virtumonde detected by Spybot

condotiere · Apr 5, 2008

Hi,

I noticed my pc slow down and it takes longer to startup windows. I scanned with spybot and it detected virtumonde. Can't scan with Kaspersky since I can't use IE too and it don't seem to work with firefox. Here's the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:39 AM, on 4/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows SteadyState\SCTSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
h:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\UPHClean\uphclean.exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\A4Tech\Mouse\Amoumain.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
E:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
F:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

condotiere · Apr 5, 2008

Continue HJT log

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = G:\Aveo\Attune\Bitmap\blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn15\yt.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - G:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {CF3FC4E8-8132-4D99-B43D-AEC175D64E8B} - C:\WINDOWS\system32\fccawvt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn15\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: PimpFish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - F:\Program Files\PimpFish\PimpFish.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WheelMouse] "C:\PROGRAM FILES\A4Tech\Mouse\Amoumain.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMT.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCMService] "E:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [CLMLServer] "E:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [Power2GoExpress] "E:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKLM\..\Run: [Bubble] "%ProgramFiles%\Windows SteadyState\Bubble.exe"
O4 - HKLM\..\Run: [UVS11 Preload] E:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [muBlinder] C:\muBlinder\muBlinder.exe -startup
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "I:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PC Suite Tray] "F:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Start GetRight.lnk = G:\Program Files\GetRight\GetRight.exe
O4 - Global Startup: TV Expert Schedule Agent.lnk = C:\Program Files\TV Expert\ADTVScheduleAgent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download with GetRight - G:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Download with GetRight Pro - G:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: ImTranslator - G:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html
O8 - Extra context menu item: Open With GetRight Browser - G:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - G:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: PimpFish Grab movies on this page - F:\Program Files\PimpFish\GRABPAGEMOVIES.HTM
O8 - Extra context menu item: PimpFish Grab pictures on this page - F:\Program Files\PimpFish\GRABPAGEPICS.HTM
O8 - Extra context menu item: PimpFish Grab pictures this page links to - F:\Program Files\PimpFish\GRABPAGELINKS.HTM
O8 - Extra context menu item: PimpFish Grab Target File - F:\Program Files\PimpFish\GRABLINK.HTM
O8 - Extra context menu item: PimpFish Grab This Picture - F:\Program Files\PimpFish\GRABPIC.HTM
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~2\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~2\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~2\inetrepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Bug Swatter Options - {99FEA1A2-7881-11D1-A9E2-00403320FCF2} - G:\Program Files\Desktop Armor\GeekSuperheroX.dll
O9 - Extra button: Popup Slapdown Options - {A1100DDB-B277-4CAA-A640-B299D79FE25E} - G:\Program Files\Desktop Armor\GeekSuperheroX.dll
O9 - Extra button: Phishing Net Options - {B1100DDB-B277-4CAA-A640-B299D79FE25E} - G:\Program Files\Desktop Armor\GeekSuperheroX.dll
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb101\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - G:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O9 - Extra 'Tools' menuitem: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - G:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O15 - Trusted Zone: http://www.americanpapist.com
O15 - Trusted Zone: *.brdatahost.com
O15 - Trusted Zone: *.pnb.com.ph
O15 - Trusted Zone: http://blogs.www.friendster.com
O15 - Trusted Zone: mobs.friendster.com
O15 - Trusted Zone: http://pmguanco.blogs.friendster.com
O15 - Trusted Zone: http://www.friendster.com
O15 - Trusted Zone: *.friendster.com
O15 - Trusted Zone: *.gmail.com
O15 - Trusted Zone: http://*.manilatonight.com
O15 - Trusted Zone: http://rs138.rapidshare.com
O15 - Trusted Zone: *.rapidshare.com
O15 - Trusted Zone: http://www.youtube.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab?v=13,0,1609,00
O16 - DPF: {083DB4B1-8108-42E3-AC45-A042C1631CA3} (ImportCtl Class) - http://www.wayn.com/activex/WAYNImportOE.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155832873916
O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} - http://www.friendster.com/emailimport/ms/emailimport.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: fccawvt - C:\WINDOWS\SYSTEM32\fccawvt.dll
O23 - Service: McAfee Application Installer Cleanup (0017171207415075) (0017171207415075mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\001717~1.EXE
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - F:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - E:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - E:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - h:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - F:\Program Files\Zenturi\ProgramChecker\sassvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\SPEEDD~1\nopdb.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 22479 bytes

Blade81 · Apr 6, 2008

Hi

1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here

condotiere · Apr 10, 2008

Combofix

Hi, sorry for the late reply. Anyway here's the combofix log:

ComboFix 08-04-04.1 - Paolo Guanco 2008-04-07 1:14:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1402 [GMT 8:00]
Running from: L:\Documents and Settings\Paolo Guanco\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\RECYCLER\Desktop.ini
C:\WINDOWS\BMe3a9305e.xml
C:\WINDOWS\bokja.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\install.exe
C:\WINDOWS\mspphe.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\saiemod.dll
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\fccawvt.dll
C:\WINDOWS\system32\gttxexpr.ini
C:\WINDOWS\system32\kjjlm.ini
C:\WINDOWS\system32\kjjlm.ini2
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lnnmp.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pstwa.ini2
C:\WINDOWS\system32\xycdd.ini
C:\WINDOWS\system32\xycdd.ini2
C:\WINDOWS\system32\yccdd.ini
C:\WINDOWS\system32\yccdd.ini2
L:\RECYCLER\Desktop.ini
Q:\RECYCLER\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip

((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.

2008-04-06 23:44 . 2008-04-06 23:44 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-06 23:14 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-06 23:14 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-06 23:14 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-06 23:14 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-06 23:14 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-06 23:14 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-06 23:14 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-06 21:53 . 2008-04-06 23:16 466 ---hs---- C:\WINDOWS\system32\nwgdonje.ini
2008-04-06 14:08 . 2008-04-06 14:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-06 14:08 . 2008-04-06 14:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-06 03:05 . 2008-04-06 03:05 <DIR> d-------- C:\Program Files\Common Files\SONY Digital Images
2008-04-06 03:05 . 2008-04-27 03:05 25 ---h----- C:\WINDOWS\sysdws.dat
2008-04-06 02:13 . 2008-04-06 02:42 <DIR> d----c--- C:\VundoFix Backups
2008-04-06 01:11 . 2008-04-06 01:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-06 00:27 . 2008-04-06 16:36 10,128 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-06 00:10 . 2008-04-06 23:44 <DIR> d----c--- C:\SDFix
2008-04-05 20:29 . 2008-04-05 20:29 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-04-05 20:28 . 2008-04-05 20:28 <DIR> d----c--- C:\Documents and Settings\PAOLOG~1~FLE\LOCALS~1
2008-04-05 20:28 . 2008-04-05 20:28 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\InterVideo
2008-04-05 20:28 . 2007-03-06 11:58 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-04-05 20:28 . 2007-03-06 11:58 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-04-05 20:28 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-04-05 20:28 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-04-05 20:28 . 2007-03-06 11:58 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-04-05 20:28 . 2007-03-06 11:58 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-04-05 20:27 . 2008-04-05 20:27 <DIR> d-------- C:\Program Files\Windows Media Components
2008-04-05 13:17 . 2008-04-05 13:17 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\CyberLink
2008-04-05 00:14 . 2008-04-05 00:14 <DIR> d-------- C:\Program Files\stc
2008-04-05 00:14 . 2008-04-05 00:14 <DIR> d-------- C:\Program Files\180search assistant
2008-04-05 00:00 . 2008-04-05 11:29 <DIR> d-------- C:\Program Files\Bat
2008-04-05 00:00 . 2008-04-05 01:32 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Rabio
2008-04-04 22:23 . 2008-04-04 22:23 <DIR> d----c--- C:\My Video
2008-04-04 22:22 . 2008-04-04 22:23 <DIR> d----c--- C:\Jmw9.tmp
2008-04-04 21:44 . 2008-04-04 21:44 <DIR> d----c--- C:\JmwC0.tmp
2008-04-04 21:42 . 2008-04-04 21:44 <DIR> d----c--- C:\JmwBA.tmp
2008-04-04 12:03 . 2008-04-04 13:00 669,374,748 --a--c--- C:\TV_EWTN_20080323_045951.wmv.MPG
2008-04-03 16:31 . 2008-04-03 17:20 623,935,900 --a--c--- C:\TV_EWTN_20080206_234457.wmv.MPG
2008-04-03 01:09 . 2008-04-03 01:09 <DIR> d-------- C:\Program Files\uTorrent
2008-04-03 01:08 . 2008-04-04 23:41 <DIR> d-------- C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\uTorrent
2008-04-01 23:05 . 2008-04-01 23:08 <DIR> d-------- C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\Xfire
2008-04-01 13:57 . 2008-04-01 13:57 <DIR> d-------- C:\Program Files\Windows SteadyState
2008-04-01 03:42 . 2008-04-01 03:42 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-04-01 03:42 . 2008-04-01 03:42 <DIR> d-------- C:\WINDOWS\system32\bits
2008-04-01 03:42 . 2008-04-01 03:42 <DIR> d-------- C:\WINDOWS\l2schemas
2008-04-01 03:29 . 2008-03-21 04:06 291,328 --a------ C:\WINDOWS\system32\qagentrt.dll
2008-04-01 03:29 . 2008-03-21 04:06 150,528 --a------ C:\WINDOWS\system32\qagent.dll
2008-04-01 03:29 . 2008-03-21 04:06 144,384 --a------ C:\WINDOWS\system32\onex.dll
2008-04-01 03:29 . 2008-03-21 04:06 76,800 --a------ C:\WINDOWS\system32\qutil.dll
2008-04-01 03:29 . 2008-03-21 04:06 69,120 --a------ C:\WINDOWS\system32\wlanapi.dll
2008-04-01 03:29 . 2008-03-21 04:06 62,464 --a------ C:\WINDOWS\system32\qcliprov.dll
2008-04-01 03:29 . 2008-03-21 04:06 61,952 --a------ C:\WINDOWS\system32\rasqec.dll
2008-04-01 03:29 . 2008-03-21 04:06 50,688 --a------ C:\WINDOWS\system32\tspkg.dll
2008-04-01 03:29 . 2008-03-21 04:06 32,768 --a------ C:\WINDOWS\system32\setupn.exe
2008-04-01 03:29 . 2008-03-20 22:03 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-04-01 02:37 . 2008-04-01 02:37 85 --a------ C:\WINDOWS\system32\Temp.wdp
2008-04-01 02:37 . 2008-04-01 02:37 0 --a------ C:\WINDOWS\system32\Undo.wdp
2008-04-01 02:37 . 2008-04-01 02:37 0 --a------ C:\WINDOWS\system32\Retain.wdp
2008-04-01 02:37 . 2008-04-01 02:37 0 --a------ C:\WINDOWS\system32\Overlay.wdp
2008-04-01 02:37 . 2008-04-01 02:37 0 --a------ C:\WINDOWS\system32\Enabled.wdp
2008-04-01 02:37 . 2008-04-01 02:37 0 --a------ C:\WINDOWS\system32\Enable.wdp
2008-04-01 02:37 . 2008-04-01 02:37 0 --a------ C:\WINDOWS\system32\Disable.wdp
2008-04-01 02:37 . 2008-04-01 02:37 0 --a------ C:\WINDOWS\system32\Commit.wdp
2008-03-25 17:36 . 2008-03-25 17:36 <DIR> d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\CyberLink
2008-03-25 03:15 . 2008-03-25 03:15 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\CyberLink
2008-03-25 00:45 . 2008-04-06 14:27 <DIR> d----c--- C:\MyWorks
2008-03-25 00:44 . 2008-04-06 13:12 6,890 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-25 00:44 . 2008-04-06 13:12 56 -r-hs---- C:\WINDOWS\system32\F1B71B0D81.sys
2008-03-24 22:52 . 2008-04-05 16:02 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-24 21:10 . 2007-03-02 17:55 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-03-23 22:08 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-03-23 22:08 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-03-20 14:32 . 2008-03-20 14:32 <DIR> d-------- C:\Program Files\Microsoft Application Compatibility Toolkit 5
2008-03-20 14:17 . 2008-03-20 14:17 <DIR> d-------- C:\Program Files\CPU-Control
2008-03-20 14:17 . 2008-03-20 14:17 <DIR> d-------- C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\CPUControl
2008-03-18 23:30 . 2008-03-18 23:30 <DIR> d-------- C:\Program Files\ACW
2008-03-18 19:00 . 2008-03-18 19:00 <DIR> d-------- C:\Program Files\LightScribe Diagnostic Utility
2008-03-18 18:59 . 2008-03-18 18:59 <DIR> d-------- C:\Program Files\LightScribe
2008-03-18 18:58 . 2008-03-18 18:58 <DIR> d-------- C:\Program Files\LightScribeTemplateLabeler
2008-03-18 18:49 . 2008-03-18 18:50 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-03-18 02:18 . 2008-03-18 02:18 <DIR> d-------- C:\Program Files\Nero
2008-03-17 04:04 . 2008-03-17 04:04 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-03-15 13:42 . 2008-03-15 13:42 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-03-15 13:37 . 2008-03-15 13:37 <DIR> d-------- C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\Nero
2008-03-15 13:33 . 2008-03-23 22:54 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-03-14 18:05 . 2008-03-14 18:05 94,208 --a------ C:\WINDOWS\ScUnin.exe
2008-03-14 18:05 . 2008-03-14 18:05 13,284 --a------ C:\WINDOWS\scunin.dat
2008-03-14 18:05 . 2008-03-14 18:05 967 --a------ C:\WINDOWS\ScUnin.pif
2008-03-14 17:59 . 2008-03-14 18:02 803,854,656 --a--c--- C:\STARCRAFT.mdf
2008-03-14 17:59 . 2008-03-14 18:02 26,782 --a--c--- C:\STARCRAFT.mds
2008-03-14 01:06 . 2008-03-14 01:06 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\LightScribe
2008-03-10 00:51 . 2008-03-10 00:51 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro
2008-03-10 00:44 . 2008-03-10 00:51 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2008-03-10 00:00 . 2008-03-10 00:46 <DIR> d-------- C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\DAEMON Tools Pro
2008-03-09 13:10 . 2008-03-09 13:10 <DIR> d----c--- C:\Documents and Settings\Administrator.FLECHAS-YTEKYFC\Application Data\MEGAUPLOADTOOLBAR
2008-03-07 08:46 . 2008-03-07 08:46 <DIR> d-------- C:\Program Files\Microsoft Student
2008-03-07 08:45 . 2008-03-07 08:45 <DIR> d-------- C:\Program Files\Learning Essentials

