Who knows what is here.. but here are the logs [Archive]

View Full Version : Who knows what is here.. but here are the logs

Somnus

2006-08-28, 18:47

Logfile of HijackThis v1.99.1
Scan saved at 10:30:35 AM, on 8/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HUJ\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {8A5D41F0-1291-4FBA-902B-44592A38BF3F} - C:\Program Files\Windows Media Player\mevo.dll
O2 - BHO: Ads Filter BHO - {8DE6DCEB-AD6E-43BB-9D31-F59D0B236E53} - C:\PROGRA~1\Helexis\ADSFIL~1\ADSFIL~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [defender] C:\\dfndrff_14.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_14.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [win32079301074405] C:\WINDOWS\win32079301074405.exe
O4 - HKLM\..\Run: [ycca8a0f] RUNDLL32.EXE w28fab13.dll,n 003a8a0c0000000a28fab13
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKCU\..\Run: [DOpus] C:\Program Files\GPSoftware\Directory Opus\dopus.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Ads Filter... - res://C:\PROGRA~1\Helexis\ADSFIL~1\ADSFIL~1.DLL/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Ads Filter - {0F0BF1C1-8AE0-4FC5-BF51-5EB9B62742A5} - C:\PROGRA~1\Helexis\ADSFIL~1\ADSFIL~1.DLL
O9 - Extra 'Tools' menuitem: Ads Filter - {0F0BF1C1-8AE0-4FC5-BF51-5EB9B62742A5} - C:\PROGRA~1\Helexis\ADSFIL~1\ADSFIL~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155605432921
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: DIFx - C:\WINDOWS\system32\striptpw.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\rnutetab.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Scan results from eTrust online scan:

mevo.dll Win32/Zquest.D cannot cure C:\Program Files\Windows Media Player\
Duce6.exe Win32/SillyDl.AWC cannot cure C:\WINDOWS\
nem220.dll_tobedeleted Win32/Dyfuca.D cannot cure C:\WINDOWS\
RDFX4.exe Win32/Zquest.D cannot cure C:\WINDOWS\
v1201.exe Win32/Actux.A cannot cure C:\WINDOWS\

Peter - 06-08-28 10:35:54.93
ComboFix 06.08.27BT - Running from: C:\Documents and Settings\Peter\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Granting sedebugprivilege to Administrators ... successful

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\repairs303169590.dll_tobedeleted

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\Duce6.exe
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\uninst104.exe
C:\Program Files\Deskbar

((((((((((((((((((((((((((((((( Files Created from 2006-07-28 to 2006-08-28 ))))))))))))))))))))))))))))))))))

