maehmaeh
2008-07-19, 18:57
First scan was with combofix, then hijackthis, here's combofix log:
Is this shit removed??
ComboFix 08-07-18.5 - the_boss 2008-07-19 17:33:04.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1371 [GMT 2:00]
Running from: C:\Users\the_boss\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\System32\doirxmli.ini
C:\Windows\system32\fxhxgspo.dll
C:\Windows\system32\ilmxriod.dll
C:\Windows\system32\jkKeDssR.dll
C:\Windows\system32\kfxhxgsp.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\System32\opsgxhxf.ini
C:\Windows\System32\pptvuuqw.ini
C:\Windows\System32\psgxhxfk.ini
C:\Windows\System32\RssDeKkj.ini
C:\Windows\System32\RssDeKkj.ini2
C:\Windows\system32\wquuvtpp.dll
.
((((((((((((((((((((((((( Files Created from 2008-06-19 to 2008-07-19 )))))))))))))))))))))))))))))))
.
2008-07-19 17:22 . 2008-07-19 17:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-19 16:33 . 2008-07-19 16:33 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-18 21:19 . 2008-07-18 21:18 103,736 --a------ C:\Windows\System32\PnkBstrB.exe
2008-07-18 21:18 . 2008-07-18 21:18 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-07-18 20:53 . 2008-07-19 10:49 <DIR> d-------- C:\Program Files\Electronic Arts
2008-07-18 20:53 . 2007-05-16 16:45 3,497,832 --a------ C:\Windows\System32\d3dx9_34.dll
2008-07-18 19:46 . 2008-07-18 20:40 69 --a------ C:\Windows\NeroDigital.ini
2008-07-18 19:07 . 2008-07-18 19:07 <DIR> dr------- C:\Users\Nestle\Videos
2008-07-18 19:07 . 2008-07-18 19:07 <DIR> dr------- C:\Users\Nestle\Searches
2008-07-18 19:07 . 2008-07-18 19:07 <DIR> dr------- C:\Users\Nestle\Saved Games
2008-07-18 19:07 . 2008-07-18 19:07 <DIR> dr------- C:\Users\Nestle\Pictures
2008-07-18 19:07 . 2008-07-18 19:07 <DIR> dr------- C:\Users\Nestle\Music
2008-07-18 19:07 . 2008-07-18 19:07 <DIR> dr------- C:\Users\Nestle\Links
2008-07-18 19:07 . 2008-07-18 19:07 <DIR> dr------- C:\Users\Nestle\Downloads
2008-07-18 19:07 . 2008-07-18 21:58 <DIR> dr------- C:\Users\Nestle\Documents
2008-07-18 19:07 . 2008-07-18 19:07 <DIR> dr------- C:\Users\Nestle\Contacts
2008-07-18 19:07 . 2006-11-02 14:35 <DIR> d-------- C:\Users\Nestle\AppData\Roaming\Media Center Programs
2008-07-18 19:07 . 2008-07-18 19:07 <DIR> d--h----- C:\Users\Nestle\AppData
2008-07-18 19:07 . 2008-07-18 19:07 <DIR> d-------- C:\Users\Nestle
2008-07-18 18:43 . 2008-07-18 18:43 268 --ah----- C:\sqmdata06.sqm
2008-07-18 18:43 . 2008-07-18 18:43 244 --ah----- C:\sqmnoopt06.sqm
2008-07-18 18:40 . 2008-07-18 18:40 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\vlc
2008-07-18 18:39 . 2008-07-18 18:39 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Nero
2008-07-18 18:37 . 2008-07-18 18:37 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\PC Suite
2008-07-18 17:01 . 2008-07-18 17:01 <DIR> d-------- C:\VundoFix Backups
2008-07-18 15:35 . 2008-07-18 15:35 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-07-18 15:14 . 2008-07-18 17:12 199 --a------ C:\Windows\wininit.ini
2008-07-18 14:53 . 2008-07-18 15:29 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-07-18 14:53 . 2008-07-18 15:29 <DIR> d-------- C:\ProgramData\Lavasoft
2008-07-18 14:53 . 2008-07-18 14:53 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-18 14:52 . 2008-07-18 14:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-18 14:44 . 2008-07-19 16:53 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-18 14:44 . 2008-07-19 16:53 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-07-18 14:37 . 2008-07-18 14:37 <DIR> d-------- C:\Users\All Users\Avira
2008-07-18 14:37 . 2008-07-18 14:37 <DIR> d-------- C:\ProgramData\Avira
2008-07-18 14:37 . 2008-07-18 14:37 <DIR> d-------- C:\Program Files\Avira
2008-07-18 13:51 . 2008-07-18 13:51 <DIR> d-------- C:\Users\the_boss\AppData\Roaming\Nero
2008-07-18 13:47 . 2008-07-18 13:47 <DIR> d-------- C:\Users\All Users\Nero
2008-07-18 13:47 . 2008-07-18 13:47 <DIR> d-------- C:\ProgramData\Nero
2008-07-18 13:47 . 2008-07-18 13:47 <DIR> d-------- C:\Program Files\Nero