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 06:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-06 05:59 --------- d-----w C:\Program Files\McAfee
2008-04-06 05:14 --------- d-----w C:\Program Files\CyberLink
2008-04-06 05:12 --------- d-----w C:\Program Files\DivX
2008-04-05 19:07 --------- d-----w C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\Ulead Systems
2008-04-05 19:04 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Ulead Systems
2008-04-05 12:27 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-04-03 06:44 --------- d-----w C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\LimeWire
2008-03-25 12:26 --------- d-----w C:\Program Files\Network Password Recovery
2008-03-24 18:55 --------- d-----w C:\Program Files\Chikka V4
2008-03-24 17:59 --------- d-----w C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\Cyberlink
2008-03-24 17:01 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2008-03-23 14:55 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-23 14:19 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-23 14:18 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead
2008-03-23 14:18 --------- d-----w C:\Program Files\Ahead
2008-03-23 08:46 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-03-23 08:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-20 20:07 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-03-20 20:07 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-03-20 20:07 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-03-20 20:07 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-03-20 20:06 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-03-20 20:06 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-03-20 20:06 32,866 ----a-w C:\WINDOWS\slrundll.exe
2008-03-20 20:06 3,901 ----a-w C:\WINDOWS\system32\drivers\siint5.dll
2008-03-20 20:06 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-03-20 20:06 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-03-20 20:06 11,325 ----a-w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-03-20 20:06 10,752 ----a-w C:\WINDOWS\hh.exe
2008-03-20 20:06 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-03-20 14:51 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-03-20 14:42 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-03-20 14:42 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-03-20 14:42 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-03-20 14:42 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-03-20 14:41 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-03-20 14:41 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-03-20 14:41 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-03-20 14:41 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-03-20 14:41 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-03-20 14:40 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-03-20 14:39 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-03-20 14:39 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-03-20 14:39 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-03-20 14:38 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-03-20 14:38 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-03-20 14:38 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-03-20 14:37 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-03-20 14:37 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-03-20 14:37 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-03-20 14:36 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-03-20 14:36 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-03-20 14:21 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-03-20 14:21 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-03-20 14:21 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-03-20 14:18 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-03-20 14:18 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-03-20 14:18 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-03-20 14:18 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-03-20 14:18 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-03-20 14:18 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-03-20 14:18 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-03-20 14:17 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-03-20 14:17 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-03-20 14:17 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-03-20 14:17 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-03-20 14:17 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-03-20 14:17 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-03-20 14:16 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-03-20 14:16 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-03-20 14:16 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-03-20 14:16 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-03-20 14:15 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-03-20 14:14 88,192 ----a-w C:\WINDOWS\system32\drivers\irda.sys
2008-03-20 14:14 22,016 ----a-w C:\WINDOWS\system32\drivers\msircomm.sys
2008-03-20 14:14 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-03-20 14:13 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-03-20 14:13 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-03-20 14:13 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-03-20 14:13 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-03-20 14:11 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-03-20 14:11 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-03-20 14:11 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-03-20 14:11 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-03-20 14:11 101,120 ----a-w C:\WINDOWS\system32\drivers\bthpan.sys
2008-03-20 14:10 85,248 ----a-w C:\WINDOWS\system32\drivers\nabtsfec.sys
2008-03-20 14:10 59,136 ----a-w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-03-20 14:10 37,888 ----a-w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-03-20 14:10 36,480 ----a-w C:\WINDOWS\system32\drivers\bthprint.sys
2008-03-20 14:10 273,024 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-03-20 14:10 25,600 ----a-w C:\WINDOWS\system32\drivers\hidbth.sys
2008-03-20 14:10 18,944 ----a-w C:\WINDOWS\system32\drivers\bthusb.sys
2008-03-20 14:10 17,024 ----a-w C:\WINDOWS\system32\drivers\bthenum.sys
2008-03-20 14:08 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-03-20 14:07 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-03-20 14:07 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-20 14:07 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-03-20 14:06 14,208 ----a-w C:\WINDOWS\system32\drivers\wacompen.sys
2008-03-20 14:06 12,672 ----a-w C:\WINDOWS\system32\drivers\mutohpen.sys
2003-01-13 03:20 278,528 ----a-w C:\Program Files\internet explorer\plugins\PanoViewer.dll
1999-04-30 08:00 98,304 ----a-w C:\Program Files\internet explorer\plugins\UPjpeg.dll
2005-07-14 18:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@={8D2223A2-B3C6-4e32-B096-CDD11F628C60}

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 13:04 97064 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 05:22 3739648]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-20 04:13 486856]
"AlcoholAutomount"="I:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 18:29 220544]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-03-21 04:06 15360]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 21:08 136136]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 14:08 2289664]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"Power2GoExpress"="" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-11-06 19:51 3810544]
"PC Suite Tray"="F:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-13 08:34 8466432]
"WheelMouse"="C:\PROGRAM FILES\A4Tech\Mouse\Amoumain.exe" [2002-12-27 16:48 159744]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32 208952]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-07-13 08:34 81920]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-04-23 19:19 2165536]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"TV Card Remote Control Device Monitor"="C:\WINDOWS\713xRMT.exe" [2007-09-14 04:00 466944]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 11:12 16062464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 05:49 106544 C:\WINDOWS\system32\tweakui.cpl]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-06-22 07:12 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 04:21 69632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"SecurDisc"="C:\Program Files\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 13:04 2049320]
"InCD"="C:\Program Files\Nero\Nero8\InCD\InCD.exe" [2008-02-28 13:03 1083176]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-27 20:00 185896]
"PCMService"="E:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2007-10-16 13:21 159744]
"CLMLServer"="E:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" [2007-09-27 23:10 122880]
"Power2GoExpress"="E:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" [2007-09-29 16:53 2680104]
"CLJ"="0 (0x0)" []
"Bubble"="C:\Program Files\Windows SteadyState\Bubble.exe" [2007-06-05 15:56 64000]
"UVS11 Preload"="E:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 13:55 341232]
"UpdatePPShortCut"="E:\Program Files\CyberLink\PowerProducer\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-02-21 21:04 222504]
"muBlinder"="C:\muBlinder\muBlinder.exe" [2008-03-27 19:29 1406464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-07 13:06 5181440]
"Nokia.PCSync"="F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-03-21 04:06 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 22:59 44544]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-12-26 15:30:14 1183744]
Start GetRight.lnk - G:\Program Files\GetRight\GetRight.exe [2005-11-10 02:35:10 4596808]
TV Expert Schedule Agent.lnk - C:\Program Files\TV Expert\ADTVScheduleAgent.exe [2007-12-25 12:11:15 35840]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"GreyMSIAds"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= H:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 15:18 49152]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= F:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
F:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 F:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccawvt]
fccawvt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
"msvideo"= o100vc.dll
"vidc.avrn"= F:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.advj"= F:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.mszh"= F:\PROGRA~1\ACEMEG~1\SystemS\avimszh.dll
"vidc.zlib"= F:\PROGRA~1\ACEMEG~1\SystemS\avizlib.dll
"vidc.cscd"= F:\PROGRA~1\ACEMEG~1\SystemS\camcodec.dll
"vidc.cvid"= F:\PROGRA~1\ACEMEG~1\SystemS\iccvid.dll
"msacm.trspch"= F:\PROGRA~1\ACEMEG~1\SystemS\tssoft32.acm
"vidc.em2v"= F:\PROGRA~1\ACEMEG~1\SystemS\etxcodec.dll
"vidc.mkvc"= F:\PROGRA~1\ACEMEG~1\SystemS\kmvidc32.dll
"vidc.hfyu"= F:\PROGRA~1\ACEMEG~1\SystemS\huffyuv.dll
"msacm.lameacm"= F:\PROGRA~1\ACEMEG~1\SystemS\lameacm.acm
"msacm.lhacm"= F:\PROGRA~1\ACEMEG~1\SystemS\lhacm.acm
"msacm.l3acm"= L3codecp.acm
"vidc.sjpg"= F:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.dmb2"= F:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.gepj"= F:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.qpeg"= F:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"vidc.q1.0"= F:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"vidc.tscc"= F:\PROGRA~1\ACEMEG~1\SystemS\tsccvid.dll
"vidc.vifp"= F:\PROGRA~1\ACEMEG~1\SystemS\vfcodec.dll
"vidc.wrpr"= F:\PROGRA~1\ACEMEG~1\SystemS\aviwrap.dll
"vidc.wnv1"= F:\PROGRA~1\ACEMEG~1\SystemS\wnvplay1.dll
"vidc.advs"= F:\PROGRA~1\ACEMEG~1\SystemS\Adaptec\Dvc.dll
"vidc.aflc"= F:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.afli"= F:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.aasc"= F:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.aas4"= F:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.asv1"= F:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv1.dll
"vidc.asv2"= F:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.asvx"= F:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.vcr1"= F:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll
"vidc.vcr2"= F:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll
"vidc.mwv1"= F:\PROGRA~1\ACEMEG~1\SystemS\Aware\icmw_32.dll
"vidc.bt20"= F:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"vidc.y41p"= F:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"msacm.pcdv"= F:\PROGRA~1\ACEMEG~1\SystemS\Canopus\pcdv.acm
"vidc.cdvc"= F:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL
"vidc.ddvc"= F:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL
"vidc.png1"= F:\PROGRA~1\ACEMEG~1\SystemS\Core\COREPN~1.DLL
"msacm.CoreFLAC_ACM"= F:\PROGRA~1\ACEMEG~1\SystemS\Core\COREFL~1.ACM
"vidc.davc"= F:\PROGRA~1\ACEMEG~1\SystemS\dicas\davcvfw.dll
"vidc.div3"= F:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div5"= F:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.mpg3"= F:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div4"= F:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.div6"= F:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.ap41"= F:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.dvx4"= F:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll
"msacm.divxa32"= DivXa32.acm
"vidc.frwd"= F:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwt"= F:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwa"= F:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwt.dll
"vidc.frwu"= F:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwu.dll
"vidc.glzw"= F:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GLZW.dll
"vidc.gpeg"= F:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GPEG.dll
"vidc.i263"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv
"vidc.iv30"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv31"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv32"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv33"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv34"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv35"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv36"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv37"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv38"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv39"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv40"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv41"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv42"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv43"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv44"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv45"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv46"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv47"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv48"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv49"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.ir21"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"vidc.rt21"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"msacm.imc"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM
"vidc.lead"= F:\PROGRA~1\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL
"vidc.dvsd"= F:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvc"= F:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvcs"= F:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dcmj"= F:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi1"= F:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi2"= F:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.dv25"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.dv50"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.msmc"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmjp"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx1"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx2"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx3"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx4"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx5"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx6"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx7"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx8"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx9"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmes"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"msacm.msadpcm"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msadp32.acm
"msacm.imaadpcm"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm
"msacm.msgsm610"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm
"vidc.msvc"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.cram"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.mp41"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4s"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4v"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.wmv3"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll
"vidc.vixl"= F:\PROGRA~1\ACEMEG~1\SystemS\Miro\miroxl32.dll
"vidc.nt00"= F:\PROGRA~1\ACEMEG~1\SystemS\Newtek\ntcodec.dll
"msacm.vorbis"= F:\PROGRA~1\ACEMEG~1\SystemS\OGG\vorbis.acm
"vidc.vp30"= F:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
"vidc.vp31"= F:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
"vidc.vp60"= C:\WINDOWS\system32\vp6vfw.dll
"vidc.vp61"= C:\WINDOWS\system32\vp6vfw.dll
"vidc.pdvc"= F:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
"vidc.ipdv"= F:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
"vidc.pvw2"= F:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvwv220.dll
"vidc.pimj"= F:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvljpg20.dll
"vidc.mjpx"= F:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvmjpg21.dll
"vidc.miro"= F:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL
"vidc.dcap"= F:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL
"vidc.mjpa"= F:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
"vidc.gpjm"= F:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
"vidc.pim1"= F:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\pclepim1.dll
"msacm.qmpeg"= F:\PROGRA~1\ACEMEG~1\SystemS\QDesign\qmpeg.acm
"vidc.rmp4"= F:\PROGRA~1\ACEMEG~1\SystemS\REALMA~1\rmp4.dll
"vidc.rud0"= F:\PROGRA~1\ACEMEG~1\SystemS\Rududu\rududu.dll
"msacm.at3"= F:\PROGRA~1\ACEMEG~1\SystemS\SONY\atrac3.acm
"vidc.sony"= F:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll
"vidc.dvcp"= F:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll
"vidc.s422"= F:\PROGRA~1\ACEMEG~1\SystemS\Tekram\tekyuv.dll
"vidc.t420"= F:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
"vidc.y411"= F:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
"vidc.vssv"= F:\PROGRA~1\ACEMEG~1\SystemS\VANGUA~1\vsscodec.dll
"msacm.voxacm160"= F:\PROGRA~1\ACEMEG~1\SystemS\VoxWare\vct3216.acm
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"vidc.3ivx"= F:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv0"= F:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv1"= F:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv2"= F:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3ivd"= F:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.mrle"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msrle32.dll
"vidc.mjpg"= F:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\m3jpeg32.dll
"vidc.dmb1"= F:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\m3jpeg32.dll
"vidc.mj2c"= F:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\M3JP2K32.dll
"vidc.tvmj"= F:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\MMTVMJ.dll
"vidc.fljp"= F:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\MMTVMJ.dll
"MSACM.CEGSM"= mobilev.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.l3codecp"=
"msacm.clmp3enc"= E:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windows SteadyState]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Onfolio Server.lnk]
backup=C:\WINDOWS\pss\Onfolio Server.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^TV Expert Schedule Agent.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\TV Expert Schedule Agent.lnk
backup=C:\WINDOWS\pss\TV Expert Schedule Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Ulead Photo Express 4.0 SE Calendar Checker .lnk]
backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
--a------ 2006-11-08 20:29 226904 C:\Program Files\Dealio\DealioAU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a--c--- 2005-01-20 10:19 299008 C:\Program Files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcwPVRReset]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--------- 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\muBlinder]
--a--c--- 2006-11-14 17:02 651264 J:\Downloads\muBlinder\muBlinder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-05-30 12:14 98304 C:\WINDOWS\system32\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Cleaner]
--a------ 2006-09-30 20:09 122880 C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-09-07 15:51 49263 F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-07-27 20:00 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
--a------ 2003-02-27 18:48 45056 E:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-11-06 19:51 3810544 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NProtectService"=2 (0x2)
"MWLSvc"=3 (0x3)
"MSK80Service"=2 (0x2)
"MDM"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
"a2free"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Tweak UI"="RUNDLL32.EXE" TWEAKUI.CPL,TweakMeUp
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"nwiz"=nwiz.exe /install
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
"AcronisTimounterMonitor"=C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
"MaxBlastMonitor.exe"=C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
"OSSelectorReinstall"=C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"F:\\Program Files\\LimeWire\\LimeWire.exe"=
"F:\\Program Files\\Skype\\Phone\\Skype.exe"=
"E:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"F:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"E:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"E:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"E:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"G:\\Program Files\\GetRight\\GetRight.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"1723:TCP"= 1723:TCP

xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP

xpsp2res.dll,-22016
"500:UDP"= 500:UDP

xpsp2res.dll,-22017
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP

eer Name Resolution Protocol (PNRP)
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"43840:TCP"= 43840:TCP:72.20.34.145/255.255.255.255:Enabled:UTottent 1

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 22:42]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 20:22]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 17:39]
R2 A4SII300;A4SII300;C:\WINDOWS\system32\drivers\A4SII300.SYS [1998-02-26 15:10]
R2 Prvflder;Prvflder;C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 08:22]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-03-21 04:06]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2008-03-21 04:06]
R2 Windows SteadyState;Windows SteadyState Service;"C:\Program Files\Windows SteadyState\SCTSvc.exe" [2007-06-05 15:56]
R3 3xHybrid;SAA713x TV Card Service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2007-08-16 04:00]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2002-12-31 19:35]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 05:54]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-03-20 22:07]
S2 Ca536av;DV 5100M(Video);C:\WINDOWS\system32\Drivers\Ca536av.sys [2003-09-05 13:47]
S2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 13:04]
S2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2005-02-16 16:06]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2006-12-31 00:44]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 12:41]
S3 iadusb;Prolink H9200 USB LAN Modem;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2004-07-02 16:20]
S3 iteio;iteio;C:\WINDOWS\system32\drivers\iteio.sys [1999-08-30 19:49]
S3 merger;merger;"C:\Program Files\Microsoft Application Compatibility Toolkit\Application Analyzer\merger.exe" [2005-09-27 10:33]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2008-03-21 04:06]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2008-03-21 04:06]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2008-03-21 04:06]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2008-03-21 04:06]
S3 USBCamera;DV 5100M(Still);C:\WINDOWS\system32\Drivers\Bulk536.sys [2003-05-14 17:28]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"F:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 09:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- F:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-04-05 09:41:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-06 17:12:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-14 17:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2008-03-31 17:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
"2008-04-06 17:28:39 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-07-08 03:36:27 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- F:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
"2008-04-04 08:00:00 C:\WINDOWS\Tasks\{1C18B552-499D-478A-8867-CA8C592E4BC8}_FLECHAS-YTEKYFC_Paolo Guanco.job"
"2008-04-04 08:00:00 C:\WINDOWS\Tasks\{5AE149DF-A087-418C-9974-0353AF8D99EB}_FLECHAS-YTEKYFC_Paolo Guanco.job"
"2008-04-04 01:00:00 C:\WINDOWS\Tasks\{91CB59F4-F085-457D-B57E-A77F27D35E94}_FLECHAS-YTEKYFC_Paolo Guanco.job"
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 01:26:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CLJ = 63

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6253\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
h:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-04-07 1:39:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-06 17:39:09
Pre-Run: 23,627,763,712 bytes free
Post-Run: 26,242,772,992 bytes free
.
2008-04-04 09:38:10 --- E O F ---

Blade81 · Apr 10, 2008

Disable SpySweeper's realtime protection.

Open Spysweeper and click on Options
Choose Program Options and uncheck
load at windows
startup
.
On the left click
shields
and then uncheck everything.
Uncheck
home page shield
.
Uncheck
automatically restore default without notification
.
Exit the program.

Keep it disabled until we've got you clean.

Start hjt, do a system scan, check:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O24 - Desktop Component 0: (no name) - (no file)

Close browsers and other windows. Click fix checked.

Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
C:\WINDOWS\system32\nwgdonje.ini

Folder::
C:\VundoFix Backups
C:\SDFix
C:\Program Files\stc
C:\Program Files\180search assistant
C:\Program Files\Bat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Rabio

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccawvt]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]

Save this as
CFScript

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Please run an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, click Yes.

The program will launch and start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings and select the following:

Scan using the following Anti-Virus database:

Extended (If available, otherwise Standard)

Scan Options:

Scan Archives
Scan Mail Bases

Click OK.
Under
select a target to scan
, select My Computer.
The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.

Once the scan is complete:

Click on the Save as Text button.
Save the file to your desktop.
Copy and paste that information into your next post if the AV content will fit into one post only. Post a fresh hjt log too.

Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

If having a problme doing the above

Make sure that your Internet security settings are set to default values.

To set default security settings for Internet Explorer:

* Open Internet Explorer.
* Go to the Tools menu, then choose Internet Options.
* Click on the Security tab.
* Make sure that all four item (Internet, Local intranet, Trusted sites, and Restricted sites) are set to their default settings.

condotiere · Apr 13, 2008

Combofix log

Blade, Here's the combofix log as requested:

ComboFix 08-04-04.1 - Paolo Guanco 2008-04-13 15:25:23.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1285 [GMT 8:00]
Running from: L:\Documents and Settings\Paolo Guanco\Desktop\ComboFix.exe
Command switches used :: L:\Documents and Settings\Paolo Guanco\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\nwgdonje.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.WINDOWS\Application Data\Rabio
C:\Program Files\180search assistant
C:\Program Files\180search assistant\180sa.exe
C:\Program Files\180search assistant\sau.exe
C:\Program Files\Bat
C:\Program Files\Bat\Bat.dll.intermediate.manifest
C:\Program Files\Bat\un_BatSetup_15041.txt
C:\Program Files\Bat\X_Bat.log
C:\Program Files\seekmo
C:\Program Files\stc
C:\Program Files\stc\csv5p070.exe
C:\SDFix
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FixComponents.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\HPFix6.reg
C:\SDFix\apps\HPFix7.reg
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\procs.exe
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\regedit.exe
C:\SDFix\apps\Replace\W2K.exe
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\XP.exe
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\attrib.exe
C:\SDFix\catchme.exe
C:\SDFix\dummy.sys
C:\SDFix\find.exe
C:\SDFix\findstr.exe
C:\SDFix\Norman_Malware_Cleaner.exe
C:\SDFix\regedit.exe
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\awvtu.dll.bad
C:\VundoFix Backups\mlljk.dll.bad
C:\WINDOWS\system32\nwgdonje.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-13 03:16 . 2008-04-13 03:17 <DIR> d-------- C:\Program Files\free-downloads.net
2008-04-13 03:16 . 2008-04-13 03:16 <DIR> d-------- C:\Program Files\Conduit
2008-04-13 00:58 . 2008-04-13 00:58 <DIR> d-------- C:\WINDOWS\Globalization
2008-04-13 00:11 . 2008-03-20 22:09 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-04-13 00:11 . 2008-03-20 22:09 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-04-13 00:11 . 2008-04-13 00:11 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-13 00:11 . 2008-04-13 00:11 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-12 12:17 . 2008-04-13 00:57 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-04-12 12:16 . 2008-04-12 12:16 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-04-12 12:16 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-04-12 12:15 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-12 12:15 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-04-12 12:15 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-04-12 12:15 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-04-11 22:41 . 2008-04-11 22:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-11 22:41 . 2008-04-11 22:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-10 21:28 . 2008-04-10 21:28 <DIR> d-------- C:\WINDOWS\FLEOK
2008-04-10 21:28 . 2008-04-10 21:28 <DIR> d-------- C:\Program Files\zango
2008-04-10 21:28 . 2008-04-10 21:28 <DIR> d-------- C:\Program Files\Sysmnt
2008-04-10 21:28 . 2008-04-10 21:28 <DIR> d-------- C:\Program Files\180solutions
2008-04-10 21:28 . 2008-04-10 21:28 <DIR> d-------- C:\Program Files\180searchassistant
2008-04-10 21:28 . 2008-04-10 21:28 31,232 --a------ C:\WINDOWS\didduid.ini
2008-04-10 21:28 . 2008-04-10 21:28 30,208 --a------ C:\WINDOWS\system32\SIPSPI32.dll
2008-04-10 21:28 . 2008-04-10 21:28 8,960 --a------ C:\WINDOWS\system32\MSNSA32.dll
2008-04-10 19:02 . 2008-04-10 19:02 91,561 --a------ C:\WINDOWS\system32\wmsdkns.exe
2008-04-10 02:14 . 2008-04-10 02:14 <DIR> d-------- C:\Program Files\SmartSound Software
2008-04-10 02:14 . 2008-04-10 02:14 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\SmartSound Software Inc
2008-04-10 02:13 . 2008-04-10 02:13 87 --a------ C:\WINDOWS\dswplug.ini
2008-04-10 02:11 . 2008-04-10 02:11 <DIR> d-------- C:\WINDOWS\system32\windows media
2008-04-09 19:21 . 2008-04-09 19:26 215,151,272 --a--c--- C:\TV_EWTN_20080322_085950.wmv.MPG
2008-04-09 17:58 . 2008-04-09 17:58 1,849,904 --a--c--- C:\TV_EWTN_20080323_185533.wmv.MPG
2008-04-09 13:51 . 2008-04-09 13:51 <DIR> d-------- C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\Corel
2008-04-09 13:51 . 2008-04-09 13:51 88 -r-hs---- C:\WINDOWS\system32\810D1BB7F1.sys
2008-04-09 13:50 . 2008-04-09 13:51 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Corel
2008-04-09 13:49 . 2008-04-09 13:50 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-04-07 23:10 . 2008-04-07 23:10 0 --a------ C:\WINDOWS\PhotoNow.INI
2008-04-07 15:42 . 2008-03-22 18:30 2,085,376 --a------ C:\WINDOWS\system32\x264vfw.dll
2008-04-07 15:42 . 2002-07-07 23:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-04-07 15:42 . 2006-04-02 13:47 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-04-07 15:42 . 1997-04-07 18:19 391,680 --a------ C:\WINDOWS\system32\I263_32.drv
2008-04-07 15:42 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-04-07 15:42 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-04-07 15:42 . 1998-11-18 14:33 144,384 --a------ C:\WINDOWS\system32\Iacenc.dll
2008-04-07 15:42 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-04-07 15:42 . 2004-05-18 19:16 39,936 --a------ C:\WINDOWS\system32\huffyuv.dll
2008-04-07 15:42 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-04-07 15:41 . 2008-04-07 15:41 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-07 15:41 . 2008-03-04 12:33 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-04-07 15:41 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-04-06 23:44 . 2008-04-06 23:44 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-06 23:14 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-06 23:14 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-06 23:14 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-06 23:14 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-06 23:14 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-06 23:14 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-06 23:14 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-06 03:05 . 2008-04-06 03:05 <DIR> d-------- C:\Program Files\Common Files\SONY Digital Images
2008-04-06 03:05 . 2008-04-27 03:05 25 ---h----- C:\WINDOWS\sysdws.dat
2008-04-06 01:11 . 2008-04-06 01:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-06 00:27 . 2008-04-06 16:36 10,128 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-05 20:29 . 2008-04-05 20:29 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-04-05 20:28 . 2008-04-05 20:28 <DIR> d----c--- C:\Documents and Settings\PAOLOG~1~FLE\LOCALS~1
2008-04-05 20:28 . 2008-04-05 20:28 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\InterVideo
2008-04-05 20:28 . 2007-03-06 11:58 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-04-05 20:28 . 2007-03-06 11:58 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-04-05 20:28 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-04-05 20:28 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-04-05 20:28 . 2007-03-06 11:58 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-04-05 20:28 . 2007-03-06 11:58 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-04-05 20:27 . 2008-04-05 20:27 <DIR> d-------- C:\Program Files\Windows Media Components
2008-04-05 13:17 . 2008-04-05 13:17 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\CyberLink
2008-04-04 22:23 . 2008-04-04 22:23 <DIR> d----c--- C:\My Video
2008-04-04 22:22 . 2008-04-04 22:23 <DIR> d----c--- C:\Jmw9.tmp
2008-04-04 21:44 . 2008-04-04 21:44 <DIR> d----c--- C:\JmwC0.tmp
2008-04-04 21:42 . 2008-04-04 21:44 <DIR> d----c--- C:\JmwBA.tmp
2008-04-04 12:03 . 2008-04-04 13:00 669,374,748 --a--c--- C:\TV_EWTN_20080323_045951.wmv.MPG
2008-04-03 16:31 . 2008-04-03 17:20 623,935,900 --a--c--- C:\TV_EWTN_20080206_234457.wmv.MPG
2008-04-03 01:09 . 2008-04-03 01:09 <DIR> d-------- C:\Program Files\uTorrent
2008-04-03 01:08 . 2008-04-13 15:30 <DIR> d-------- C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\uTorrent
2008-04-01 23:05 . 2008-04-01 23:08 <DIR> d-------- C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\Xfire
2008-04-01 13:57 . 2008-04-01 13:57 <DIR> d-------- C:\Program Files\Windows SteadyState
2008-04-01 03:42 . 2008-04-01 03:42 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-04-01 03:42 . 2008-04-01 03:42 <DIR> d-------- C:\WINDOWS\system32\bits
2008-04-01 03:42 . 2008-04-01 03:42 <DIR> d-------- C:\WINDOWS\l2schemas
2008-04-01 03:29 . 2008-03-21 04:06 291,328 --a------ C:\WINDOWS\system32\qagentrt.dll
2008-04-01 03:29 . 2008-03-21 04:06 150,528 --a------ C:\WINDOWS\system32\qagent.dll
2008-04-01 03:29 . 2008-03-21 04:06 144,384 --a------ C:\WINDOWS\system32\onex.dll
2008-04-01 03:29 . 2008-03-21 04:06 76,800 --a------ C:\WINDOWS\system32\qutil.dll
2008-04-01 03:29 . 2008-03-21 04:06 69,120 --a------ C:\WINDOWS\system32\wlanapi.dll
2008-04-01 03:29 . 2008-03-21 04:06 62,464 --a------ C:\WINDOWS\system32\qcliprov.dll
2008-04-01 03:29 . 2008-03-21 04:06 61,952 --a------ C:\WINDOWS\system32\rasqec.dll
2008-04-01 03:29 . 2008-03-21 04:06 50,688 --a------ C:\WINDOWS\system32\tspkg.dll
2008-04-01 03:29 . 2008-03-21 04:06 32,768 --a------ C:\WINDOWS\system32\setupn.exe
2008-04-01 03:29 . 2008-03-20 22:03 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-04-01 02:37 . 2008-04-01 02:37 85 --a------ C:\WINDOWS\system32\Temp.wdp
2008-04-01 02:37 . 2008-04-01 02:37 0 --a------ C:\WINDOWS\system32\Undo.wdp
2008-04-01 02:37 . 2008-04-01 02:37 0 --a------ C:\WINDOWS\system32\Retain.wdp
2008-04-01 02:37 . 2008-04-01 02:37 0 --a------ C:\WINDOWS\system32\Overlay.wdp
2008-04-01 02:37 . 2008-04-01 02:37 0 --a------ C:\WINDOWS\system32\Enabled.wdp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 06:39 --------- d-----w C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\Ulead Systems
2008-04-13 06:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-13 06:38 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Ulead Systems
2008-04-12 16:58 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-04-12 16:20 --------- d-----w C:\Program Files\McAfee
2008-04-12 04:17 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-04-12 04:12 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
2008-04-11 15:12 --------- d-----w C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\LimeWire
2008-04-11 05:14 --------- d-----w C:\Program Files\Lx_cats
2008-04-09 18:18 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-04-09 18:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-08 15:38 --------- d-----w C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\SiteAdvisor
2008-04-06 05:14 --------- d-----w C:\Program Files\CyberLink
2008-04-06 05:12 --------- d-----w C:\Program Files\DivX
2008-03-25 12:26 --------- d-----w C:\Program Files\Network Password Recovery
2008-03-24 18:55 --------- d-----w C:\Program Files\Chikka V4
2008-03-24 17:59 --------- d-----w C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\Cyberlink
2008-03-24 17:01 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2008-03-23 14:55 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-23 14:19 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-23 14:18 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead
2008-03-23 14:18 --------- d-----w C:\Program Files\Ahead
2008-03-23 08:46 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-03-23 08:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-20 20:07 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-03-20 20:07 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-03-20 20:07 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-03-20 20:07 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-03-20 20:06 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-03-20 20:06 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-03-20 20:06 32,866 ----a-w C:\WINDOWS\slrundll.exe
2008-03-20 20:06 3,901 ----a-w C:\WINDOWS\system32\drivers\siint5.dll
2008-03-20 20:06 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-03-20 20:06 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-03-20 20:06 11,325 ----a-w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-03-20 20:06 10,752 ----a-w C:\WINDOWS\hh.exe
2008-03-20 20:06 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-03-20 14:51 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-03-20 14:42 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-03-20 14:42 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-03-20 14:42 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-03-20 14:42 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-03-20 14:41 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-03-20 14:41 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-03-20 14:41 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-03-20 14:41 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-03-20 14:41 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-03-20 14:40 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-03-20 14:39 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-03-20 14:39 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-03-20 14:39 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-03-20 14:38 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-03-20 14:38 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-03-20 14:38 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-03-20 14:37 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-03-20 14:37 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-03-20 14:37 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-03-20 14:36 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-03-20 14:36 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-03-20 14:21 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-03-20 14:21 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-03-20 14:21 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-03-20 14:18 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-03-20 14:18 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-03-20 14:18 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-03-20 14:18 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-03-20 14:18 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-03-20 14:18 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-03-20 14:18 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-03-20 14:17 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-03-20 14:17 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-03-20 14:17 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-03-20 14:17 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-03-20 14:17 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-03-20 14:17 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-03-20 14:16 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-03-20 14:16 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-03-20 14:16 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-03-20 14:16 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-03-20 14:15 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-03-20 14:14 88,192 ----a-w C:\WINDOWS\system32\drivers\irda.sys
2008-03-20 14:14 22,016 ----a-w C:\WINDOWS\system32\drivers\msircomm.sys
2008-03-20 14:14 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-03-20 14:13 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-03-20 14:13 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-03-20 14:13 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-03-20 14:13 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-03-20 14:11 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-03-20 14:11 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-03-20 14:11 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-03-20 14:11 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-03-20 14:11 101,120 ----a-w C:\WINDOWS\system32\drivers\bthpan.sys
2008-03-20 14:10 85,248 ----a-w C:\WINDOWS\system32\drivers\nabtsfec.sys
2008-03-20 14:10 59,136 ----a-w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-03-20 14:10 37,888 ----a-w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-03-20 14:10 36,480 ----a-w C:\WINDOWS\system32\drivers\bthprint.sys
2008-03-20 14:10 273,024 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-03-20 14:10 25,600 ----a-w C:\WINDOWS\system32\drivers\hidbth.sys
2008-03-20 14:10 18,944 ----a-w C:\WINDOWS\system32\drivers\bthusb.sys
2008-03-20 14:10 17,024 ----a-w C:\WINDOWS\system32\drivers\bthenum.sys
2003-01-13 03:20 278,528 ----a-w C:\Program Files\internet explorer\plugins\PanoViewer.dll
1999-04-30 08:00 98,304 ----a-w C:\Program Files\internet explorer\plugins\UPjpeg.dll
2005-07-14 18:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( snapshot_2008-04-10_22.39.46.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-12 16:57:54 40,960 ----a-w C:\WINDOWS\assembly\GAC_32\Nokia.MPlatform.MDataStore\1.5.128.0__d59a78cea23b0d7e\Nokia.MPlatform.MDataStore.dll
+ 2008-04-12 16:57:54 6,144 ----a-w C:\WINDOWS\assembly\GAC_32\Nokia.MPlatform.MEvent\1.5.128.0__d59a78cea23b0d7e\Nokia.MPlatform.MEvent.dll
+ 2008-04-12 16:57:55 8,704 ----a-w C:\WINDOWS\assembly\GAC_32\Nokia.MPlatform.MItemPlugins\1.5.128.0__d59a78cea23b0d7e\Nokia.MPlatform.MItemPlugins.dll
+ 2008-04-12 16:57:55 11,264 ----a-w C:\WINDOWS\assembly\GAC_32\Nokia.MPlatform.MItems\1.5.128.0__d59a78cea23b0d7e\Nokia.MPlatform.MItems.dll
+ 2008-04-12 16:57:53 10,752 ----a-w C:\WINDOWS\assembly\GAC_32\Nokia.MPlatform.MMTPTransfer\1.5.128.0__d59a78cea23b0d7e\Nokia.MPlatform.MMTPTransfer.dll
+ 2008-04-12 16:57:55 5,120 ----a-w C:\WINDOWS\assembly\GAC_32\Nokia.MPlatform.MServer\1.5.128.0__d59a78cea23b0d7e\Nokia.MPlatform.MServer.dll
+ 2008-04-12 16:57:54 15,872 ----a-w C:\WINDOWS\assembly\GAC_32\Nokia.MPlatform.MSynchronizationService\1.5.128.0__d59a78cea23b0d7e\Nokia.MPlatform.MSynchronizationService.dll
+ 2008-04-12 16:57:54 10,240 ----a-w C:\WINDOWS\assembly\GAC_32\Nokia.MPlatform.MSyncMLTransfer\1.5.128.0__d59a78cea23b0d7e\Nokia.MPlatform.MSyncMLTransfer.dll
+ 2008-04-12 16:57:55 24,576 ----a-w C:\WINDOWS\assembly\GAC_32\Nokia.MPlatform.MTranscoder\1.5.128.0__d59a78cea23b0d7e\Nokia.MPlatform.MTranscoder.dll
+ 2008-04-12 16:57:55 12,288 ----a-w C:\WINDOWS\assembly\GAC_32\Nokia.MPlatform.MTranscodeServer\1.5.128.0__d59a78cea23b0d7e\Nokia.MPlatform.MTranscodeServer.dll
+ 2008-04-12 16:57:54 15,360 ----a-w C:\WINDOWS\assembly\GAC_32\Nokia.MPlatform.MTransfer\1.5.128.0__d59a78cea23b0d7e\Nokia.MPlatform.MTransfer.dll
+ 2008-04-12 16:57:55 4,096 ----a-w C:\WINDOWS\assembly\GAC_32\Nokia.MPlatform.MVersion\1.0.0.0__d59a78cea23b0d7e\Nokia.MPlatform.MVersion.dll
+ 2008-04-12 04:18:05 15,086 ----a-r C:\WINDOWS\Installer\{0FC76B71-2534-4354-B255-3468578E3F47}\ARPPRODUCTICON.exe
+ 2008-04-12 04:15:36 3,262 ----a-r C:\WINDOWS\Installer\{4F1DCA42-2030-437C-A94E-736692A499C1}\ARPPRODUCTICON.exe
+ 2008-04-12 16:58:29 277,798 ----a-r C:\WINDOWS\Installer\{9542B885-708A-4F5E-8FEB-DA15B92885F1}\ARPPRODUCTICON.exe
+ 2008-04-12 16:58:29 277,798 ----a-r C:\WINDOWS\Installer\{9542B885-708A-4F5E-8FEB-DA15B92885F1}\NewShortcut1_53B7B782F98548F29D3A3B97770308B8.exe
+ 2008-04-12 16:58:29 277,798 ----a-r C:\WINDOWS\Installer\{9542B885-708A-4F5E-8FEB-DA15B92885F1}\NewShortcut2_11714079EE10403F85D38B5EFCA395C2.exe
+ 2008-04-12 04:16:45 10,134 ----a-r C:\WINDOWS\Installer\{AC599724-5755-48C1-ABE7-ABB857652930}\ARPPRODUCTICON.exe
- 2007-03-29 14:00:40 203,264 ----a-r C:\WINDOWS\system32\CddbCdda.dll
+ 2007-03-29 15:00:40 203,264 ----a-r C:\WINDOWS\system32\CddbCdda.dll
- 2007-08-27 13:18:05 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
+ 2008-04-12 18:18:15 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
- 2008-04-10 10:44:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-13 05:17:13 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-10 10:44:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-13 05:17:13 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-10 10:44:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-13 05:17:13 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-11-06 01:26:20 535,040 ----a-w C:\WINDOWS\system32\drivers\UMDF\PCCSWpdDriver.dll
+ 2008-03-06 03:19:36 534,016 ----a-w C:\WINDOWS\system32\drivers\UMDF\PCCSWpdDriver.dll
+ 2006-11-01 23:22:54 492,000 ------w C:\WINDOWS\system32\drivers\wdf01000.sys
+ 2006-11-01 23:22:52 32,224 ------w C:\WINDOWS\system32\drivers\wdfldr.sys
+ 2007-11-29 02:39:42 16,896 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_B642931F7B28F01BE617200298CCA42B44AAC343\ccdcmb.sys
+ 2007-11-29 02:32:38 48,128 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_B642931F7B28F01BE617200298CCA42B44AAC343\nmwcdcls.dll
+ 2007-11-29 02:39:44 95,744 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_B642931F7B28F01BE617200298CCA42B44AAC343\nmwcdcocls.dll
+ 2007-11-29 02:33:04 1,419,232 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_B642931F7B28F01BE617200298CCA42B44AAC343\wdfcoinstaller01005.dll
+ 2007-11-29 02:39:52 8,064 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbcj_B642931F7B28F01BE617200298CCA42B44AAC343\usbser_lowerfltj.sys
+ 2007-11-29 02:39:42 8,064 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbm_B642931F7B28F01BE617200298CCA42B44AAC343\usbser_lowerflt.sys
+ 2007-11-29 02:39:40 19,328 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbo_B642931F7B28F01BE617200298CCA42B44AAC343\ccdcmbo.sys
+ 2007-09-17 07:53:26 21,632 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.sys
+ 2008-03-06 03:19:36 534,016 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccswpddri_CAEB6BB34654D5A4CAB32D7967078BA417F01F05\PCCSWpdDriver.dll
+ 2008-03-06 03:14:58 831,048 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccswpddri_CAEB6BB34654D5A4CAB32D7967078BA417F01F05\WudfUpdate_01005.dll
+ 2006-01-17 19:50:29 61,952 ----a-w C:\WINDOWS\system32\execryptorvb.dll
- 2008-04-08 15:33:40 491,480 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-12 19:03:03 493,072 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-04-07 18:27:21 144,664 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
+ 2008-04-12 17:09:09 144,664 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
- 2008-04-10 14:03:37 221,018 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-04-13 07:33:00 221,034 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
- 2007-02-22 02:15:12 90,624 ----a-w C:\WINDOWS\system32\nmwcdcls.dll
+ 2007-11-29 02:32:38 48,128 ----a-w C:\WINDOWS\system32\nmwcdcls.dll
- 2007-02-22 03:15:12 65,536 ----a-w C:\WINDOWS\system32\nmwcdcocls.dll
+ 2007-11-29 02:39:44 95,744 ----a-w C:\WINDOWS\system32\nmwcdcocls.dll
- 2007-11-06 01:20:02 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
+ 2008-03-06 03:14:58 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
+ 2008-04-13 07:33:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_768.dat
+ 2008-04-13 07:33:03 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_8c0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-04-09 13:03 1524248 --a------ C:\Program Files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-04-09 13:03 1524248]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= C:\Program Files\free-downloads.net\tbfree.dll [2008-04-09 13:03 1524248]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@={8D2223A2-B3C6-4e32-B096-CDD11F628C60}