2006-08-28 06:42 61,952 --a------ C:\WINDOWS\system32\ycca8a0f.dll
2006-08-28 06:42 53,120 --a------ C:\WINDOWS\srvioscbdm.exe
2006-08-28 06:42 215,308 --a------ C:\WINDOWS\srvcbwjqjb.exe
2006-08-28 06:42 159,744 --a------ C:\WINDOWS\win32079301074405.exe
2006-08-28 06:42 110,592 --a------ C:\WINDOWS\v1201.exe
2006-08-28 06:42 1,233 --a------ C:\WINDOWS\system32\ycca8a0f.sys
2006-08-28 06:41 48,190 --a------ C:\WINDOWS\RDFX4.exe
2006-08-26 00:37 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-08-25 18:17 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-08-23 00:31 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-08-23 00:31 5,906,432 --------- C:\WINDOWS\system32\ieframe.dll
2006-08-23 00:31 457,728 --------- C:\WINDOWS\system32\msfeeds.dll
2006-08-23 00:31 175,616 --------- C:\WINDOWS\system32\ieui.dll
2006-08-23 00:18 206,336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-08-23 00:13 11,776 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-08-23 00:11 12,288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-08-23 00:10 61,440 --------- C:\WINDOWS\system32\icardie.dll
2006-08-23 00:09 262,656 --------- C:\WINDOWS\system32\iertutil.dll
2006-08-22 23:36 380,928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-08-21 14:48 53,248 --a------ C:\WINDOWS\uni_ehhhh.exe
2006-08-15 23:05 83,208 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-08-15 17:36 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-08-15 17:36 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-08-15 13:47 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-08-15 10:20 41,984 --------- C:\WINDOWS\Ctregrun.exe
2006-08-15 10:17 90,112 --------- C:\WINDOWS\Updreg.EXE
2006-08-15 10:17 84,992 --------- C:\WINDOWS\system32\SFCVRT32.DLL
2006-08-15 10:17 82,432 --------- C:\WINDOWS\system32\CTWFLT32.DLL
2006-08-15 10:17 54,784 --------- C:\WINDOWS\system32\INETWH32.DLL
2006-08-15 10:17 53,552 --------- C:\WINDOWS\CTCCW.DLL
2006-08-15 10:17 26,768 --------- C:\WINDOWS\system32\CTL3D.DLL
2006-08-15 10:17 24,976 --------- C:\WINDOWS\CTRES.DLL
2006-08-15 10:16 77,824 --a------ C:\WINDOWS\system32\EAXAC3.DLL
2006-08-15 10:16 73,728 --a------ C:\WINDOWS\system32\ctcoinst.dll
2006-08-15 10:16 692,306 --a------ C:\WINDOWS\system32\ctaudfx.dll
2006-08-15 10:16 606,208 --a------ C:\WINDOWS\system32\ctsblfx.dll
2006-08-15 10:16 57,344 --a------ C:\WINDOWS\system32\CTAGENT.DLL
2006-08-15 10:16 53,248 --a------ C:\WINDOWS\system32\KILLAPPS.EXE
2006-08-15 10:16 49,152 --a------ C:\WINDOWS\system32\REGPLIB.EXE
2006-08-15 10:16 49,152 --a------ C:\WINDOWS\MIDIDEF.EXE
2006-08-15 10:16 49,152 --a------ C:\WINDOWS\CTDCRES.DLL
2006-08-15 10:16 475,136 --a------ C:\WINDOWS\system32\CTDC0001.DLL
2006-08-15 10:16 45,056 --a------ C:\WINDOWS\system32\CTSPKHLP.DLL
2006-08-15 10:16 36,864 --a------ C:\WINDOWS\system32\sfman32.dll
2006-08-15 10:16 36,864 --a------ C:\WINDOWS\system32\CTEMUPIA.DLL
2006-08-15 10:16 327,680 --a------ C:\WINDOWS\system32\CTDC0000.DLL
2006-08-15 10:16 28,672 --a------ C:\WINDOWS\system32\CTMMEP.DLL
2006-08-15 10:16 24,576 --a------ C:\WINDOWS\system32\CTHELPER.EXE
2006-08-15 10:16 20,480 --a------ C:\WINDOWS\system32\ENSDEF.EXE
2006-08-15 10:16 20,480 --a------ C:\WINDOWS\INRES.DLL
2006-08-15 10:16 192,590 --a------ C:\WINDOWS\system32\CTOSUSER.DLL
2006-08-15 10:16 184,320 --a------ C:\WINDOWS\PSCONV.EXE
2006-08-15 10:16 180,224 --a------ C:\WINDOWS\READREG.EXE
2006-08-15 10:16 151,633 --a------ C:\WINDOWS\system32\CTASIO.DLL
2006-08-15 10:16 147,456 --a------ C:\WINDOWS\system32\ctdvinst.dll
2006-08-15 10:16 139,343 --a------ C:\WINDOWS\system32\PIAPROXY.DLL
2006-08-15 10:16 139,337 --a------ C:\WINDOWS\system32\CTDPROXY.DLL
2006-08-15 10:16 139,264 --a------ C:\WINDOWS\system32\CTDCIFCE.DLL
2006-08-15 10:16 118,868 --a------ C:\WINDOWS\system32\commonfx.dll
2006-08-15 10:16 118,784 --a------ C:\WINDOWS\system32\CTSCAL.DLL
2006-08-15 10:16 114,778 --a------ C:\WINDOWS\DEVREG.DLL
2006-08-15 10:16 106,496 --a------ C:\WINDOWS\system32\CTTHXCAL.DLL
2006-08-15 00:28 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2006-08-14 20:46 53,248 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2006-08-14 20:46 492 --a------ C:\WINDOWS\system32\outfix.reg
2006-08-14 20:46 32,768 --a------ C:\WINDOWS\system32\ServiceRepair.exe
2006-08-14 20:46 25,302 --a------ C:\WINDOWS\system32\tcpipbak.reg
2006-08-14 20:46 2,106,616 --a------ C:\WINDOWS\system32\ie-ads.reg
2006-08-14 20:46 2,039,007 --a------ C:\WINDOWS\system32\ie-ads-uninst.reg
2006-08-14 20:46 130,819 --a------ C:\WINDOWS\system32\adult.reg
2006-08-14 20:46 114,071 --a------ C:\WINDOWS\system32\adult-uninst.reg
2006-08-14 20:39 2,977,792 --------- C:\WINDOWS\UNNMP.exe
2006-08-14 20:39 2,977,792 --------- C:\WINDOWS\UNNeroShowTime.exe
2006-08-14 20:37 3,051,520 --------- C:\WINDOWS\UNNeroVision.exe
2006-08-14 20:37 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2006-08-14 20:36 38,912 --------- C:\WINDOWS\system32\picn20.dll
2006-08-14 20:35 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2006-08-14 20:35 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2006-08-14 20:35 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2006-08-14 20:35 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2006-08-14 20:35 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-08-14 20:35 106,496 --------- C:\WINDOWS\system32\TwnLib20.dll
