-05-09 05:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 19:17 . 2008-05-20 12:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 19:17 . 2008-06-26 13:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 19:17 . 2008-08-02 13:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-09-05 22:16 . 2008-09-05 22:16 1,900,544 --a------ C:\Windows\System32\usbaaplrc.dll
2008-09-05 22:16 . 2008-09-05 22:16 36,864 --a------ C:\Windows\System32\drivers\usbaapl.sys
2008-09-04 09:31 . 2008-09-04 09:31 288,024 --a------ C:\Windows\System32\PhysXCplUI.exe
2008-09-04 09:31 . 2008-09-04 09:31 181,528 --a------ C:\Windows\System32\PhysX.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 23:00 --------- d-----w C:\ProgramData\NVIDIA
2008-09-30 13:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-24 20:00 --------- d-----w C:\Program Files\mIRC
2008-09-23 23:05 --------- d-----w C:\Program Files\PeerGuardian2
2008-09-21 06:22 --------- d-----w C:\Users\Mike\AppData\Roaming\Bioshock
2008-09-20 12:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-18 15:16 --------- d-----w C:\Users\Mike\AppData\Roaming\Vso
2008-09-18 08:25 --------- d-----w C:\Program Files\Norton 360
2008-09-10 13:19 --------- d-----w C:\Program Files\Bonjour
2008-09-10 13:17 --------- d-----w C:\Program Files\QuickTime
2008-09-10 13:16 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-08 11:32 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-05 23:59 --------- d-----w C:\ProgramData\Symantec
2008-08-29 00:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe
2008-08-28 23:53 61,440 ----a-w C:\Windows\System32\dnssd.dll
2008-08-28 22:57 70,936 ----a-w C:\Windows\System32\PhysXLoader.dll
2008-08-23 02:11 --------- d-----w C:\Program Files\Java
2008-08-23 02:09 --------- d-----w C:\Program Files\Common Files\Java
2008-08-21 08:19 17,844,736 ----a-w C:\Windows\System32\imageres.dll
2008-08-19 12:49 --------- d-----w C:\Program Files\Atari
2008-08-13 08:29 --------- d-----w C:\Program Files\Xplosiv
2008-08-13 08:06 --------- d-----w C:\Program Files\Windows Mail
2008-08-13 07:36 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-08-13 07:36 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-08-13 07:36 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-08-13 07:36 --------- d-----w C:\Program Files\Symantec
2008-08-13 07:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-13 07:16 --------- d-----w C:\Users\Mike\AppData\Roaming\Symantec
2008-08-13 06:33 --------- d-----w C:\ProgramData\Symantec Temporary Files
2008-08-11 10:26 --------- d-----w C:\ProgramData\Media Center Programs
2008-08-11 10:08 --------- d-----w C:\Program Files\THQ
2008-08-10 05:31 --------- d-----w C:\Program Files\Xvid
2008-08-08 08:58 --------- d-----w C:\Program Files\Apple Software Update
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-26 02:48 122,880 ----a-w C:\Windows\System32\nvcod133.dll
2008-07-23 05:24 446,464 ----a-w C:\Windows\System32\nvuninst.exe
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 12:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 10:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-06-12 11:27 47,360 ----a-w C:\Users\Mike\AppData\Roaming\pcouffin.sys
2008-03-21 22:49 174 --sha-w C:\Program Files\desktop.ini
2008-06-23 11:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-23 11:42 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-23 11:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\BM2005 ----

2008-01-21 17:44 2711 --a------ C:\BM2005\PLUG_IN.CFG
2008-01-21 17:43 61074 --a------ C:\BM2005\plug_in.exe
2008-01-21 17:43 39304 --a------ C:\BM2005\plug_in.bmp

---- Directory of C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} ----

2008-07-04 13:35 54632 --a------ C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
2008-04-24 08:25 11168 --a------ C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\gearaspiwdmx86.cat
2008-04-17 13:12 319456 --a------ C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DIFxAPI.dll
2008-04-17 13:12 2761 --a------ C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\GEARAspiWDM.inf
2008-04-17 13:12 15464 --a------ C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspiWDM.sys
2008-04-17 13:12 107368 --a------ C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspi.dll

---- Directory of C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} ----

2008-07-04 13:35 54632 --a------ C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
2008-04-24 08:25 11168 --a------ C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\gearaspiwdmx86.cat
2008-04-17 13:12 319456 --a------ C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DIFxAPI.dll
2008-04-17 13:12 2761 --a------ C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\GEARAspiWDM.inf
2008-04-17 13:12 15464 --a------ C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspiWDM.sys
2008-04-17 13:12 107368 --a------ C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspi.dll