2008-07-18 13:47 . 2008-07-18 13:49 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-18 13:44 . 2008-07-18 15:47 <DIR> d-------- C:\Program Files\USS
2008-07-18 13:44 . 2006-11-09 15:48 11,776 --a------ C:\Windows\System32\drivers\wasfsd.sys
2008-07-18 13:43 . 2008-07-18 13:43 65,536 ---hs---- C:\Users\the_boss\MediaTubeCodec_ver1.1463.0.exe
2008-07-18 11:33 . 2008-07-18 11:33 <DIR> d-------- C:\Users\the_boss\Zend
2008-07-18 11:33 . 2008-07-18 11:33 <DIR> d-------- C:\Users\the_boss\AppData\Roaming\Subversion
2008-07-18 11:33 . 2008-07-18 11:33 <DIR> d-------- C:\Users\the_boss\.ZendStudio
2008-07-18 11:13 . 2008-07-19 14:02 <DIR> d--h----- C:\Users\the_boss\InstallAnywhere
2008-07-18 09:10 . 2008-07-18 09:11 <DIR> d-------- C:\wamp
2008-07-17 17:49 . 2008-07-17 17:49 <DIR> d-------- C:\Users\the_boss\AppData\Roaming\Steinberg
2008-07-17 17:42 . 2005-10-17 09:35 704,512 --a------ C:\Windows\System32\SYNSOACC.dll
2008-07-17 17:42 . 1999-12-01 01:40 401,462 --a------ C:\Windows\System32\temp.000
2008-07-17 17:42 . 2004-05-10 15:58 147,456 --a------ C:\Windows\System32\SynsoLChk.dll
2008-07-17 17:42 . 2003-07-31 20:28 147,425 --a------ C:\Windows\System32\SYNSOACC-Aide.chm
2008-07-17 17:42 . 2003-05-26 15:29 120,468 --a------ C:\Windows\System32\SYNSOACC-Hilfe.chm
2008-07-17 17:42 . 2003-05-26 15:29 114,279 --a------ C:\Windows\System32\SYNSOACC-Help.chm
2008-07-17 17:42 . 2002-11-25 08:36 45,056 --a------ C:\Windows\System32\Synsopos.exe
2008-07-17 17:42 . 2005-05-09 20:08 33,792 --a------ C:\Windows\System32\drivers\cledx.sys
2008-07-17 17:42 . 2002-11-25 05:46 16,896 --a------ C:\Windows\System32\drivers\synasUSB.sys
2008-07-17 14:51 . 2008-07-17 14:51 223 --a------ C:\Windows\RomeTW.ini
2008-07-14 00:18 . 2008-07-14 00:18 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-07-09 14:45 . 2008-07-09 14:45 <DIR> dr-h----- C:\Users\the_boss\AppData\Roaming\SecuROM
2008-07-09 14:45 . 2008-07-09 14:45 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-07-07 17:14 . 2008-07-18 21:28 <DIR> d-------- C:\Program Files\EA GAMES
2008-07-07 15:42 . <DIR> C:\Windows\Mafia
2008-07-07 15:42 . <DIR> C:\Program Files\Mafia
2008-07-07 11:50 . 2008-07-07 21:05 <DIR> d-------- C:\Users\the_boss\dwhelper
2008-07-07 11:34 . 2008-07-07 11:34 0 --a------ C:\Windows\nsreg.dat
2008-07-06 15:49 . 2008-07-06 15:49 <DIR> d-------- C:\Users\All Users\NFS Underground
2008-07-06 15:49 . 2008-07-06 15:49 <DIR> d-------- C:\ProgramData\NFS Underground
2008-07-04 20:01 . 2008-07-04 20:01 <DIR> d-------- C:\Program Files\ValuSoft
2008-07-04 19:57 . 2008-07-04 19:57 <DIR> d-------- C:\Program Files\18 Wheels of Steel Convoy
2008-07-04 19:02 . 2008-07-04 19:02 <DIR> d-------- C:\Users\All Users\Pinnacle
2008-07-04 19:02 . 2008-07-04 19:02 <DIR> d-------- C:\ProgramData\Pinnacle
2008-07-03 21:02 . 2008-07-19 14:04 <DIR> d-------- C:\MyWorks
2008-07-03 20:34 . 2007-03-02 10:37 260,968 --a------ C:\Windows\System32\e1000msg.dll
2008-07-03 20:34 . 2007-03-02 10:37 214,912 --a------ C:\Windows\System32\drivers\e1e6032.sys
2008-07-03 20:34 . 2007-03-02 10:37 154,496 --a------ C:\Windows\System32\Prounstl.exe
2008-07-03 20:34 . 2007-03-02 10:37 61,304 --a------ C:\Windows\System32\NicInstE.dll
2008-07-03 20:34 . 2007-03-02 10:37 28,536 --a------ C:\Windows\System32\NicCo.dll
2008-07-03 20:34 . 2007-03-02 10:37 2,660 --a------ C:\Windows\System32\e1e6032.din
2008-07-03 20:34 . 2007-03-02 10:37 1,904 --------- C:\Windows\System32\SetupBD.din
2008-07-03 20:31 . 2007-03-02 10:36 4,931,584 --a------ C:\Windows\System32\stacgui.cpl
2008-07-03 20:31 . 2007-03-02 10:36 1,146,880 --a------ C:\Windows\System32\stlang.dll
2008-07-03 20:31 . 2007-03-02 10:36 520,192 --a------ C:\Windows\System32\stapo.dll
2008-07-03 20:31 . 2007-03-02 10:36 303,104 --a------ C:\Windows\sttray.exe
2008-07-03 20:31 . 2007-03-02 10:36 91,648 --a------ C:\Windows\System32\stcplx.dll
2008-07-03 20:31 . 2007-03-02 10:36 90,112 --a------ C:\Windows\System32\stacsv.exe
2008-07-03 20:30 . 2008-07-03 20:30 <DIR> d-------- C:\Program Files\SigmaTel