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 13:04 97064 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 05:22 3739648]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-20 04:13 486856]
"AlcoholAutomount"="I:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 23:58 217544]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-03-21 04:06 15360]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 21:08 136136]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 14:08 2289664]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"Power2GoExpress"="" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-11-06 19:51 3810544]
"PC Suite Tray"="F:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296]
"Nokia.PCSync"="F:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-13 08:34 8466432]
"WheelMouse"="C:\PROGRAM FILES\A4Tech\Mouse\Amoumain.exe" [2002-12-27 16:48 159744]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32 208952]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-07-13 08:34 81920]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-04-23 19:19 2165536]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"TV Card Remote Control Device Monitor"="C:\WINDOWS\713xRMT.exe" [2007-09-14 04:00 466944]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 11:12 16062464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 05:49 106544 C:\WINDOWS\system32\tweakui.cpl]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-06-22 07:12 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 04:21 69632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"SecurDisc"="C:\Program Files\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 13:04 2049320]
"InCD"="C:\Program Files\Nero\Nero8\InCD\InCD.exe" [2008-02-28 13:03 1083176]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-27 20:00 185896]
"PCMService"="E:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2007-10-16 13:21 159744]
"CLMLServer"="E:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" [2007-09-27 23:10 122880]
"Power2GoExpress"="E:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" [2007-09-29 16:53 2680104]
"CLJ"="0 (0x0)" []
"Bubble"="C:\Program Files\Windows SteadyState\Bubble.exe" [2007-06-05 15:56 64000]
"UVS11 Preload"="E:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 13:55 341232]
"UpdatePPShortCut"="E:\Program Files\CyberLink\PowerProducer\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-02-21 21:04 222504]
"NokiaMServer"="C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles" [ ]
"Corel Photo Downloader"="F:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe" [2007-08-17 11:50 483144]
"muBlinder"="C:\muBlinder\muBlinder.exe" [2008-03-27 19:29 1406464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-07 13:06 5181440]
"Nokia.PCSync"="F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-03-21 04:06 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 22:59 44544]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-12-26 15:30:14 1183744]
Start GetRight.lnk - G:\Program Files\GetRight\GetRight.exe [2005-11-10 02:35:10 4596808]
TV Expert Schedule Agent.lnk - C:\Program Files\TV Expert\ADTVScheduleAgent.exe [2007-12-25 12:11:15 35840]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"GreyMSIAds"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= H:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 15:18 49152]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= F:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
F:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 F:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
"msvideo"= o100vc.dll
"vidc.avrn"= F:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.advj"= F:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.mszh"= F:\PROGRA~1\ACEMEG~1\SystemS\avimszh.dll
"vidc.zlib"= F:\PROGRA~1\ACEMEG~1\SystemS\avizlib.dll
"vidc.cscd"= F:\PROGRA~1\ACEMEG~1\SystemS\camcodec.dll
"vidc.cvid"= F:\PROGRA~1\ACEMEG~1\SystemS\iccvid.dll
"msacm.trspch"= F:\PROGRA~1\ACEMEG~1\SystemS\tssoft32.acm
"vidc.em2v"= F:\PROGRA~1\ACEMEG~1\SystemS\etxcodec.dll
"vidc.mkvc"= F:\PROGRA~1\ACEMEG~1\SystemS\kmvidc32.dll
"vidc.hfyu"= huffyuv.dll
"msacm.lameacm"= lameACM.acm
"msacm.lhacm"= F:\PROGRA~1\ACEMEG~1\SystemS\lhacm.acm
"msacm.l3acm"= L3codecp.acm
"vidc.sjpg"= F:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.dmb2"= F:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.gepj"= F:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.qpeg"= F:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"vidc.q1.0"= F:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"vidc.tscc"= F:\PROGRA~1\ACEMEG~1\SystemS\tsccvid.dll
"vidc.vifp"= F:\PROGRA~1\ACEMEG~1\SystemS\vfcodec.dll
"vidc.wrpr"= F:\PROGRA~1\ACEMEG~1\SystemS\aviwrap.dll
"vidc.wnv1"= F:\PROGRA~1\ACEMEG~1\SystemS\wnvplay1.dll
"vidc.advs"= F:\PROGRA~1\ACEMEG~1\SystemS\Adaptec\Dvc.dll
"vidc.aflc"= F:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.afli"= F:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.aasc"= F:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.aas4"= F:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.asv1"= F:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv1.dll
"vidc.asv2"= F:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.asvx"= F:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.vcr1"= F:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll
"vidc.vcr2"= F:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll
"vidc.yv12"= yv12vfw.dll
"vidc.mwv1"= F:\PROGRA~1\ACEMEG~1\SystemS\Aware\icmw_32.dll
"vidc.bt20"= F:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"vidc.y41p"= F:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"msacm.pcdv"= F:\PROGRA~1\ACEMEG~1\SystemS\Canopus\pcdv.acm
"vidc.cdvc"= F:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL
"vidc.ddvc"= F:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL
"vidc.png1"= F:\PROGRA~1\ACEMEG~1\SystemS\Core\COREPN~1.DLL
"msacm.CoreFLAC_ACM"= F:\PROGRA~1\ACEMEG~1\SystemS\Core\COREFL~1.ACM
"vidc.davc"= F:\PROGRA~1\ACEMEG~1\SystemS\dicas\davcvfw.dll
"vidc.div3"= F:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div5"= F:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.mpg3"= F:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div4"= F:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.div6"= F:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.ap41"= F:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.dvx4"= F:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll
"msacm.divxa32"= divxa32.acm
"vidc.frwd"= F:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwt"= F:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwa"= F:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwt.dll
"vidc.frwu"= F:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwu.dll
"vidc.glzw"= F:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GLZW.dll
"vidc.gpeg"= F:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GPEG.dll
"vidc.i263"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv
"vidc.iv30"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv31"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv32"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv33"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv34"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv35"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv36"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv37"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv38"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv39"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv40"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv41"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv42"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv43"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv44"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv45"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv46"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv47"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv48"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv49"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.ir21"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"vidc.rt21"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"msacm.imc"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM
"vidc.lead"= F:\PROGRA~1\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL
"vidc.dvsd"= F:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvc"= F:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvcs"= F:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dcmj"= F:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi1"= F:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi2"= F:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.dv25"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.dv50"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.msmc"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmjp"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx1"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx2"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx3"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx4"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx5"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx6"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx7"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx8"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx9"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmes"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"msacm.msadpcm"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msadp32.acm
"msacm.imaadpcm"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm
"msacm.msgsm610"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm
"vidc.msvc"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.cram"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.mp41"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4s"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4v"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.wmv3"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll
"vidc.vixl"= F:\PROGRA~1\ACEMEG~1\SystemS\Miro\miroxl32.dll
"vidc.nt00"= F:\PROGRA~1\ACEMEG~1\SystemS\Newtek\ntcodec.dll
"vidc.vp30"= F:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
"vidc.vp31"= F:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
"vidc.pdvc"= F:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
"vidc.ipdv"= F:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
"vidc.pvw2"= F:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvwv220.dll
"vidc.pimj"= F:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvljpg20.dll
"vidc.mjpx"= F:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvmjpg21.dll
"vidc.miro"= F:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL
"vidc.dcap"= F:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL
"vidc.mjpa"= F:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
"vidc.gpjm"= F:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
"vidc.pim1"= F:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\pclepim1.dll
"msacm.qmpeg"= F:\PROGRA~1\ACEMEG~1\SystemS\QDesign\qmpeg.acm
"vidc.rmp4"= F:\PROGRA~1\ACEMEG~1\SystemS\REALMA~1\rmp4.dll
"vidc.rud0"= F:\PROGRA~1\ACEMEG~1\SystemS\Rududu\rududu.dll
"msacm.at3"= F:\PROGRA~1\ACEMEG~1\SystemS\SONY\atrac3.acm
"vidc.sony"= F:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll
"vidc.dvcp"= F:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll
"vidc.s422"= F:\PROGRA~1\ACEMEG~1\SystemS\Tekram\tekyuv.dll
"vidc.t420"= F:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
"vidc.y411"= F:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
"vidc.vssv"= F:\PROGRA~1\ACEMEG~1\SystemS\VANGUA~1\vsscodec.dll
"msacm.voxacm160"= F:\PROGRA~1\ACEMEG~1\SystemS\VoxWare\vct3216.acm
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"vidc.3ivx"= F:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv0"= F:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv1"= F:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv2"= F:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3ivd"= F:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.mrle"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msrle32.dll
"vidc.mjpg"= F:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\m3jpeg32.dll
"vidc.dmb1"= F:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\m3jpeg32.dll
"vidc.mj2c"= F:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\M3JP2K32.dll
"vidc.tvmj"= F:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\MMTVMJ.dll
"vidc.fljp"= F:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\MMTVMJ.dll
"MSACM.CEGSM"= mobilev.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.MPEGacm"= mpegacm.acm
"msacm.clmp3enc"= E:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"msacm.ulmp3acm"= ulmp3acm.acm
"VIDC.X264"= x264vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.l3codecp"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windows SteadyState]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Onfolio Server.lnk]
backup=C:\WINDOWS\pss\Onfolio Server.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^TV Expert Schedule Agent.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\TV Expert Schedule Agent.lnk
backup=C:\WINDOWS\pss\TV Expert Schedule Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Ulead Photo Express 4.0 SE Calendar Checker .lnk]
backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
--a------ 2006-11-08 20:29 226904 C:\Program Files\Dealio\DealioAU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a--c--- 2005-01-20 10:19 299008 C:\Program Files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcwPVRReset]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--------- 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\muBlinder]
--a--c--- 2006-11-14 17:02 651264 J:\Downloads\muBlinder\muBlinder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-05-30 12:14 98304 C:\WINDOWS\system32\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Cleaner]
--a------ 2006-09-30 20:09 122880 C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-09-07 15:51 49263 F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-07-27 20:00 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
--a------ 2003-02-27 18:48 45056 E:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-11-06 19:51 3810544 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NProtectService"=2 (0x2)
"MWLSvc"=3 (0x3)
"MSK80Service"=2 (0x2)
"MDM"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
"a2free"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Tweak UI"="RUNDLL32.EXE" TWEAKUI.CPL,TweakMeUp
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"nwiz"=nwiz.exe /install
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
"AcronisTimounterMonitor"=C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
"MaxBlastMonitor.exe"=C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
"OSSelectorReinstall"=C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"F:\\Program Files\\LimeWire\\LimeWire.exe"=
"F:\\Program Files\\Skype\\Phone\\Skype.exe"=
"E:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"F:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"E:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"E:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"E:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"G:\\Program Files\\GetRight\\GetRight.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"1723:TCP"= 1723:TCP

xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP

xpsp2res.dll,-22016
"500:UDP"= 500:UDP

xpsp2res.dll,-22017
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP

eer Name Resolution Protocol (PNRP)
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"43840:TCP"= 43840:TCP:72.20.34.145/255.255.255.255:Enabled:UTottent 1