((((((((((((((((((((((((((((( snapshot_2008-10-01_21.47.34.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-01 10:56:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-02 08:48:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-10-01 10:56:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-02 08:48:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-01 10:59:15 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-02 09:00:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-02 09:00:41 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-10-01 10:59:10 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-02 09:32:53 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-02 09:32:53 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-10-01 11:12:25 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-02 09:04:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-01 11:12:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-02 09:04:23 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-01 11:12:25 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-02 09:04:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-01 11:02:13 106,292 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-02 08:53:30 106,292 ----a-w C:\Windows\System32\perfc009.dat
- 2008-10-01 11:02:13 602,846 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-02 08:53:30 602,846 ----a-w C:\Windows\System32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-18 171448]
"Google Update"="C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-08 133104]
"BandwidthMeterPro"="C:\Program Files\BandwidthMeterPro\BWMeterPro.exe" [2008-09-12 236032]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 988512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-09-17 92704]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\Windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-16 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\Windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\Windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\Windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Mike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\Windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Mike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Heroes of Might & Magic 5 - Tribes of the East.LNK]
path=C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5 - Tribes of the East.LNK
backup=C:\Windows\pss\Registration Heroes of Might & Magic 5 - Tribes of the East.LNK.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Mike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Heroes of Might & Magic 5.LNK]
path=C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK
backup=C:\Windows\pss\Registration Heroes of Might & Magic 5.LNK.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 23:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 16:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 20:12 111936 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 18:07 132392 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 23:08 136136 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-08 23:02 289576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 17:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 12.0]
--a------ 2008-01-10 04:43 2037088 C:\Program Files\Norton Ghost\Agent\VProTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
--a------ 2007-09-11 18:43 95536 C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-11-09 17:15 1634304 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 17:33 1233920 C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-18 23:34 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
--a------ 2008-01-29 17:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Device Detector"=DevDetect.exe -autorun
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-164369667-1103530636-808841869-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0A844B56-72F1-4060-BBA2-ADDD224554BB}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{040FB95F-64FB-4F5C-94DC-DD5F4366B22F}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{4F4D656E-D7F9-4027-8FD3-57248724F8FD}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FC30D70B-8489-4617-805D-D043E031E4FF}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{498718F1-3319-437E-BF8B-71D66DB0AE89}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{3BB7F711-284C-4CA2-BF1E-82B2AF8B2A33}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{74D86FC1-2431-44E0-9583-730CB611A5E1}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{76C193D8-615A-41B2-8520-33598D004ED7}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{4F607B11-7113-4756-829B-79107F2755F9}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"{D7303E5F-8FA1-4FF0-B165-F9F1BC5065D5}"= UDP:3703:Adobe Version Cue CS3 Server