2008-07-03 20:30 . 2007-03-02 10:36 812,032 --a------ C:\Windows\System32\drivers\stwrt.sys
2008-07-03 20:30 . 2007-03-02 10:36 217,600 --a------ C:\Windows\System32\stapi32.dll
2008-07-03 20:30 . 2007-03-02 10:36 140,800 --a------ C:\Windows\System32\staco.dll
2008-07-03 20:28 . 2008-07-03 20:28 <DIR> d-------- C:\Intel
2008-07-03 20:28 . 2007-03-02 10:36 319,968 -ra------ C:\Windows\System32\difxapi.dll
2008-07-03 20:28 . 2007-03-02 10:36 121,232 -ra------ C:\Windows\System32\IScrNB.bmp
2008-07-03 20:28 . 2007-03-02 10:36 44,416 --a------ C:\Windows\System32\drivers\HECI.sys
2008-07-03 20:25 . 2008-07-03 20:35 <DIR> d-------- C:\Program Files\Intel
2008-07-03 20:24 . 2008-07-03 20:37 <DIR> d-------- C:\TempEI4
2008-07-03 20:01 . 2008-07-10 20:17 <DIR> d-------- C:\Program Files\Google
2008-07-02 17:34 . 2008-07-02 17:34 <DIR> d-------- C:\Users\Falcons_Eye\AppData\Roaming\PC Suite
2008-07-02 10:58 . 2008-07-02 10:58 <DIR> d-------- C:\Program Files\Common Files\Labtec
2008-07-02 10:57 . 2008-07-02 10:57 <DIR> d-------- C:\Program Files\Labtec
2008-07-02 10:57 . 2008-07-02 10:57 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2008-07-02 10:55 . 2007-03-07 03:54 527,136 --a------ C:\Windows\System32\LVUI2RC.dll
2008-07-02 10:55 . 2007-03-07 03:49 491,168 --a------ C:\Windows\System32\drivers\LV561AV.SYS
2008-07-02 10:55 . 2003-02-21 14:42 348,160 --a------ C:\Windows\system\msvcr71.dll
2008-07-02 10:55 . 2007-03-07 03:50 264,992 --a------ C:\Windows\System32\lvcodec2.dll
2008-07-02 10:55 . 2007-03-07 03:54 215,840 --a------ C:\Windows\System32\LVUI2.dll
2008-07-02 10:55 . 2007-03-07 03:51 129,824 --a------ C:\Windows\System32\lvci1051.dll
2008-07-02 10:55 . 2007-03-07 02:02 51,370 --a------ C:\Windows\System32\lvcoinst.ini
2008-07-02 10:55 . 2007-03-07 03:54 41,376 --a------ C:\Windows\System32\drivers\LVUSBSta.sys
2008-07-02 10:55 . 2007-03-07 02:03 13,398 --a------ C:\Windows\System32\Repository.reg
2008-07-02 01:05 . 2008-07-02 01:05 0 --ah----- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-07-02 01:04 . 2008-07-02 01:04 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-07-02 01:02 . 2008-07-17 15:57 <DIR> d-------- C:\Users\the_boss\AppData\Roaming\PC Suite
2008-07-02 01:02 . 2008-07-02 01:04 <DIR> d-------- C:\Users\the_boss\AppData\Roaming\Nokia
2008-07-02 01:02 . 2008-07-02 01:04 <DIR> d-------- C:\Users\All Users\PC Suite
2008-07-02 01:02 . 2008-07-02 01:04 <DIR> d-------- C:\ProgramData\PC Suite
2008-07-02 01:02 . 2008-07-02 01:02 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-07-02 01:02 . 2008-07-02 01:02 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-07-02 01:02 . 2007-09-17 15:53 21,632 --a------ C:\Windows\System32\drivers\pccsmcfd.sys
2008-07-02 01:01 . 2008-07-02 01:02 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-07-02 01:01 . 2008-07-02 01:01 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-07-02 01:00 . 2008-07-02 01:02 <DIR> d-------- C:\Program Files\Nokia
2008-07-02 01:00 . 2007-11-29 10:32 48,128 --a------ C:\Windows\System32\nmwcdcls.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 15:12 --------- d-----w C:\Program Files\MSBuild
2008-01-21 02:41 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 04:21 1233920]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-06-25 00:14 219952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-10 10:48 90192]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-10 10:48 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-02-10 10:48 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"SigmatelSysTrayApp"="sttray.exe" [2007-03-02 10:36 303104 C:\Windows\sttray.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.div2"= divxc32.dll
"vidc.div3"= divxc32.dll
"vidc.div4"= divxc32f.dll
"vidc.xvid"= xvid.dll
"vidc.mjpg"= pvmjpg21.dll
"vidc.hfyu"= huffyuv.dll
"vidc.rt21"= IR21_R.DLL
"vidc.ir21"= IR21_R.DLL
"vidc.iv50"= C:\PROGRA~1\TSUNAM~1\Ir50_32.dll
"msacm.divxa32"= divxa32.acm
"msacm.wrpr"= aviwrap.dll
"vidc.wrpr"= aviwrap.dll