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 22:42]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 20:22]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 17:39]
R2 A4SII300;A4SII300;C:\WINDOWS\system32\drivers\A4SII300.SYS [1998-02-26 15:10]
R2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 13:04]
R2 Prvflder;Prvflder;C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 08:22]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-03-21 04:06]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2008-03-21 04:06]
R3 3xHybrid;SAA713x TV Card Service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2007-08-16 04:00]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2002-12-31 19:35]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 05:54]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-03-20 22:07]
S2 Ca536av;DV 5100M(Video);C:\WINDOWS\system32\Drivers\Ca536av.sys [2003-09-05 13:47]
S2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
S2 Windows SteadyState;Windows SteadyState Service;"C:\Program Files\Windows SteadyState\SCTSvc.exe" [2007-06-05 15:56]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2005-02-16 16:06]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2006-12-31 00:44]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 12:41]
S3 iadusb;Prolink H9200 USB LAN Modem;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2004-07-02 16:20]
S3 iteio;iteio;C:\WINDOWS\system32\drivers\iteio.sys [1999-08-30 19:49]
S3 merger;merger;"C:\Program Files\Microsoft Application Compatibility Toolkit\Application Analyzer\merger.exe" [2005-09-27 10:33]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2008-03-21 04:06]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2008-03-21 04:06]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2008-03-21 04:06]
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2008-03-21 04:06]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 USBCamera;DV 5100M(Still);C:\WINDOWS\system32\Drivers\Bulk536.sys [2003-05-14 17:28]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"F:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17623a00-55ec-11dc-ba5c-101111111111}]
\Shell\AutoRun\command - Y:\RunGame.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 09:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- F:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-04-05 09:41:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-13 07:12:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-14 17:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2008-03-31 17:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
"2008-04-12 17:42:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-07-08 03:36:27 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- F:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
"2008-04-09 08:00:01 C:\WINDOWS\Tasks\{1C18B552-499D-478A-8867-CA8C592E4BC8}_FLECHAS-YTEKYFC_Paolo Guanco.job"
"2008-04-04 08:00:00 C:\WINDOWS\Tasks\{5AE149DF-A087-418C-9974-0353AF8D99EB}_FLECHAS-YTEKYFC_Paolo Guanco.job"
"2008-04-11 01:00:00 C:\WINDOWS\Tasks\{91CB59F4-F085-457D-B57E-A77F27D35E94}_FLECHAS-YTEKYFC_Paolo Guanco.job"
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 15:34:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CLJ = 63

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
E:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
h:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\snmp.exe
I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
E:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-04-13 15:43:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-13 07:43:29
ComboFix2.txt 2008-04-10 14:40:40
ComboFix3.txt 2008-04-06 17:39:18
Pre-Run: 14,795,800,576 bytes free
Post-Run: 14,748,401,664 bytes free
.
2008-04-09 15:12:40 --- E O F ---

Blade81 · Apr 13, 2008

Hi

Open notepad and copy/paste the text in the quotebox below into it:

Code:

Folder::
C:\WINDOWS\FLEOK
C:\Program Files\zango
C:\Program Files\Sysmnt
C:\Program Files\180solutions
C:\Program Files\180searchassistant

Save this as
CFScript

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log. Please post also a fresh hjt log and Kaspersky report I asked for in my previous post.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

condotiere · Apr 15, 2008

2nd combofix log

ComboFix 08-04-04.1 - Paolo Guanco 2008-04-15 11:47:40.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1117 [GMT 8:00]
Running from: L:\Documents and Settings\Paolo Guanco\Desktop\ComboFix.exe
Command switches used :: L:\Documents and Settings\Paolo Guanco\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\nwgdonje.ini
.

Overlay aborted ... Please run ComboFix once more
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-15 06:09 . 2008-04-15 06:09 <DIR> d-------- C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\DivX
2008-04-14 22:42 . 2007-01-04 05:58 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-04-14 22:42 . 2007-01-04 05:58 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-04-14 22:06 . 2008-04-14 22:06 <DIR> d----c--- C:\20080409
2008-04-14 22:06 . 2008-04-14 22:06 <DIR> d----c--- C:\20080330
2008-04-14 22:05 . 2008-04-14 22:05 <DIR> d----c--- C:\20080414
2008-04-14 22:05 . 2008-04-14 22:05 <DIR> d----c--- C:\20080413
2008-04-13 15:50 . 2008-04-13 15:50 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-13 15:50 . 2008-04-13 15:50 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-04-13 03:16 . 2008-04-13 03:17 <DIR> d-------- C:\Program Files\free-downloads.net
2008-04-13 03:16 . 2008-04-13 03:16 <DIR> d-------- C:\Program Files\Conduit
2008-04-13 00:58 . 2008-04-13 00:58 <DIR> d-------- C:\WINDOWS\Globalization
2008-04-13 00:11 . 2008-03-20 22:09 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-04-13 00:11 . 2008-03-20 22:09 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-04-13 00:11 . 2008-04-13 00:11 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-13 00:11 . 2008-04-13 00:11 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-12 12:17 . 2008-04-13 00:57 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-04-12 12:16 . 2008-04-12 12:16 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-04-12 12:16 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-04-12 12:15 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-12 12:15 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-04-12 12:15 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-04-12 12:15 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-04-10 21:28 . 2008-04-10 21:28 <DIR> d-------- C:\WINDOWS\FLEOK
2008-04-10 21:28 . 2008-04-10 21:28 <DIR> d-------- C:\Program Files\zango
2008-04-10 21:28 . 2008-04-10 21:28 <DIR> d-------- C:\Program Files\Sysmnt
2008-04-10 21:28 . 2008-04-10 21:28 <DIR> d-------- C:\Program Files\180solutions
2008-04-10 21:28 . 2008-04-10 21:28 <DIR> d-------- C:\Program Files\180searchassistant
2008-04-10 21:28 . 2008-04-10 21:28 31,232 --a------ C:\WINDOWS\didduid.ini
2008-04-10 21:28 . 2008-04-10 21:28 30,208 --a------ C:\WINDOWS\system32\SIPSPI32.dll
2008-04-10 21:28 . 2008-04-10 21:28 8,960 --a------ C:\WINDOWS\system32\MSNSA32.dll
2008-04-10 19:02 . 2008-04-10 19:02 91,561 --a------ C:\WINDOWS\system32\wmsdkns.exe
2008-04-10 02:14 . 2008-04-10 02:14 <DIR> d-------- C:\Program Files\SmartSound Software
2008-04-10 02:14 . 2008-04-10 02:14 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\SmartSound Software Inc
2008-04-10 02:13 . 2008-04-10 02:13 87 --a------ C:\WINDOWS\dswplug.ini
2008-04-10 02:11 . 2008-04-10 02:11 <DIR> d-------- C:\WINDOWS\system32\windows media
2008-04-09 19:21 . 2008-04-09 19:26 215,151,272 --a--c--- C:\TV_EWTN_20080322_085950.wmv.MPG
2008-04-09 17:58 . 2008-04-09 17:58 1,849,904 --a--c--- C:\TV_EWTN_20080323_185533.wmv.MPG
2008-04-09 13:51 . 2008-04-09 13:51 <DIR> d-------- C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\Corel
2008-04-09 13:51 . 2008-04-09 13:51 88 -r-hs---- C:\WINDOWS\system32\810D1BB7F1.sys
2008-04-09 13:50 . 2008-04-09 13:51 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Corel
2008-04-09 13:49 . 2008-04-09 13:50 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-04-07 23:10 . 2008-04-07 23:10 0 --a------ C:\WINDOWS\PhotoNow.INI
2008-04-07 15:42 . 2008-03-22 18:30 2,085,376 --a------ C:\WINDOWS\system32\x264vfw.dll
2008-04-07 15:42 . 2002-07-07 23:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-04-07 15:42 . 2006-04-02 13:47 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-04-07 15:42 . 1997-04-07 18:19 391,680 --a------ C:\WINDOWS\system32\I263_32.drv
2008-04-07 15:42 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-04-07 15:42 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-04-07 15:42 . 1998-11-18 14:33 144,384 --a------ C:\WINDOWS\system32\Iacenc.dll
2008-04-07 15:42 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-04-07 15:42 . 2004-05-18 19:16 39,936 --a------ C:\WINDOWS\system32\huffyuv.dll
2008-04-07 15:42 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-04-07 15:41 . 2008-04-07 15:41 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-07 15:41 . 2008-03-04 12:33 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-04-07 15:41 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-04-06 23:44 . 2008-04-06 23:44 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-06 23:14 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-06 23:14 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-06 23:14 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-06 23:14 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-06 23:14 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-06 23:14 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-06 23:14 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-06 03:05 . 2008-04-06 03:05 <DIR> d-------- C:\Program Files\Common Files\SONY Digital Images
2008-04-06 03:05 . 2008-04-27 03:05 25 ---h----- C:\WINDOWS\sysdws.dat
2008-04-06 01:11 . 2008-04-06 01:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-06 00:27 . 2008-04-06 16:36 10,128 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-05 20:29 . 2008-04-05 20:29 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-04-05 20:28 . 2008-04-05 20:28 <DIR> d----c--- C:\Documents and Settings\PAOLOG~1~FLE\LOCALS~1
2008-04-05 20:28 . 2008-04-05 20:28 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\InterVideo
2008-04-05 20:28 . 2007-03-06 11:58 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-04-05 20:28 . 2007-03-06 11:58 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-04-05 20:28 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-04-05 20:28 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-04-05 20:28 . 2007-03-06 11:58 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-04-05 20:28 . 2007-03-06 11:58 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-04-05 20:27 . 2008-04-05 20:27 <DIR> d-------- C:\Program Files\Windows Media Components
2008-04-05 13:17 . 2008-04-05 13:17 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\CyberLink
2008-04-04 22:23 . 2008-04-04 22:23 <DIR> d----c--- C:\My Video
2008-04-04 22:22 . 2008-04-04 22:23 <DIR> d----c--- C:\Jmw9.tmp
2008-04-04 21:44 . 2008-04-04 21:44 <DIR> d----c--- C:\JmwC0.tmp
2008-04-04 21:42 . 2008-04-04 21:44 <DIR> d----c--- C:\JmwBA.tmp
2008-04-04 12:03 . 2008-04-04 13:00 669,374,748 --a--c--- C:\TV_EWTN_20080323_045951.wmv.MPG
2008-04-03 16:31 . 2008-04-03 17:20 623,935,900 --a--c--- C:\TV_EWTN_20080206_234457.wmv.MPG
2008-04-03 01:09 . 2008-04-03 01:09 <DIR> d-------- C:\Program Files\uTorrent
2008-04-03 01:08 . 2008-04-15 10:34 <DIR> d-------- C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\uTorrent
2008-04-01 23:05 . 2008-04-01 23:08 <DIR> d-------- C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\Xfire
2008-04-01 13:57 . 2008-04-01 13:57 <DIR> d-------- C:\Program Files\Windows SteadyState
2008-04-01 03:42 . 2008-04-01 03:42 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-04-01 03:42 . 2008-04-01 03:42 <DIR> d-------- C:\WINDOWS\system32\bits
2008-04-01 03:42 . 2008-04-01 03:42 <DIR> d-------- C:\WINDOWS\l2schemas
2008-04-01 03:29 . 2008-03-21 04:06 291,328 --a------ C:\WINDOWS\system32\qagentrt.dll
2008-04-01 03:29 . 2008-03-21 04:06 150,528 --a------ C:\WINDOWS\system32\qagent.dll
2008-04-01 03:29 . 2008-03-21 04:06 144,384 --a------ C:\WINDOWS\system32\onex.dll
2008-04-01 03:29 . 2008-03-21 04:06 76,800 --a------ C:\WINDOWS\system32\qutil.dll
2008-04-01 03:29 . 2008-03-21 04:06 69,120 --a------ C:\WINDOWS\system32\wlanapi.dll
2008-04-01 03:29 . 2008-03-21 04:06 62,464 --a------ C:\WINDOWS\system32\qcliprov.dll
2008-04-01 03:29 . 2008-03-21 04:06 61,952 --a------ C:\WINDOWS\system32\rasqec.dll
2008-04-01 03:29 . 2008-03-21 04:06 50,688 --a------ C:\WINDOWS\system32\tspkg.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 22:13 --------- d-----w C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\Ulead Systems
2008-04-14 22:02 --------- d-----w C:\Program Files\McAfee
2008-04-14 14:42 --------- d-----w C:\Program Files\DivX
2008-04-14 14:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-14 14:38 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Ulead Systems
2008-04-14 10:26 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\SiteAdvisor
2008-04-12 16:58 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-04-12 04:17 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-04-12 04:12 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
2008-04-11 15:12 --------- d-----w C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\LimeWire
2008-04-11 05:14 --------- d-----w C:\Program Files\Lx_cats
2008-04-09 18:18 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-04-09 18:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-08 15:38 --------- d-----w C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\SiteAdvisor
2008-04-06 05:14 --------- d-----w C:\Program Files\CyberLink
2008-03-25 12:26 --------- d-----w C:\Program Files\Network Password Recovery
2008-03-24 18:55 --------- d-----w C:\Program Files\Chikka V4
2008-03-24 17:59 --------- d-----w C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\Cyberlink
2008-03-24 17:01 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2008-03-23 14:55 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-23 14:19 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-23 14:18 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead
2008-03-23 14:18 --------- d-----w C:\Program Files\Ahead
2008-03-23 08:46 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-03-23 08:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-20 20:07 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-03-20 20:07 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-03-20 20:07 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-03-20 20:07 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-03-20 20:06 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-03-20 20:06 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-03-20 20:06 32,866 ----a-w C:\WINDOWS\slrundll.exe
2008-03-20 20:06 3,901 ----a-w C:\WINDOWS\system32\drivers\siint5.dll
2008-03-20 20:06 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-03-20 20:06 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-03-20 20:06 11,325 ----a-w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-03-20 20:06 10,752 ----a-w C:\WINDOWS\hh.exe
2008-03-20 20:06 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-03-20 14:51 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-03-20 14:42 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-03-20 14:42 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-03-20 14:42 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-03-20 14:42 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-03-20 14:41 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-03-20 14:41 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-03-20 14:41 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-03-20 14:41 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-03-20 14:41 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-03-20 14:40 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-03-20 14:39 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-03-20 14:39 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-03-20 14:39 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-03-20 14:38 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-03-20 14:38 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-03-20 14:38 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-03-20 14:37 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-03-20 14:37 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-03-20 14:37 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-03-20 14:36 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-03-20 14:36 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-03-20 14:21 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-03-20 14:21 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-03-20 14:21 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-03-20 14:18 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-03-20 14:18 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-03-20 14:18 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-03-20 14:18 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-03-20 14:18 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-03-20 14:18 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-03-20 14:18 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-03-20 14:17 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-03-20 14:17 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-03-20 14:17 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-03-20 14:17 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-03-20 14:17 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-03-20 14:17 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-03-20 14:16 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-03-20 14:16 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-03-20 14:16 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-03-20 14:16 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-03-20 14:15 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-03-20 14:14 88,192 ----a-w C:\WINDOWS\system32\drivers\irda.sys
2008-03-20 14:14 22,016 ----a-w C:\WINDOWS\system32\drivers\msircomm.sys
2008-03-20 14:14 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-03-20 14:13 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-03-20 14:13 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-03-20 14:13 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-03-20 14:13 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-03-20 14:11 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-03-20 14:11 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-03-20 14:11 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-03-20 14:11 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-03-20 14:11 101,120 ----a-w C:\WINDOWS\system32\drivers\bthpan.sys
2008-03-20 14:10 85,248 ----a-w C:\WINDOWS\system32\drivers\nabtsfec.sys
2008-03-20 14:10 59,136 ----a-w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-03-20 14:10 37,888 ----a-w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-03-20 14:10 36,480 ----a-w C:\WINDOWS\system32\drivers\bthprint.sys
2008-03-20 14:10 273,024 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-03-20 14:10 25,600 ----a-w C:\WINDOWS\system32\drivers\hidbth.sys
2008-03-20 14:10 18,944 ----a-w C:\WINDOWS\system32\drivers\bthusb.sys
2003-01-13 03:20 278,528 ----a-w C:\Program Files\internet explorer\plugins\PanoViewer.dll
1999-04-30 08:00 98,304 ----a-w C:\Program Files\internet explorer\plugins\UPjpeg.dll
2005-07-14 18:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( snapshot_2008-04-13_15.43.00.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 14:37:57 360,518 ----a-r C:\WINDOWS\Installer\{CCC4E428-411E-4605-B515-317D50ABD477}\ARPPRODUCTICON.exe
- 2008-04-13 05:17:13 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-15 03:01:27 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-13 05:17:13 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-15 03:01:27 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-13 05:17:13 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-15 03:01:27 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-09-22 00:26:38 716,800 ----a-w C:\WINDOWS\system32\DivX.dll
+ 2007-01-03 21:51:25 637,534 ----a-w C:\WINDOWS\system32\DivX.dll
- 2004-09-16 20:23:47 206,848 ----a-w C:\WINDOWS\system32\divx_xx07.dll
+ 2007-01-03 21:51:25 806,912 ----a-w C:\WINDOWS\system32\divx_xx07.dll
- 2004-09-16 20:23:48 206,336 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
+ 2007-01-03 21:51:25 806,912 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
- 2004-09-22 00:26:28 528,384 ----a-w C:\WINDOWS\system32\divx_xx11.dll
+ 2007-01-03 21:51:25 790,528 ----a-w C:\WINDOWS\system32\divx_xx11.dll
+ 2007-01-03 22:02:40 118,784 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
- 2005-08-09 22:13:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
+ 2007-01-03 21:58:18 520,192 ----a-w C:\WINDOWS\system32\DivXsm.exe
+ 2007-01-03 22:02:23 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
- 2005-08-09 22:12:28 86,016 ----a-w C:\WINDOWS\system32\dpl100.dll
+ 2007-01-03 21:52:55 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
- 2004-09-16 20:24:24 290,816 ----a-w C:\WINDOWS\system32\dpu10.dll
+ 2007-01-03 21:51:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
- 2005-08-09 22:12:27 245,760 ----a-w C:\WINDOWS\system32\dpu11.dll
+ 2007-01-03 21:51:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
- 2004-09-16 20:24:24 602,112 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
+ 2007-01-03 21:51:29 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
- 2005-08-09 22:12:28 581,632 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
+ 2007-01-03 21:51:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
- 2005-08-09 22:12:27 303,104 ----a-w C:\WINDOWS\system32\dpus11.dll
+ 2007-01-03 21:51:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
- 2005-08-09 22:12:27 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
+ 2007-01-03 21:51:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
- 2005-08-09 22:12:28 200,704 ----a-w C:\WINDOWS\system32\dtu100.dll
+ 2007-01-03 21:52:55 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
- 2008-04-13 07:33:00 221,034 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-04-15 04:00:15 221,021 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2005-05-24 04:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 07:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 07:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2007-01-03 21:58:03 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
- 2003-09-04 06:14:28 94,208 ----a-w C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
+ 2004-06-09 08:06:16 99,544 ----a-w C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
- 2005-08-09 22:12:28 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
+ 2007-01-03 21:58:11 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
+ 2007-01-03 21:58:03 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
+ 2008-04-15 03:56:16 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_378.dat
+ 2008-04-15 03:58:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_9bc.dat
+ 2008-04-15 03:56:43 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_b00.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-04-09 13:03 1524248 --a------ C:\Program Files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-04-09 13:03 1524248]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= C:\Program Files\free-downloads.net\tbfree.dll [2008-04-09 13:03 1524248]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@={8D2223A2-B3C6-4e32-B096-CDD11F628C60}