2006-08-14 20:35 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2006-08-14 20:25 90,112 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-14 20:25 856,064 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-08-14 20:25 620,180 --a------ C:\WINDOWS\system32\divx.dll
2006-08-14 20:25 579,090 --a------ C:\WINDOWS\system32\x264vfw.dll
2006-08-14 20:25 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2006-08-14 20:25 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-08-14 20:25 217,088 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-08-14 20:25 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-08-14 20:25 200,704 --a------ C:\WINDOWS\system32\dtu100.dll
2006-08-14 20:25 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2006-08-14 20:25 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-08-14 20:19 34,308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-08-14 20:13 1,044,480 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2006-08-14 19:51 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2006-08-14 19:32 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-14 19:04 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-08-14 19:04 149,504 --------- C:\WINDOWS\system32\MFCANS32.DLL
2006-08-14 19:04 108,032 --------- C:\WINDOWS\system32\MFCUIA32.DLL
2006-08-14 19:02 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2006-08-14 19:02 53,248 --a------ C:\WINDOWS\system32\AC3API.DLL
2006-08-14 19:02 200,779 --a------ C:\WINDOWS\system32\SFMS32.DLL
2006-08-14 19:02 159,826 --a------ C:\WINDOWS\system32\OPENAL32.DLL
2006-08-14 18:55 363,520 --a------ C:\WINDOWS\system32\PsisDecd.dll
2006-08-14 18:43 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-08-14 18:43 0 -rahs---- C:\MSDOS.SYS
2006-08-14 18:43 0 -rahs---- C:\IO.SYS
2006-08-14 18:43 0 --a------ C:\CONFIG.SYS
2006-08-14 18:43 0 --a------ C:\AUTOEXEC.BAT
2006-08-14 18:41 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-08-14 18:41 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-08-14 18:41 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-08-14 18:41 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-08-14 18:41 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-08-14 18:41 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-08-14 18:41 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-08-14 18:41 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-08-14 18:41 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-08-14 18:41 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-08-14 18:41 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-08-14 18:41 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-08-14 18:41 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-08-14 18:41 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-08-14 18:41 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-08-14 18:41 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-08-14 18:41 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-08-14 18:41 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-08-14 18:41 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-08-14 18:41 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-08-14 18:41 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-08-14 18:41 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-08-14 18:41 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-08-14 18:41 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-08-14 18:41 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-08-14 18:41 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-08-14 18:41 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-08-14 18:41 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2006-08-14 18:41 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-08-14 18:41 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-08-14 18:41 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-08-14 18:41 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-08-14 18:41 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-08-14 18:41 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-08-14 18:41 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-14 18:41 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-08-14 18:41 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-08-14 18:41 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-08-14 18:41 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-08-14 18:41 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-08-14 18:41 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-08-14 18:41 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-08-14 18:40 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-08-14 18:40 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-08-14 18:40 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-08-14 18:40 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-08-14 18:40 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-08-14 18:40 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-08-14 18:40 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-08-14 18:39 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-08-14 18:39 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-08-14 18:39 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-08-14 18:39 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-08-14 18:39 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-08-14 18:39 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-08-14 18:39 85,504 --a------