[HKLM\~\startupfolder\C:^Users^the_boss^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Users\the_boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\Windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-02-12 10:06 262401 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-12-13 19:10 1688872 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-03-06 17:48 488984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-03-06 17:58 1060376 C:\Program Files\Labtec\WebCam10\WebCam10.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-03-26 18:41 1232896 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-04-16 12:53 1079808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-07-07 09:42 2156368 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
--a------ 2005-07-15 23:48 479232 C:\Program Files\Google\Gmail Notifier\gnotify.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FF760429-E7D6-42F2-89C7-689D3AFA8C4E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{635C2B5D-52A3-4CF1-B21D-B01EEB0821D1}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{21E95F66-22E3-4503-80E0-2EEED28D72C1}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{645528F7-67D3-4E1C-9A5B-6E165191328B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D52F5E50-C7F3-48F9-870E-882886D7075F}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0524D50E-3111-4803-91C4-CD1A80922AB9}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3B2E4E5C-68A0-42E4-8B81-71EF367FE5D2}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9D46FDAB-74C4-426F-949F-FFD2483D7BF1}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{E6CF5602-A503-4F34-9FDE-733E79602B4D}C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= UDP:C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
"UDP Query User{A75758E5-0C4E-4F0D-BFB7-A70847E9DB69}C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= TCP:C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
"TCP Query User{2CDD2F23-518B-4DB6-80E7-55B8DAC21313}C:\\program files\\zend\\zend studio for eclipse - 6.0.0\\zendstudio.exe"= UDP:C:\program files\zend\zend studio for eclipse - 6.0.0\zendstudio.exe:Zend Studio for Eclipse
"UDP Query User{93EF4974-B3AE-42F2-8059-09EF1661DAE6}C:\\program files\\zend\\zend studio for eclipse - 6.0.0\\zendstudio.exe"= TCP:C:\program files\zend\zend studio for eclipse - 6.0.0\zendstudio.exe:Zend Studio for Eclipse
R0 wasfsd;wasfsd;C:\Windows\system32\drivers\wasfsd.sys [2006-11-09 15:48]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 09:42]
R3 CLEDX;Team H2O CLEDX service;C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 01:37]
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe wampmysqld []
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:21]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:21]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb5365eb-42c3-11dd-bf46-0019d193b6ba}]
\shell\AutoRun\command - G:\Launch.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb5365f4-42c3-11dd-bf46-0019d193b6ba}]
\shell\AutoRun\command - Launcher.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-19 15:44:07 C:\Windows\Tasks\User_Feed_Synchronization-{5D364F24-77DE-4509-814D-C30F8184277C}.job"
- C:\Windows\system32\msfeedssync.exe
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-3c51230c - C:\Windows\system32\kfxhxgsp.dll
ShellExecuteHooks-{53D2B243-C8DF-460C-A3FF-745870147415} - C:\Windows\system32\ljJARhHB.dll
MSConfigStartUp-H2O - C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
MSConfigStartUp-MSServer - C:\Windows\system32\ljJARhHB.dll
MSConfigStartUp-USS - C:\Program Files\USS\USS.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-19 17:41:47
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\conime.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-07-19 17:45:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-19 15:45:17
Pre-Run: 20,189,859,840 bytes free
Post-Run: 26,807,820,288 bytes free
280
HIJACKTHIS log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:51:40 PM, on 7/19/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
--
End of file - 7324 bytes
Is this shit removed??