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 13:04 97064 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 05:22 3739648]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-20 04:13 486856]
"AlcoholAutomount"="I:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 23:58 217544]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-03-21 04:06 15360]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 21:08 136136]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 14:08 2289664]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"Power2GoExpress"="" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-11-06 19:51 3810544]
"PC Suite Tray"="F:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296]
"Nokia.PCSync"="F:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-13 08:34 8466432]
"WheelMouse"="C:\PROGRAM FILES\A4Tech\Mouse\Amoumain.exe" [2002-12-27 16:48 159744]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32 208952]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-07-13 08:34 81920]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-04-23 19:19 2165536]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"TV Card Remote Control Device Monitor"="C:\WINDOWS\713xRMT.exe" [2007-09-14 04:00 466944]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 11:12 16062464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 05:49 106544 C:\WINDOWS\system32\tweakui.cpl]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-06-22 07:12 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 04:21 69632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"SecurDisc"="C:\Program Files\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 13:04 2049320]
"InCD"="C:\Program Files\Nero\Nero8\InCD\InCD.exe" [2008-02-28 13:03 1083176]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-27 20:00 185896]
"PCMService"="E:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2007-10-16 13:21 159744]
"CLMLServer"="E:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" [2007-09-27 23:10 122880]
"Power2GoExpress"="E:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" [2007-09-29 16:53 2680104]
"CLJ"="0 (0x0)" []
"Bubble"="C:\Program Files\Windows SteadyState\Bubble.exe" [2007-06-05 15:56 64000]
"UVS11 Preload"="E:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 13:55 341232]
"UpdatePPShortCut"="E:\Program Files\CyberLink\PowerProducer\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-02-21 21:04 222504]
"NokiaMServer"="C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles" [ ]
"Corel Photo Downloader"="F:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe" [2007-08-17 11:50 483144]
"muBlinder"="C:\muBlinder\muBlinder.exe" [2008-03-27 19:29 1406464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-07 13:06 5181440]
"Nokia.PCSync"="F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-03-21 04:06 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 22:59 44544]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-12-26 15:30:14 1183744]
Start GetRight.lnk - G:\Program Files\GetRight\GetRight.exe [2005-11-10 02:35:10 4596808]
TV Expert Schedule Agent.lnk - C:\Program Files\TV Expert\ADTVScheduleAgent.exe [2007-12-25 12:11:15 35840]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"GreyMSIAds"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= H:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 15:18 49152]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= F:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
F:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 F:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
"msvideo"= o100vc.dll
"vidc.avrn"= F:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.advj"= F:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.mszh"= F:\PROGRA~1\ACEMEG~1\SystemS\avimszh.dll
"vidc.zlib"= F:\PROGRA~1\ACEMEG~1\SystemS\avizlib.dll
"vidc.cscd"= F:\PROGRA~1\ACEMEG~1\SystemS\camcodec.dll
"vidc.cvid"= F:\PROGRA~1\ACEMEG~1\SystemS\iccvid.dll
"msacm.trspch"= F:\PROGRA~1\ACEMEG~1\SystemS\tssoft32.acm
"vidc.em2v"= F:\PROGRA~1\ACEMEG~1\SystemS\etxcodec.dll
"vidc.mkvc"= F:\PROGRA~1\ACEMEG~1\SystemS\kmvidc32.dll
"vidc.hfyu"= huffyuv.dll
"msacm.lameacm"= lameACM.acm
"msacm.lhacm"= F:\PROGRA~1\ACEMEG~1\SystemS\lhacm.acm
"msacm.l3acm"= L3codecp.acm
"vidc.sjpg"= F:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.dmb2"= F:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.gepj"= F:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.qpeg"= F:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"vidc.q1.0"= F:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"vidc.tscc"= F:\PROGRA~1\ACEMEG~1\SystemS\tsccvid.dll
"vidc.vifp"= F:\PROGRA~1\ACEMEG~1\SystemS\vfcodec.dll
"vidc.wrpr"= F:\PROGRA~1\ACEMEG~1\SystemS\aviwrap.dll
"vidc.wnv1"= F:\PROGRA~1\ACEMEG~1\SystemS\wnvplay1.dll
"vidc.advs"= F:\PROGRA~1\ACEMEG~1\SystemS\Adaptec\Dvc.dll
"vidc.aflc"= F:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.afli"= F:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.aasc"= F:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.aas4"= F:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.asv1"= F:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv1.dll
"vidc.asv2"= F:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.asvx"= F:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.vcr1"= F:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll
"vidc.vcr2"= F:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll
"vidc.mwv1"= F:\PROGRA~1\ACEMEG~1\SystemS\Aware\icmw_32.dll
"vidc.bt20"= F:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"vidc.y41p"= F:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"msacm.pcdv"= F:\PROGRA~1\ACEMEG~1\SystemS\Canopus\pcdv.acm
"vidc.cdvc"= F:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL
"vidc.ddvc"= F:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL
"vidc.png1"= F:\PROGRA~1\ACEMEG~1\SystemS\Core\COREPN~1.DLL
"msacm.CoreFLAC_ACM"= F:\PROGRA~1\ACEMEG~1\SystemS\Core\COREFL~1.ACM
"vidc.davc"= F:\PROGRA~1\ACEMEG~1\SystemS\dicas\davcvfw.dll
"vidc.div3"= F:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div5"= F:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.mpg3"= F:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div4"= F:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.div6"= F:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.ap41"= F:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.dvx4"= F:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll
"msacm.divxa32"= divxa32.acm
"vidc.frwd"= F:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwt"= F:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwa"= F:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwt.dll
"vidc.frwu"= F:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwu.dll
"vidc.glzw"= F:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GLZW.dll
"vidc.gpeg"= F:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GPEG.dll
"vidc.i263"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv
"vidc.iv30"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv31"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv32"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv33"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv34"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv35"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv36"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv37"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv38"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv39"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv40"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv41"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv42"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv43"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv44"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv45"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv46"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv47"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv48"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv49"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.ir21"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"vidc.rt21"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"msacm.imc"= F:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM
"vidc.lead"= F:\PROGRA~1\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL
"vidc.dvsd"= F:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvc"= F:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvcs"= F:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dcmj"= F:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi1"= F:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi2"= F:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.dv25"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.dv50"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.msmc"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmjp"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx1"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx2"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx3"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx4"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx5"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx6"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx7"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx8"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx9"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmes"= F:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"msacm.msadpcm"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msadp32.acm
"msacm.imaadpcm"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm
"msacm.msgsm610"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm
"vidc.msvc"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.cram"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.mp41"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4s"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4v"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.wmv3"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll
"vidc.vixl"= F:\PROGRA~1\ACEMEG~1\SystemS\Miro\miroxl32.dll
"vidc.nt00"= F:\PROGRA~1\ACEMEG~1\SystemS\Newtek\ntcodec.dll
"vidc.vp30"= F:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
"vidc.vp31"= F:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
"vidc.pdvc"= F:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
"vidc.ipdv"= F:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
"vidc.pvw2"= F:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvwv220.dll
"vidc.pimj"= F:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvljpg20.dll
"vidc.mjpx"= F:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvmjpg21.dll
"vidc.miro"= F:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL
"vidc.dcap"= F:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL
"vidc.mjpa"= F:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
"vidc.gpjm"= F:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
"vidc.pim1"= F:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\pclepim1.dll
"msacm.qmpeg"= F:\PROGRA~1\ACEMEG~1\SystemS\QDesign\qmpeg.acm
"vidc.rmp4"= F:\PROGRA~1\ACEMEG~1\SystemS\REALMA~1\rmp4.dll
"vidc.rud0"= F:\PROGRA~1\ACEMEG~1\SystemS\Rududu\rududu.dll
"msacm.at3"= F:\PROGRA~1\ACEMEG~1\SystemS\SONY\atrac3.acm
"vidc.sony"= F:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll
"vidc.dvcp"= F:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll
"vidc.s422"= F:\PROGRA~1\ACEMEG~1\SystemS\Tekram\tekyuv.dll
"vidc.t420"= F:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
"vidc.y411"= F:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
"vidc.vssv"= F:\PROGRA~1\ACEMEG~1\SystemS\VANGUA~1\vsscodec.dll
"msacm.voxacm160"= F:\PROGRA~1\ACEMEG~1\SystemS\VoxWare\vct3216.acm
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"vidc.3ivx"= F:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv0"= F:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv1"= F:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv2"= F:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3ivd"= F:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.mrle"= F:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msrle32.dll
"vidc.mjpg"= F:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\m3jpeg32.dll
"vidc.dmb1"= F:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\m3jpeg32.dll
"vidc.mj2c"= F:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\M3JP2K32.dll
"vidc.tvmj"= F:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\MMTVMJ.dll
"vidc.fljp"= F:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\MMTVMJ.dll
"MSACM.CEGSM"= mobilev.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.MPEGacm"= mpegacm.acm
"msacm.clmp3enc"= E:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"msacm.ulmp3acm"= ulmp3acm.acm
"VIDC.X264"= x264vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.l3codecp"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windows SteadyState]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Onfolio Server.lnk]
backup=C:\WINDOWS\pss\Onfolio Server.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^TV Expert Schedule Agent.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\TV Expert Schedule Agent.lnk
backup=C:\WINDOWS\pss\TV Expert Schedule Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Ulead Photo Express 4.0 SE Calendar Checker .lnk]
backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
--a------ 2006-11-08 20:29 226904 C:\Program Files\Dealio\DealioAU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a--c--- 2005-01-20 10:19 299008 C:\Program Files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcwPVRReset]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--------- 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\muBlinder]
--a--c--- 2006-11-14 17:02 651264 J:\Downloads\muBlinder\muBlinder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-05-30 12:14 98304 C:\WINDOWS\system32\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Cleaner]
--a------ 2006-09-30 20:09 122880 C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-09-07 15:51 49263 F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-07-27 20:00 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
--a------ 2003-02-27 18:48 45056 E:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-11-06 19:51 3810544 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NProtectService"=2 (0x2)
"MWLSvc"=3 (0x3)
"MSK80Service"=2 (0x2)
"MDM"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
"a2free"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Tweak UI"="RUNDLL32.EXE" TWEAKUI.CPL,TweakMeUp
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"nwiz"=nwiz.exe /install
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
"AcronisTimounterMonitor"=C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
"MaxBlastMonitor.exe"=C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
"OSSelectorReinstall"=C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"F:\\Program Files\\LimeWire\\LimeWire.exe"=
"F:\\Program Files\\Skype\\Phone\\Skype.exe"=
"E:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"F:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"E:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"E:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"E:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"G:\\Program Files\\GetRight\\GetRight.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"1723:TCP"= 1723:TCP

xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP

xpsp2res.dll,-22016
"500:UDP"= 500:UDP

xpsp2res.dll,-22017
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP

eer Name Resolution Protocol (PNRP)
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"43840:TCP"= 43840:TCP:72.20.34.145/255.255.255.255:Enabled:UTottent 1