Somnus

2006-08-28, 18:48

C:\WINDOWS\system32\catsrvps.dll
2006-08-14 18:39 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-08-14 18:39 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-08-14 18:39 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-08-14 18:39 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-08-14 18:39 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-08-14 18:39 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-08-14 18:39 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-08-14 18:39 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-08-14 18:39 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-08-14 18:39 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-08-14 18:39 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-08-14 18:39 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-08-14 18:39 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-08-14 18:39 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-08-14 18:39 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-08-14 18:39 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-08-14 18:39 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-08-14 18:39 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-08-14 18:39 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-08-14 18:39 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-08-14 18:39 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-08-14 18:39 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-08-14 18:39 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-08-14 18:39 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-08-14 18:39 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-08-14 18:39 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-08-14 18:39 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-08-14 18:39 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-08-14 18:39 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-08-14 18:39 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-08-14 18:39 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-08-14 18:39 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-08-14 18:39 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-08-14 18:39 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-08-14 18:39 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-08-14 18:39 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-08-14 18:39 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-08-14 18:39 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-08-14 18:39 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-08-14 18:39 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-08-14 18:39 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-08-14 18:39 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-08-14 18:39 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-08-14 18:39 16,384 --a------
C:\WINDOWS\system32\tskill.exe
2006-08-14 18:39 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-08-14 18:39 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-08-14 18:39 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-08-14 18:39 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-08-14 18:39 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-08-14 18:39 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-08-14 18:39 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-08-14 18:39 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-08-14 18:39 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-08-14 18:39 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-08-14 18:39 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-08-14 18:39 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-08-14 18:39 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-08-14 18:39 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-08-14 18:39 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-08-14 18:39 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-08-14 18:39 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-08-14 18:39 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-08-14 18:39 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-08-14 18:39 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-08-14 18:39 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-08-14 12:36 53,760 --a------ s.
C:\WINDOWS\system32\vfwwdm32.dll
2006-08-14 12:36 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-08-14 12:35 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-08-14 12:34 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-08-14 12:34 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-08-14 12:34 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-08-14 12:34 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-08-14 12:34 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-08-14 12:34 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-08-14 12:34 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-08-14 12:34 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-08-14 12:34 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-08-14 12:34 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-08-14 12:34 