ComboFix 08-07-18.5 - the_boss 2008-07-19 17:33:04.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1371 [GMT 2:00]
Running from: C:\Users\the_boss\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\System32\doirxmli.ini
C:\Windows\system32\fxhxgspo.dll
C:\Windows\system32\ilmxriod.dll
C:\Windows\system32\jkKeDssR.dll
C:\Windows\system32\kfxhxgsp.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\System32\opsgxhxf.ini
C:\Windows\System32\pptvuuqw.ini
C:\Windows\System32\psgxhxfk.ini
C:\Windows\System32\RssDeKkj.ini
C:\Windows\System32\RssDeKkj.ini2
C:\Windows\system32\wquuvtpp.dll
.
((((((((((((((((((((((((( Files Created from 2008-06-19 to 2008-07-19 )))))))))))))))))))))))))))))))
.
2008-07-19 17:22 . 2008-07-19 17:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-19 16:33 . 2008-07-19 16:33 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-18 21:19 . 2008-07-18 21:18 103,736 --a------ C:\Windows\System32\PnkBstrB.exe
2008-07-18 21:18 . 2008-07-18 21:18 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-07-18 20:53 . 2008-07-19 10:49 <DIR> d-------- C:\Program Files\Electronic Arts
2008-07-18 20:53 . 2007-05-16 16:45 3,497,832 --a------ C:\Windows\System32\d3dx9_34.dll
2008-07-18 19:46 . 2008-07-18 20:40 69 --a------ C:\Windows\NeroDigital.ini
2008-07-18 19:07 . 2008-07-18 19:07 <DIR> dr------- C:\Users\Nestle\Videos
2008-07-18 19:07 . 2008-07-18 19:07 <DIR> dr------- C:\Users\Nestle\Searches
2008-07-18 19:07 . 2008-07-18 19:07 <DIR> dr------- C:\Users\Nestle\Saved Games
2008-07-18 19:07 . 2008-07-18 19:07 <DIR> dr------- C:\Users\Nestle\Pictures
2008-07-18 19:07 . 2008-07-18 19:07 <DIR> dr------- C:\Users\Nestle\Music
2008-07-18 19:07 . 2008-07-18 19:07 <DIR> dr------- C:\Users\Nestle\Links
2008-07-18 19:07 . 2008-07-18 19:07 <DIR> dr------- C:\Users\Nestle\Downloads
2008-07-18 19:07 . 2008-07-18 21:58 <DIR> dr------- C:\Users\Nestle\Documents
2008-07-18 19:07 . 2008-07-18 19:07 <DIR> dr------- C:\Users\Nestle\Contacts
2008-07-18 19:07 . 2006-11-02 14:35 <DIR> d-------- C:\Users\Nestle\AppData\Roaming\Media Center Programs
2008-07-18 19:07 . 2008-07-18 19:07 <DIR> d--h----- C:\Users\Nestle\AppData
2008-07-18 19:07 . 2008-07-18 19:07 <DIR> d-------- C:\Users\Nestle
2008-07-18 18:43 . 2008-07-18 18:43 268 --ah----- C:\sqmdata06.sqm
2008-07-18 18:43 . 2008-07-18 18:43 244 --ah----- C:\sqmnoopt06.sqm
2008-07-18 18:40 . 2008-07-18 18:40 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\vlc
2008-07-18 18:39 . 2008-07-18 18:39 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Nero
2008-07-18 18:37 . 2008-07-18 18:37 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\PC Suite
2008-07-18 17:01 . 2008-07-18 17:01 <DIR> d-------- C:\VundoFix Backups
2008-07-18 15:35 . 2008-07-18 15:35 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-07-18 15:14 . 2008-07-18 17:12 199 --a------ C:\Windows\wininit.ini
2008-07-18 14:53 . 2008-07-18 15:29 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-07-18 14:53 . 2008-07-18 15:29 <DIR> d-------- C:\ProgramData\Lavasoft
2008-07-18 14:53 . 2008-07-18 14:53 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-18 14:52 . 2008-07-18 14:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-18 14:44 . 2008-07-19 16:53 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-18 14:44 . 2008-07-19 16:53 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-07-18 14:37 . 2008-07-18 14:37 <DIR> d-------- C:\Users\All Users\Avira
2008-07-18 14:37 . 2008-07-18 14:37 <DIR> d-------- C:\ProgramData\Avira
2008-07-18 14:37 . 2008-07-18 14:37 <DIR> d-------- C:\Program Files\Avira
2008-07-18 13:51 . 2008-07-18 13:51 <DIR> d-------- C:\Users\the_boss\AppData\Roaming\Nero
2008-07-18 13:47 . 2008-07-18 13:47 <DIR> d-------- C:\Users\All Users\Nero
2008-07-18 13:47 . 2008-07-18 13:47 <DIR> d-------- C:\ProgramData\Nero
2008-07-18 13:47 . 2008-07-18 13:47 <DIR> d-------- C:\Program Files\Nero
2008-07-18 13:47 . 2008-07-18 13:49 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-18 13:44 . 2008-07-18 15:47 <DIR> d-------- C:\Program Files\USS