"{37AA15D7-065F-47C9-8FD6-E488BF862B13}"= UDP:3704:Adobe Version Cue CS3 Server
"{C3EC0936-4273-44E6-92FC-9E3921868361}"= UDP:50900:Adobe Version Cue CS3 Server
"{D773A94B-4E2D-4CBE-A6BB-DCB472294D9D}"= UDP:50901:Adobe Version Cue CS3 Server
"{DDC0A205-85B5-49F8-93CF-768C64A8AD77}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{6029CEA2-9294-440A-A51F-F9EA88CFE5B2}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{E67F2558-A7CE-41D5-8F2C-83B86842D3F3}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{72910BB9-772E-4303-AEFB-5118440D8034}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{865842B5-D5E6-413A-AA8B-6C2EE0910370}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{8DAB7002-D712-4C12-BB03-B63760EE0108}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{867DB97E-8B24-4A7D-96CD-52C7400E8064}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{DFA9C2FF-8CD7-44CD-B91F-E62B582C82A2}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{24741CC1-DF85-4EAE-BA4F-3D158EBAED69}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{7F1361E8-86B8-4560-9C76-83077180503C}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{465EFEA4-F691-4CAD-B491-ED4B7AE871C3}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{DFBB0F48-E6EA-47EB-AAAD-8ED11114292A}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{EDAB1331-DA3F-45C0-8CA7-13577AB74CFD}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{4DEA4DCA-5360-411A-8D1C-1CA2061F1C82}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F04980CB-1769-464B-A280-82EE7D88CC29}"= UDP:C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{0095E900-FAD5-41BB-A043-3375B14F7103}"= TCP:C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{C262FC5E-DBE2-4714-8958-5DE5710A2587}"= UDP:C:\Program Files\Sega\Universe At War Earth Assault\UAWEA.exe:Universe at War Earth Assault
"{3B6A3CEE-77C2-4B60-BA47-4D8D164532CB}"= TCP:C:\Program Files\Sega\Universe At War Earth Assault\UAWEA.exe:Universe at War Earth Assault
"{EF24C871-9626-4B39-86DB-3EBE73E7007F}"= UDP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{CB9C61A1-CE63-4D6B-9E5F-1A193C382F09}"= TCP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{4FE689B3-8E86-49D6-B68C-9160FD049FFB}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{E6EB8B68-DC1B-4BE3-8B31-144AB54EBA93}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{16B3A48E-3A6D-463C-A74B-ED0F7AF40F85}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{C42B9D69-4A64-4D1B-B51B-66146A365DAD}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{0DB9E5B9-0A11-46AA-952C-5DA9885EB075}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{C947A323-681E-409A-AE34-1E02310B070A}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{4D686F7B-C032-4398-A646-2E38F5BA9F42}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{E3AD8BE3-C5D7-4949-BBA8-99D16F5F7C92}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{1A019397-D989-4994-B97F-3C6AC2C6897F}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{713C6882-2A49-486A-A9C7-3BDF3D621AC4}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{3179BB92-1DE1-40F5-88AB-3E0BD60787A1}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{F56F7517-A9B7-4873-B2D0-0F2DEF81EB42}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{9DC92F17-DA12-4862-9DC5-708CF6E47CBF}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{AD941130-B9F2-417A-AC90-BC699E0B40EF}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{8F39571B-0C7E-498F-96D8-C5923F0CD7C1}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{AB4A2243-7FF8-40EC-B045-3ADEA56533E5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{D6E6E617-B44C-46BB-B2E2-201DB21F4767}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{98E023D6-1BD8-4B84-8A4D-543E358758FF}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 hotcore3;hotcore3;C:\Windows\system32\drivers\hotcore3.sys [2008-01-21 39472]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080926.001\IDSvix86.sys [2008-09-12 270384]
R2 BandwidthMeterProService;Bandwidth Meter Pro Service;C:\Program Files\BandwidthMeterPro\BWMeterService.exe [2008-08-15 184320]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2008-05-20 303616]
S3 GPWADrv;Service for L6 GuitarPort Driver (WDM);C:\Windows\system32\Drivers\GPWADrv.sys [2007-09-18 514432]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe [2008-09-01 98488]
S4 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-06-12 307968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a4b4302-95db-11dc-9903-0011d80c9c95}]
\shell\AutoRun\command - J:\Autorun.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 20:00:24
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-02 20:02:21
ComboFix-quarantined-files.txt 2008-10-02 10:02:08
ComboFix2.txt 2008-10-01 11:48:35
ComboFix3.txt 2008-09-30 10:01:17