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-08-14 12:34 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-08-14 12:34 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-08-14 12:34 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-08-14 12:34 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-08-14 12:33 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-08-14 12:33 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-08-14 12:33 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-08-14 12:33 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-08-14 12:33 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-08-14 12:33 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-08-14 12:33 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-08-14 12:33 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-08-14 12:33 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-08-14 12:33 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-08-14 12:33 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-08-14 12:33 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-08-14 12:33 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-08-14 12:33 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-08-14 12:33 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-08-14 12:33 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-08-14 12:33 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-08-14 12:33 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-08-14 12:33 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-08-14 12:33 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-08-14 12:33 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-08-14 12:33 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-08-14 12:33 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-08-14 12:33 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-08-14 12:33 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-08-14 12:33 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-08-14 12:33 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-08-14 12:33 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-08-14 12:33 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-08-14 12:33 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-08-14 12:33 17,920 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-08-14 12:33 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-08-14 12:33 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-08-14 12:33 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-07-29 19:32 48,936 --a------ C:\WINDOWS\system32\sirenacm.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-08-28 10:33 -------- d-------- C:\Program Files\Mozilla Thunderbird
2006-08-28 10:31 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-28 07:47 -------- d-------- C:\Documents and Settings\Peter\Application Data\Sun
2006-08-28 07:36 -------- d-------- C:\Program Files\MSN
2006-08-28 07:36 -------- d-------- C:\Program Files\Common Files
2006-08-28 06:53 -------- d-------- C:\Program Files\Common Files\kiof
2006-08-28 06:48 -------- d-------- C:\Program Files\CCleaner
2006-08-28 06:42 -------- d-------- C:\Program Files\Windows Media Player
2006-08-28 06:09 -------- d-------- C:\Program Files\eMule
2006-08-27 17:59 -------- d-------- C:\Documents and Settings\Peter\Application Data\uTorrent
2006-08-27 12:40 -------- d-------- C:\Program Files\Common Files\NSV
2006-08-26 10:55 -------- d-------- C:\Program Files\Unlocker
2006-08-25 18:21 -------- d-------- C:\Program Files\Internet Explorer
2006-08-25 18:03 -------- d-------- C:\Program Files\Microsoft
2006-08-24 18:39 -------- d-------- C:\Program Files\Clash N Slash Worlds Away
2006-08-24 17:43 -------- d-------- C:\Program Files\Clash N Slash
2006-08-24 16:49 -------- d-------- C:\Program Files\LEGO Software
2006-08-24 14:05 -------- d-------- C:\Documents and Settings\Peter\Application Data\LimeWire
2006-08-24 02:06 -------- d-------- C:\Program Files\Agent
2006-08-23 21:10 -------- d-------- C:\Program Files\Digital Asphyxia
2006-08-23 18:40 -------- d---s---- C:\Documents and Settings\Peter\Application Data\Microsoft
2006-08-23 14:13 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2006-08-23 14:13 -------- d-------- C:\Program Files\Motorola Phone Tools
2006-08-23 14:09 -------- d-------- C:\Program Files\Avanquest update
2006-08-23 14:06 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-23 00:31 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-08-23 00:31 225792 --a------ C:\WINDOWS\system32\webcheck.dll
2006-08-23 00:31 152064 --a------ C:\WINDOWS\system32\msls31.dll
2006-08-23 00:18 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-08-23 00:17 40448 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-08-23 00:17 105472 --a------ C:\WINDOWS\system32\url.dll
2006-08-23 00:17 100352 --a------ C:\WINDOWS\system32\occache.dll
2006-08-23 00:16 16896 --a------ C:\WINDOWS\system32\corpol.dll