2008-07-18 13:44 . 2006-11-09 15:48 11,776 --a------ C:\Windows\System32\drivers\wasfsd.sys
2008-07-18 13:43 . 2008-07-18 13:43 65,536 ---hs---- C:\Users\the_boss\MediaTubeCodec_ver1.1463.0.exe
2008-07-18 11:33 . 2008-07-18 11:33 <DIR> d-------- C:\Users\the_boss\Zend
2008-07-18 11:33 . 2008-07-18 11:33 <DIR> d-------- C:\Users\the_boss\AppData\Roaming\Subversion
2008-07-18 11:33 . 2008-07-18 11:33 <DIR> d-------- C:\Users\the_boss\.ZendStudio
2008-07-18 11:13 . 2008-07-19 14:02 <DIR> d--h----- C:\Users\the_boss\InstallAnywhere
2008-07-18 09:10 . 2008-07-18 09:11 <DIR> d-------- C:\wamp
2008-07-17 17:49 . 2008-07-17 17:49 <DIR> d-------- C:\Users\the_boss\AppData\Roaming\Steinberg
2008-07-17 17:42 . 2005-10-17 09:35 704,512 --a------ C:\Windows\System32\SYNSOACC.dll
2008-07-17 17:42 . 1999-12-01 01:40 401,462 --a------ C:\Windows\System32\temp.000
2008-07-17 17:42 . 2004-05-10 15:58 147,456 --a------ C:\Windows\System32\SynsoLChk.dll
2008-07-17 17:42 . 2003-07-31 20:28 147,425 --a------ C:\Windows\System32\SYNSOACC-Aide.chm
2008-07-17 17:42 . 2003-05-26 15:29 120,468 --a------ C:\Windows\System32\SYNSOACC-Hilfe.chm
2008-07-17 17:42 . 2003-05-26 15:29 114,279 --a------ C:\Windows\System32\SYNSOACC-Help.chm
2008-07-17 17:42 . 2002-11-25 08:36 45,056 --a------ C:\Windows\System32\Synsopos.exe
2008-07-17 17:42 . 2005-05-09 20:08 33,792 --a------ C:\Windows\System32\drivers\cledx.sys
2008-07-17 17:42 . 2002-11-25 05:46 16,896 --a------ C:\Windows\System32\drivers\synasUSB.sys
2008-07-17 14:51 . 2008-07-17 14:51 223 --a------ C:\Windows\RomeTW.ini
2008-07-14 00:18 . 2008-07-14 00:18 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-07-09 14:45 . 2008-07-09 14:45 <DIR> dr-h----- C:\Users\the_boss\AppData\Roaming\SecuROM
2008-07-09 14:45 . 2008-07-09 14:45 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-07-07 17:14 . 2008-07-18 21:28 <DIR> d-------- C:\Program Files\EA GAMES
2008-07-07 15:42 . <DIR> C:\Windows\Mafia
2008-07-07 15:42 . <DIR> C:\Program Files\Mafia
2008-07-07 11:50 . 2008-07-07 21:05 <DIR> d-------- C:\Users\the_boss\dwhelper
2008-07-07 11:34 . 2008-07-07 11:34 0 --a------ C:\Windows\nsreg.dat
2008-07-06 15:49 . 2008-07-06 15:49 <DIR> d-------- C:\Users\All Users\NFS Underground
2008-07-06 15:49 . 2008-07-06 15:49 <DIR> d-------- C:\ProgramData\NFS Underground
2008-07-04 20:01 . 2008-07-04 20:01 <DIR> d-------- C:\Program Files\ValuSoft
2008-07-04 19:57 . 2008-07-04 19:57 <DIR> d-------- C:\Program Files\18 Wheels of Steel Convoy
2008-07-04 19:02 . 2008-07-04 19:02 <DIR> d-------- C:\Users\All Users\Pinnacle
2008-07-04 19:02 . 2008-07-04 19:02 <DIR> d-------- C:\ProgramData\Pinnacle
2008-07-03 21:02 . 2008-07-19 14:04 <DIR> d-------- C:\MyWorks
2008-07-03 20:34 . 2007-03-02 10:37 260,968 --a------ C:\Windows\System32\e1000msg.dll
2008-07-03 20:34 . 2007-03-02 10:37 214,912 --a------ C:\Windows\System32\drivers\e1e6032.sys
2008-07-03 20:34 . 2007-03-02 10:37 154,496 --a------ C:\Windows\System32\Prounstl.exe
2008-07-03 20:34 . 2007-03-02 10:37 61,304 --a------ C:\Windows\System32\NicInstE.dll
2008-07-03 20:34 . 2007-03-02 10:37 28,536 --a------ C:\Windows\System32\NicCo.dll
2008-07-03 20:34 . 2007-03-02 10:37 2,660 --a------ C:\Windows\System32\e1e6032.din
2008-07-03 20:34 . 2007-03-02 10:37 1,904 --------- C:\Windows\System32\SetupBD.din
2008-07-03 20:31 . 2007-03-02 10:36 4,931,584 --a------ C:\Windows\System32\stacgui.cpl
2008-07-03 20:31 . 2007-03-02 10:36 1,146,880 --a------ C:\Windows\System32\stlang.dll
2008-07-03 20:31 . 2007-03-02 10:36 520,192 --a------ C:\Windows\System32\stapo.dll
2008-07-03 20:31 . 2007-03-02 10:36 303,104 --a------ C:\Windows\sttray.exe
2008-07-03 20:31 . 2007-03-02 10:36 91,648 --a------ C:\Windows\System32\stcplx.dll
2008-07-03 20:31 . 2007-03-02 10:36 90,112 --a------ C:\Windows\System32\stacsv.exe
2008-07-03 20:30 . 2008-07-03 20:30 <DIR> d-------- C:\Program Files\SigmaTel
2008-07-03 20:30 . 2007-03-02 10:36 812,032 --a------ C:\Windows\System32\drivers\stwrt.sys