Pre-Run: 120,234,512,384 bytes free
Post-Run: 120,205,451,264 bytes free

374 --- E O F --- 2008-09-10 10:17:44

------------------------

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, October 3, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, October 02, 2008 06:42:33
Records in database: 1282499
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\
Q:\

Scan statistics:
Files scanned: 328651
Threat name: 12
Infected objects: 20
Suspicious objects: 0
Duration of the scan: 11:42:50

File name / Threat name / Threats count
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
C:\Program Files\mIRC\mirc.exe.BAK Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
C:\QooBox\Quarantine\C\Windows\System32\cbXPfcYo.dll.vir Infected: Trojan.Win32.Monderb.rmi 1
C:\QooBox\Quarantine\C\Windows\System32\eucowrgg.dll.vir Infected: Trojan.Win32.Monder.qpi 1
C:\Users\Mike\Documents\Log of Azureus Downloads\International_Cricket_Captain_2008-Razor1911\rzr-inc8.iso Infected: Backdoor.Win32.Agent.nwe 1
C:\Users\Mike\Documents\Log of Azureus Downloads\NERO 8 Ultra Edition 8.3.2.1b + KEYGEN\Setup\Nero-8.3.2.1b_eng.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bm 1
C:\Users\Mike\Documents\Log of Azureus Downloads\PDF2Wordv3.rar Infected: Trojan.Win32.FraudPack.gen 1
C:\Users\Mike\Documents\Log of Azureus Downloads\WinRar\WinRAR v3.71 Extreme Edition.EXE Infected: Backdoor.Win32.DsBot.qk 1
D:\Apps\Security\BRUTE_FORCE_HEATHY007\Brute_Force_Keygen\keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.g 1
D:\Apps\Security\BRUTE_FORCE_HEATHY007\Brute_Force_Keygen\keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 1
D:\Apps\Security\BRUTE_FORCE_HEATHY007\Brute_Force_Keygen.rar Infected: not-a-virus:PSWTool.Win32.RAS.g 1
D:\Apps\Security\BRUTE_FORCE_HEATHY007\Brute_Force_Keygen.rar Infected: not-a-virus:PSWTool.Win32.RAS.a 1
D:\Apps\Security\Spyware Doctor v4.0.0.2603\Spyware Doctor v4.0.0.2603\sdsetup.exe Infected: not-a-virus:Monitor.Win32.KeyLogger.dq 1
D:\Apps\Security\Spyware Doctor v4.0.0.2603\Spyware Doctor v4.0.0.2603.rar Infected: not-a-virus:Monitor.Win32.KeyLogger.dq 1
D:\Apps\Startup\USB_Drive_Data_Recovery_2.0.1.5\USB Drive Data Recovery 2.0.1.5\pendrivedatarecovery.exe Infected: Trojan-GameThief.Win32.Lmir.cet 1
D:\Apps\Startup\USB_Drive_Data_Recovery_2.0.1.5.rar Infected: Trojan-GameThief.Win32.Lmir.cet 1
D:\Apps\System\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
D:\Apps\System\Nero 8 Ultra Edition\Nero 8 Ultra Edition.iso Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bm 2
D:\Apps\System\USB Drive Data Recovery 2.0.1.5\Setup.exe Infected: Trojan-GameThief.Win32.Lmir.cet 1

The selected area was scanned.

-----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:49:11 PM, on 3/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BandwidthMeterPro\BWMeterPro.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\seemenow.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BandwidthMeterPro] C:\Program Files\BandwidthMeterPro\BWMeterPro.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/f ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bandwidth Meter Pro Service (BandwidthMeterProService) - Unknown owner - C:\Program Files\BandwidthMeterPro\BWMeterService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10189 bytes

Cheers,
Mike.

by **DFW** » October 3rd, 2008, 3:04 am

Hi mykewatson

The kaspersky online scan Log shows that you have downloaded a lot of Cracked software, the software contains Backdoor Trojans, at present there are
no signs that the Backdoors are active, but they could of been active in the past, there is no way of knowing??

I fear my P2P software warning came a bit late in your case, the software is not free, you may have already paid the price

Backdoor Trojans allows hackers to remotely control your computer, steal critical system information and Download and Execute files

If you do or have done any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.

by **mykewatson** » October 3rd, 2008, 8:26 am

Sigh... Reformat and reinstall it is then.

Thanks again for your help,
Mike.

by **DFW** » October 3rd, 2008, 11:55 am

OK, I understand and it would have been against this forums rule for me to continue to help
you once the cracked software had been seen
http://malwareremoval.com/forum/viewtopic.php?t=550

I would strongly recommend you stay away from any P2P downloads once you have reformatted, as you are now aware , there is a price to pay,
there are plenty of good free software around to replace a lot of the paid for kind, below is a few link were
I go shopping for my free software.

http://www.techsupportalert.com/

A good free replacement for Nero is CDburner Pro

http://cdburnerxp.se/

Make sure you back up your data, dont forget things like contacts and email address's, once you have reformatted please scan the data with
a good Antivirus before you copy it back, don't forget your D drive were the cracked software is located.

Make sure you install the latest updates from Microsoft, once you have reinstalled, don't go online to do this until you have your security software installed.

Install These tools along with your Antivirus and Firewall to shore up your defences

Install Malwarebytes' Anti-Malware again after reformatt. - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

Malwarebytes' Anti-Malware Setup Guide

Malwarebytes' Anti-Malware Scanning Guide

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware

Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software

Good Luck

by **NonSuch** » October 3rd, 2008, 6:17 pm

As this issue appears to be resolved, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal

Free Malware Removal Forum

Possible Vundo Trojan?

Possible Vundo Trojan?

Re: Possible Vundo Trojan?

Re: Possible Vundo Trojan?

Re: Possible Vundo Trojan?

Re: Possible Vundo Trojan?

Re: Possible Vundo Trojan?

Re: Possible Vundo Trojan?

Re: Possible Vundo Trojan?

Re: Possible Vundo Trojan?

Re: Possible Vundo Trojan?

Re: Possible Vundo Trojan?

Re: Possible Vundo Trojan?

Re: Possible Vundo Trojan?

Re: Possible Vundo Trojan?

Re: Possible Vundo Trojan?

Who is online