2006-08-23 00:14 378368 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-08-23 00:14 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-08-23 00:13 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-08-23 00:13 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-08-23 00:13 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-08-23 00:13 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-08-23 00:13 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-08-23 00:13 122880 --a------ C:\WINDOWS\system32\advpack.dll
2006-08-23 00:10 35328 --a------ C:\WINDOWS\system32\imgutil.dll
2006-08-23 00:07 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-08-22 23:37 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-08-22 23:30 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-08-22 04:31 -------- d-------- C:\Program Files\RegSupreme Pro
2006-08-22 03:41 -------- d-------- C:\Program Files\Helexis
2006-08-22 03:41 -------- d-------- C:\Documents and Settings\Peter\Application Data\Helexis
2006-08-21 23:19 -------- d-------- C:\Program Files\Winamp
2006-08-21 21:07 -------- d-------- C:\Program Files\Abyss Web Server
2006-08-20 17:11 -------- d-------- C:\Program Files\LimeWire
2006-08-20 15:42 -------- d-------- C:\Documents and Settings\Peter\Application Data\SpamBayes
2006-08-20 15:41 -------- d-------- C:\Program Files\SpamBayes
2006-08-17 22:13 -------- d-------- C:\Program Files\WinBoard
2006-08-17 13:45 -------- d-------- C:\Program Files\FlashFXP
2006-08-17 02:08 -------- d-------- C:\Program Files\FileZilla
2006-08-16 17:52 -------- d-------- C:\Program Files\NEC DISPLAY SOLUTIONS
2006-08-16 13:26 -------- d-------- C:\Program Files\WinRAR
2006-08-16 00:53 -------- d-------- C:\Program Files\Symantec
2006-08-15 23:05 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-08-15 23:04 73496 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-08-15 23:04 -------- d-------- C:\Program Files\Symantec_Client_Security
2006-08-15 23:04 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-08-15 10:20 -------- d-------- C:\Program Files\Creative
2006-08-15 10:16 -------- d-------- C:\Documents and Settings\Peter\Application Data\Creative
2006-08-15 09:32 -------- d-------- C:\Program Files\Driver Cleaner Pro
2006-08-15 08:25 -------- d-------- C:\Documents and Settings\Peter\Application Data\AdobeUM
2006-08-15 08:24 -------- d-------- C:\Documents and Settings\Peter\Application Data\Adobe
2006-08-15 01:42 -------- d-------- C:\Documents and Settings\Peter\Application Data\Media Player Classic
2006-08-15 01:35 -------- d-------- C:\Program Files\YahELite
2006-08-15 00:57 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-15 00:56 -------- d-------- C:\Program Files\MSBuild
2006-08-15 00:56 -------- d-------- C:\Program Files\Microsoft Visual Studio 8
2006-08-15 00:56 -------- d-------- C:\Program Files\HTML Help Workshop
2006-08-15 00:55 -------- d-------- C:\Program Files\Common Files\Merge Modules
2006-08-15 00:27 -------- d-------- C:\Program Files\Microsoft Office
2006-08-15 00:27 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-08-15 00:27 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-08-15 00:26 -------- d-------- C:\Program Files\Microsoft.NET
2006-08-15 00:26 -------- d-------- C:\Program Files\Common Files\System
2006-08-14 22:55 -------- d-------- C:\Program Files\RAXCO
2006-08-14 22:55 -------- d-------- C:\Program Files\Common Files\Raxco
2006-08-14 21:18 -------- d-------- C:\Program Files\Yahoo!
2006-08-14 21:09 -------- d-------- C:\Documents and Settings\Peter\Application Data\Macromedia
2006-08-14 20:46 -------- d-------- C:\Program Files\XP Smoker
2006-08-14 20:45 -------- d-------- C:\Program Files\TuneUp Utilities 2006
2006-08-14 20:45 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-08-14 20:45 -------- d-------- C:\Documents and Settings\Peter\Application Data\TuneUp Software
2006-08-14 20:44 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2006-08-14 20:38 -------- d-------- C:\Program Files\Ahead
2006-08-14 20:35 -------- d-------- C:\Program Files\Common Files\Ahead
2006-08-14 20:32 -------- d-------- C:\Program Files\MSN Messenger
2006-08-14 20:28 -------- d-------- C:\Program Files\Google
2006-08-14 20:27 -------- d-------- C:\Program Files\ZakFromAnotherPlanet
2006-08-14 20:26 -------- d-------- C:\Program Files\Lupas Rename 2000
2006-08-14 20:26 -------- d-------- C:\Program Files\ImgBurn
2006-08-14 20:25 -------- d-------- C:\Program Files\KeePass Password Safe
2006-08-14 20:25 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-08-14 20:25 -------- d-------- C:\Program Files\DAMN NFO Viewer
2006-08-14 20:24 -------- d-------- C:\Program Files\Common Files\Adobe
2006-08-14 20:23 81920 --a------ C:\Documents and Settings\Peter\Application Data\ezpinst.exe
2006-08-14 20:23 7176 --a------ C:\Documents and Settings\Peter\Application Data\pcouffin.cat
2006-08-14 20:23 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2006-08-14 20:23 47360 --a------ C:\Documents and Settings\Peter\Application Data\pcouffin.sys
2006-08-14 20:23 34 --a------ C:\Documents and Settings\Peter\Application Data\pcouffin.log
2006-08-14 20:23 1144 --a------ C:\Documents and Settings\Peter\Application Data\pcouffin.inf
2006-08-14 20:23 -------- d-------- C:\Program Files\vso
2006-08-14 20:23 -------- d-------- C:\Program Files\Adobe
2006-08-14 20:23 -------- d-------- C:\Documents and Settings\Peter\Application Data\Vso