2008-07-03 20:30 . 2007-03-02 10:36 217,600 --a------ C:\Windows\System32\stapi32.dll
2008-07-03 20:30 . 2007-03-02 10:36 140,800 --a------ C:\Windows\System32\staco.dll
2008-07-03 20:28 . 2008-07-03 20:28 <DIR> d-------- C:\Intel
2008-07-03 20:28 . 2007-03-02 10:36 319,968 -ra------ C:\Windows\System32\difxapi.dll
2008-07-03 20:28 . 2007-03-02 10:36 121,232 -ra------ C:\Windows\System32\IScrNB.bmp
2008-07-03 20:28 . 2007-03-02 10:36 44,416 --a------ C:\Windows\System32\drivers\HECI.sys
2008-07-03 20:25 . 2008-07-03 20:35 <DIR> d-------- C:\Program Files\Intel
2008-07-03 20:24 . 2008-07-03 20:37 <DIR> d-------- C:\TempEI4
2008-07-03 20:01 . 2008-07-10 20:17 <DIR> d-------- C:\Program Files\Google
2008-07-02 17:34 . 2008-07-02 17:34 <DIR> d-------- C:\Users\Falcons_Eye\AppData\Roaming\PC Suite
2008-07-02 10:58 . 2008-07-02 10:58 <DIR> d-------- C:\Program Files\Common Files\Labtec
2008-07-02 10:57 . 2008-07-02 10:57 <DIR> d-------- C:\Program Files\Labtec
2008-07-02 10:57 . 2008-07-02 10:57 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2008-07-02 10:55 . 2007-03-07 03:54 527,136 --a------ C:\Windows\System32\LVUI2RC.dll
2008-07-02 10:55 . 2007-03-07 03:49 491,168 --a------ C:\Windows\System32\drivers\LV561AV.SYS
2008-07-02 10:55 . 2003-02-21 14:42 348,160 --a------ C:\Windows\system\msvcr71.dll
2008-07-02 10:55 . 2007-03-07 03:50 264,992 --a------ C:\Windows\System32\lvcodec2.dll
2008-07-02 10:55 . 2007-03-07 03:54 215,840 --a------ C:\Windows\System32\LVUI2.dll
2008-07-02 10:55 . 2007-03-07 03:51 129,824 --a------ C:\Windows\System32\lvci1051.dll
2008-07-02 10:55 . 2007-03-07 02:02 51,370 --a------ C:\Windows\System32\lvcoinst.ini
2008-07-02 10:55 . 2007-03-07 03:54 41,376 --a------ C:\Windows\System32\drivers\LVUSBSta.sys
2008-07-02 10:55 . 2007-03-07 02:03 13,398 --a------ C:\Windows\System32\Repository.reg
2008-07-02 01:05 . 2008-07-02 01:05 0 --ah----- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-07-02 01:04 . 2008-07-02 01:04 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-07-02 01:02 . 2008-07-17 15:57 <DIR> d-------- C:\Users\the_boss\AppData\Roaming\PC Suite
2008-07-02 01:02 . 2008-07-02 01:04 <DIR> d-------- C:\Users\the_boss\AppData\Roaming\Nokia
2008-07-02 01:02 . 2008-07-02 01:04 <DIR> d-------- C:\Users\All Users\PC Suite
2008-07-02 01:02 . 2008-07-02 01:04 <DIR> d-------- C:\ProgramData\PC Suite
2008-07-02 01:02 . 2008-07-02 01:02 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-07-02 01:02 . 2008-07-02 01:02 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-07-02 01:02 . 2007-09-17 15:53 21,632 --a------ C:\Windows\System32\drivers\pccsmcfd.sys
2008-07-02 01:01 . 2008-07-02 01:02 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-07-02 01:01 . 2008-07-02 01:01 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-07-02 01:00 . 2008-07-02 01:02 <DIR> d-------- C:\Program Files\Nokia
2008-07-02 01:00 . 2007-11-29 10:32 48,128 --a------ C:\Windows\System32\nmwcdcls.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 15:12 --------- d-----w C:\Program Files\MSBuild
2008-01-21 02:41 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 04:21 1233920]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-06-25 00:14 219952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-10 10:48 90192]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-10 10:48 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-02-10 10:48 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"SigmatelSysTrayApp"="sttray.exe" [2007-03-02 10:36 303104 C:\Windows\sttray.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.div2"= divxc32.dll
"vidc.div3"= divxc32.dll
"vidc.div4"= divxc32f.dll
"vidc.xvid"= xvid.dll
"vidc.mjpg"= pvmjpg21.dll
"vidc.hfyu"= huffyuv.dll
"vidc.rt21"= IR21_R.DLL
"vidc.ir21"= IR21_R.DLL
"vidc.iv50"= C:\PROGRA~1\TSUNAM~1\Ir50_32.dll
"msacm.divxa32"= divxa32.acm
"msacm.wrpr"= aviwrap.dll
"vidc.wrpr"= aviwrap.dll
[HKLM\~\startupfolder\C:^Users^the_boss^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Users\the_boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\Windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-02-12 10:06 262401 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-12-13 19:10 1688872 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-03-06 17:48 488984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-03-06 17:58 1060376 C:\Program Files\Labtec\WebCam10\WebCam10.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-03-26 18:41 1232896 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-04-16 12:53 1079808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-07-07 09:42 2156368 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
--a------ 2005-07-15 23:48 479232 C:\Program Files\Google\Gmail Notifier\gnotify.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FF760429-E7D6-42F2-89C7-689D3AFA8C4E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{635C2B5D-52A3-4CF1-B21D-B01EEB0821D1}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{21E95F66-22E3-4503-80E0-2EEED28D72C1}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{645528F7-67D3-4E1C-9A5B-6E165191328B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D52F5E50-C7F3-48F9-870E-882886D7075F}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0524D50E-3111-4803-91C4-CD1A80922AB9}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3B2E4E5C-68A0-42E4-8B81-71EF367FE5D2}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9D46FDAB-74C4-426F-949F-FFD2483D7BF1}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{E6CF5602-A503-4F34-9FDE-733E79602B4D}C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= UDP:C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
"UDP Query User{A75758E5-0C4E-4F0D-BFB7-A70847E9DB69}C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= TCP:C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
"TCP Query User{2CDD2F23-518B-4DB6-80E7-55B8DAC21313}C:\\program files\\zend\\zend studio for eclipse - 6.0.0\\zendstudio.exe"= UDP:C:\program files\zend\zend studio for eclipse - 6.0.0\zendstudio.exe:Zend Studio for Eclipse
"UDP Query User{93EF4974-B3AE-42F2-8059-09EF1661DAE6}C:\\program files\\zend\\zend studio for eclipse - 6.0.0\\zendstudio.exe"= TCP:C:\program files\zend\zend studio for eclipse - 6.0.0\zendstudio.exe:Zend Studio for Eclipse
R0 wasfsd;wasfsd;C:\Windows\system32\drivers\wasfsd.sys [2006-11-09 15:48]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 09:42]
R3 CLEDX;Team H2O CLEDX service;C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 01:37]
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe wampmysqld []
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:21]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:21]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb5365eb-42c3-11dd-bf46-0019d193b6ba}]
\shell\AutoRun\command - G:\Launch.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb5365f4-42c3-11dd-bf46-0019d193b6ba}]
\shell\AutoRun\command - Launcher.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-19 15:44:07 C:\Windows\Tasks\User_Feed_Synchronization-{5D364F24-77DE-4509-814D-C30F8184277C}.job"
- C:\Windows\system32\msfeedssync.exe
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-3c51230c - C:\Windows\system32\kfxhxgsp.dll
ShellExecuteHooks-{53D2B243-C8DF-460C-A3FF-745870147415} - C:\Windows\system32\ljJARhHB.dll
MSConfigStartUp-H2O - C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
MSConfigStartUp-MSServer - C:\Windows\system32\ljJARhHB.dll
MSConfigStartUp-USS - C:\Program Files\USS\USS.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-19 17:41:47
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\conime.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-07-19 17:45:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-19 15:45:17
Pre-Run: 20,189,859,840 bytes free
Post-Run: 26,807,820,288 bytes free
280
HIJACKTHIS log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:51:40 PM, on 7/19/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
--
End of file - 7324 bytes