Somnus

2006-08-28, 18:48

2006-08-14 20:22 -------- d-------- C:\Program Files\UltraISO
2006-08-14 20:22 -------- d-------- C:\Program Files\Common Files\EZB Systems
2006-08-14 20:21 -------- d-------- C:\Program Files\Java
2006-08-14 20:20 -------- d-------- C:\Program Files\Common Files\Java
2006-08-14 20:19 -------- d-------- C:\Documents and Settings\Peter\Application Data\FlashFXP
2006-08-14 20:13 -------- d-------- C:\Program Files\GPSoftware
2006-08-14 20:13 -------- d-------- C:\Documents and Settings\Peter\Application Data\GPSoftware
2006-08-14 20:09 -------- d-------- C:\Documents and Settings\Peter\Application Data\Notepad++
2006-08-14 19:54 -------- d-------- C:\Program Files\Outlook Express
2006-08-14 19:51 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-08-14 19:48 -------- d-------- C:\Program Files\Notepad++
2006-08-14 19:48 -------- d-------- C:\Program Files\Messenger
2006-08-14 19:42 -------- d-------- C:\Documents and Settings\Peter\Application Data\Thunderbird
2006-08-14 19:42 -------- d-------- C:\Documents and Settings\Peter\Application Data\Talkback
2006-08-14 19:42 -------- d-------- C:\Documents and Settings\Peter\Application Data\Mozilla
2006-08-14 19:40 -------- d-------- C:\Program Files\MozBackup
2006-08-14 19:13 -------- d-------- C:\Program Files\NT Registry Optimizer
2006-08-14 19:11 -------- d-------- C:\Program Files\Online Services
2006-08-14 18:59 -------- d-------- C:\Documents and Settings\Peter\Application Data\Help
2006-08-14 18:50 -------- d-------- C:\Program Files\Intel
2006-08-14 18:49 -------- d-------- C:\Program Files\Intel Dekstop Boards
2006-08-14 18:48 -------- d--h----- C:\Program Files\Uninstall Information
2006-08-14 18:48 -------- d-------- C:\Documents and Settings\Peter\Application Data\Identities
2006-08-14 18:44 -------- d-------- C:\Program Files\xerox
2006-08-14 18:44 -------- d-------- C:\Program Files\microsoft frontpage
2006-08-14 18:42 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-14 18:41 -------- d-------- C:\Program Files\NetMeeting
2006-08-14 18:41 -------- d-------- C:\Program Files\Movie Maker
2006-08-14 18:41 -------- d-------- C:\Program Files\Common Files\Services
2006-08-14 18:41 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-08-14 18:40 -------- d-------- C:\Program Files\Windows NT
2006-08-14 18:40 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-14 18:40 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-14 12:34 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-08-14 12:34 -------- d-------- C:\Program Files\Common Files\ODBC
2006-08-14 12:33 62 --ahs---- C:\Documents and Settings\Peter\Application Data\desktop.ini
2006-07-21 02:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-06-29 08:05 26112 --------- C:\WINDOWS\system32\idndl.dll
2006-06-29 08:05 23552 --------- C:\WINDOWS\system32\normaliz.dll
2006-06-28 17:59 24576 --------- C:\WINDOWS\system32\nlsdl.dll
2006-06-07 11:55 3626 --a------ C:\Program Files\Common Files\mebe.html
2006-06-06 09:52 172032 --a------ C:\WINDOWS\system32\Ncs2Setp.dll
2006-06-05 19:05 774144 --a------ C:\WINDOWS\system32\ncscolib.dll
2006-06-01 17:22 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-06-01 17:22 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-06-01 17:22 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-06-01 17:22 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-06-01 17:22 7618560 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-06-01 17:22 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-06-01 17:22 5652480 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-06-01 17:22 5632000 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-06-01 17:22 5246976 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-06-01 17:22 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-06-01 17:22 462848 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-06-01 17:22 4529408 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-06-01 17:22 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-06-01 17:22 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-06-01 17:22 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-06-01 17:22 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-06-01 17:22 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-06-01 17:22 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-06-01 17:22 3100672 --a------ C:\WINDOWS\system32\nvgames.dll
2006-06-01 17:22 2977792 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-06-01 17:22 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-06-01 17:22 2916352 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-06-01 17:22 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-06-01 17:22 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-06-01 17:22 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-06-01 17:22 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-06-01 17:22 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-06-01 17:22 1740800 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-06-01 17:22 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-06-01 17:22 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-06-01 17:22 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-06-01 17:22 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-06-01 17:22 1466368 --a------ C:\WINDOWS\system32\nview.dll
2006-06-01 17:22 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-06-01 17:22 1257472 --a------ C:\WINDOWS\system32\nvwss.dll
2006-06-01 17:22 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-06-01 17:22 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe /r"
"CTHelper"="CTHELPER.EXE"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"ACTX1"="C:\\WINDOWS\\v1201.exe"
"win32079301074405"="C:\\WINDOWS\\win32079301074405.exe"
"ycca8a0f"="RUNDLL32.EXE w28fab13.dll,n 003a8a0c0000000a28fab13"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DOpus"="C:\\Program Files\\GPSoftware\\Directory Opus\\dopus.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"ClassicShell"=dword:00000000
"NoRemoteRecursiveEvents"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoSaveSettings"=dword:00000000
"ForceClassicControlPanel"=dword:00000001
"ClassicShell"=dword:00000000
"NoLowDiskSpaceChecks"=dword:00000001
"NoInstrumentation"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"NoVisualStyleChoice"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\MSN\\podobiti.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\Common Files\\mebe.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e4,03,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,b5,00,00,00,80,00,00,00,76,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"=""

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job

Completion time: Mon 08/28/2006 10:37:28.78
ComboFix.txt

And I ran the gmer.exe and it found no rootkits.

Somnus

2006-08-28, 22:00

After some searching on the forums here I took it upon myself to use some of the more common tools like ewido, trojan hunter, a registry cleaner, and the TrendMicro Online scanner to try and get rid of all the crap, and I think I succeeded. Here is my new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:54:46 PM, on 8/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HUJ\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {8A5D41F0-1291-4FBA-902B-44592A38BF3F} - C:\Program Files\Windows Media Player\mevo.dll (file missing)
O2 - BHO: Ads Filter BHO - {8DE6DCEB-AD6E-43BB-9D31-F59D0B236E53} - C:\PROGRA~1\Helexis\ADSFIL~1\ADSFIL~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ycca8a0f] RUNDLL32.EXE w28fab13.dll,n 003a8a0c0000000a28fab13
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [THGuard] C:\Program Files\TrojanHunter 4.5\THGuard.exe
O4 - HKCU\..\Run: [DOpus] C:\Program Files\GPSoftware\Directory Opus\dopus.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Ads Filter... - res://C:\PROGRA~1\Helexis\ADSFIL~1\ADSFIL~1.DLL/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Ads Filter - {0F0BF1C1-8AE0-4FC5-BF51-5EB9B62742A5} - C:\PROGRA~1\Helexis\ADSFIL~1\ADSFIL~1.DLL
O9 - Extra 'Tools' menuitem: Ads Filter - {0F0BF1C1-8AE0-4FC5-BF51-5EB9B62742A5} - C:\PROGRA~1\Helexis\ADSFIL~1\ADSFIL~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://housecall65.trendmicro.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155605432921
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Now I suppose I need to go and fix anything that it the crap may have broken, so I will use the system file checker to see if anything needs to be replaced.

Anything else I should do? All scans come up clean...

tashi

2006-09-02, 21:50

Hello,

If you have not resolved the problem, we have this sticky topic:

If you have waited four days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)

LonnyRJones

2006-09-06, 00:22

Hello

Good job so far

Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.

REGEDIT4
;
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ycca8a0f"=-
;

Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.

Restart your PC.

C:\Program Files\Common Files\mebe.html < delete file
C:\Program Files\MSN\podobiti.html < delete file

Are there any current problems ?

tashi

2006-09-13, 06:44

This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.