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 22:42]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 20:22]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 17:39]
R2 A4SII300;A4SII300;C:\WINDOWS\system32\drivers\A4SII300.SYS [1998-02-26 15:10]
R2 Prvflder;Prvflder;C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 08:22]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-03-21 04:06]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2008-03-21 04:06]
R2 Windows SteadyState;Windows SteadyState Service;"C:\Program Files\Windows SteadyState\SCTSvc.exe" [2007-06-05 15:56]
R3 3xHybrid;SAA713x TV Card Service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2007-08-16 04:00]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2002-12-31 19:35]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 05:54]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-03-20 22:07]
S2 Ca536av;DV 5100M(Video);C:\WINDOWS\system32\Drivers\Ca536av.sys [2003-09-05 13:47]
S2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 13:04]
S2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2005-02-16 16:06]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2006-12-31 00:44]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 12:41]
S3 iadusb;Prolink H9200 USB LAN Modem;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2004-07-02 16:20]
S3 iteio;iteio;C:\WINDOWS\system32\drivers\iteio.sys [1999-08-30 19:49]
S3 merger;merger;"C:\Program Files\Microsoft Application Compatibility Toolkit\Application Analyzer\merger.exe" [2005-09-27 10:33]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2008-03-21 04:06]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2008-03-21 04:06]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2008-03-21 04:06]
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2008-03-21 04:06]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 USBCamera;DV 5100M(Still);C:\WINDOWS\system32\Drivers\Bulk536.sys [2003-05-14 17:28]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"F:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17623a00-55ec-11dc-ba5c-101111111111}]
\Shell\AutoRun\command - Y:\RunGame.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 09:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- F:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-04-05 09:41:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-15 04:12:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-14 17:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2008-03-31 17:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
"2008-04-15 03:57:47 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-07-08 03:36:27 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- F:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
"2008-04-14 08:00:00 C:\WINDOWS\Tasks\{1C18B552-499D-478A-8867-CA8C592E4BC8}_FLECHAS-YTEKYFC_Paolo Guanco.job"
"2008-04-04 08:00:00 C:\WINDOWS\Tasks\{5AE149DF-A087-418C-9974-0353AF8D99EB}_FLECHAS-YTEKYFC_Paolo Guanco.job"
"2008-04-15 01:00:00 C:\WINDOWS\Tasks\{91CB59F4-F085-457D-B57E-A77F27D35E94}_FLECHAS-YTEKYFC_Paolo Guanco.job"
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 12:41:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CLJ = 63

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
h:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\snmp.exe
I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-04-15 12:53:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-15 04:53:44
ComboFix2.txt 2008-04-13 07:43:36
ComboFix3.txt 2008-04-10 14:40:40
ComboFix4.txt 2008-04-06 17:39:18
Pre-Run: 18,143,711,232 bytes free
Post-Run: 18,364,665,856 bytes free
.
2008-04-14 13:44:41 --- E O F ---

Blade81 · Apr 15, 2008

Hi

Upload following file to http://virusscan.jotti.org and post back the results:
C:\Jmw9.tmp

Please remove free-downloads.net toolbar (or something with similar name) thru add/remove programs if found.

Open notepad and copy/paste the text in the quotebox below into it:

Code:

KILLALL::

File::
C:\WINDOWS\didduid.ini
C:\WINDOWS\system32\SIPSPI32.dll
C:\WINDOWS\system32\MSNSA32.dll
C:\WINDOWS\system32\wmsdkns.exe

DirLook::
C:\20080409
C:\20080414

Folder::
C:\Program Files\free-downloads.net
C:\WINDOWS\FLEOK
C:\Program Files\zango
C:\Program Files\Sysmnt
C:\Program Files\180solutions
C:\Program Files\180searchassistant

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"=-

[-HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"=-

[-HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

Save this as
CFScript

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file & a fresh hjt log in your next reply (don't forget to post Combofix resultant log).

condotiere · Apr 16, 2008

jmw9.tmp

Blade,

The jmw9.tmp file that you told me to upload to http://virusscan.jotti.org/ is not a file. I looked it up, It is an empty folder. Nothing to upload.

Blade81 · Apr 16, 2008

Sorry, my bad

Please continue following rest of the instructions.

condotiere · Apr 19, 2008

Blade81 said:

Hi

Open notepad and copy/paste the text in the quotebox below into it:

Code:

KILLALL::

File::
C:\WINDOWS\didduid.ini
C:\WINDOWS\system32\SIPSPI32.dll
C:\WINDOWS\system32\MSNSA32.dll
C:\WINDOWS\system32\wmsdkns.exe

DirLook::
C:\20080409
C:\20080414

Folder::
C:\Program Files\free-downloads.net
C:\WINDOWS\FLEOK
C:\Program Files\zango
C:\Program Files\Sysmnt
C:\Program Files\180solutions
C:\Program Files\180searchassistant

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"=-

[-HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"=-

[-HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

Save this as
CFScript

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

[/list]

Hi Blade,

Combofix dosen't start after I dragged CFScript into it.

Blade81 · Apr 19, 2008

Hi

Lets uninstall ComboFix and get a latest one:

Click START then RUN
Now type Combofix /u in the runbox and click OK

Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

Then drag 'n' drop CFScript.txt file on this new ComboFix.exe

condotiere · Apr 19, 2008

Combofix log

Here's the combofix log:

ComboFix 08-04-18.3 - Paolo Guanco 2008-04-19 19:13:23.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1484 [GMT 8:00]
Running from: L:\Documents and Settings\Paolo Guanco\Desktop\ComboFix.exe
Command switches used :: L:\Documents and Settings\Paolo Guanco\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\didduid.ini
C:\WINDOWS\system32\MSNSA32.dll
C:\WINDOWS\system32\SIPSPI32.dll
C:\WINDOWS\system32\wmsdkns.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Nikki.FLECHAS-YTEKYFC\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Program Files\180searchassistant
C:\Program Files\180searchassistant\saap.exe
C:\Program Files\180searchassistant\sac.exe
C:\Program Files\180solutions
C:\Program Files\180solutions\sais.exe
C:\Program Files\free-downloads.net
C:\Program Files\Sysmnt
C:\Program Files\Sysmnt\Ssmgr.exe
C:\Program Files\zango
C:\Program Files\zango\zango.exe
C:\WINDOWS\123messenger.per
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\asferror32.dll
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\browserad.dll
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\didduid.ini
C:\WINDOWS\FLEOK
C:\WINDOWS\FLEOK\180ax.exe
C:\WINDOWS\Installer\id53.exe
C:\WINDOWS\licencia.txt
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\ntnut.exe
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\system32\MSNSA32.dll
C:\WINDOWS\system32\ntnut32.exe
C:\WINDOWS\system32\shdocpe.dll
C:\WINDOWS\system32\SIPSPI32.dll
C:\WINDOWS\telefonos.txt
C:\WINDOWS\textos.txt
C:\WINDOWS\winsb.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4

((((((((((((((((((((((((( Files Created from 2008-03-19 to 2008-04-19 )))))))))))))))))))))))))))))))
.

2008-04-18 13:55 . 2008-04-18 14:11 <DIR> d----c--- C:\20080417
2008-04-16 13:42 . 2008-04-16 13:42 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-04-15 18:08 . 2008-04-19 11:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-15 18:08 . 2008-04-15 18:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-15 06:09 . 2008-04-15 06:09 <DIR> d-------- C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\DivX
2008-04-14 22:42 . 2007-01-04 05:58 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-04-14 22:42 . 2007-01-04 05:58 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-04-14 22:06 . 2008-04-14 22:06 <DIR> d----c--- C:\20080326
2008-04-14 22:05 . 2008-04-16 02:34 <DIR> d----c--- C:\20080414
2008-04-14 22:05 . 2008-04-19 11:54 <DIR> d----c--- C:\20080413
2008-04-13 15:50 . 2008-04-13 15:50 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-13 15:50 . 2008-04-13 15:50 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-04-13 03:16 . 2008-04-13 03:16 <DIR> d-------- C:\Program Files\Conduit
2008-04-13 00:58 . 2008-04-13 00:58 <DIR> d-------- C:\WINDOWS\Globalization
2008-04-13 00:11 . 2008-03-20 22:09 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-04-13 00:11 . 2008-03-20 22:09 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-04-13 00:11 . 2008-04-13 00:11 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-13 00:11 . 2008-04-13 00:11 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-12 12:17 . 2008-04-13 00:57 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-04-12 12:16 . 2008-04-12 12:16 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-04-12 12:16 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-04-12 12:15 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-12 12:15 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-04-12 12:15 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-04-12 12:15 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-04-10 02:14 . 2008-04-10 02:14 <DIR> d-------- C:\Program Files\SmartSound Software
2008-04-10 02:14 . 2008-04-10 02:14 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\SmartSound Software Inc
2008-04-10 02:13 . 2008-04-10 02:13 87 --a------ C:\WINDOWS\dswplug.ini
2008-04-10 02:11 . 2008-04-10 02:11 <DIR> d-------- C:\WINDOWS\system32\windows media
2008-04-09 19:21 . 2008-04-09 19:26 215,151,272 --a--c--- C:\TV_EWTN_20080322_085950.wmv.MPG
2008-04-09 17:58 . 2008-04-09 17:58 1,849,904 --a--c--- C:\TV_EWTN_20080323_185533.wmv.MPG
2008-04-09 13:51 . 2008-04-09 13:51 <DIR> d-------- C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\Corel
2008-04-09 13:51 . 2008-04-09 13:51 88 -r-hs---- C:\WINDOWS\system32\810D1BB7F1.sys
2008-04-09 13:50 . 2008-04-09 13:51 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Corel
2008-04-09 13:49 . 2008-04-09 13:50 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-04-07 23:10 . 2008-04-07 23:10 0 --a------ C:\WINDOWS\PhotoNow.INI
2008-04-07 15:42 . 2008-03-22 18:30 2,085,376 --a------ C:\WINDOWS\system32\x264vfw.dll
2008-04-07 15:42 . 2002-07-07 23:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-04-07 15:42 . 2006-04-02 13:47 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-04-07 15:42 . 1997-04-07 18:19 391,680 --a------ C:\WINDOWS\system32\I263_32.drv
2008-04-07 15:42 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-04-07 15:42 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-04-07 15:42 . 1998-11-18 14:33 144,384 --a------ C:\WINDOWS\system32\Iacenc.dll
2008-04-07 15:42 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-04-07 15:42 . 2004-05-18 19:16 39,936 --a------ C:\WINDOWS\system32\huffyuv.dll
2008-04-07 15:42 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-04-07 15:41 . 2008-04-07 15:41 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-07 15:41 . 2008-03-04 12:33 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-04-07 15:41 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-04-06 23:44 . 2008-04-06 23:44 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-06 23:14 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-06 23:14 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-06 23:14 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-06 23:14 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-06 23:14 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-06 23:14 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-06 23:14 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-06 03:05 . 2008-04-06 03:05 <DIR> d-------- C:\Program Files\Common Files\SONY Digital Images
2008-04-06 03:05 . 2008-04-27 03:05 25 ---h----- C:\WINDOWS\sysdws.dat
2008-04-06 01:11 . 2008-04-06 01:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-06 00:27 . 2008-04-06 16:36 10,128 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-05 20:29 . 2008-04-05 20:29 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-04-05 20:28 . 2008-04-05 20:28 <DIR> d----c--- C:\Documents and Settings\PAOLOG~1~FLE\LOCALS~1
2008-04-05 20:28 . 2008-04-06 14:31 <DIR> d----c--- C:\Documents and Settings\PAOLOG~1~FLE
2008-04-05 20:28 . 2008-04-05 20:28 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\InterVideo
2008-04-05 20:28 . 2007-03-06 11:58 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-04-05 20:28 . 2007-03-06 11:58 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-04-05 20:28 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-04-05 20:28 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-04-05 20:28 . 2007-03-06 11:58 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-04-05 20:28 . 2007-03-06 11:58 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-04-05 20:27 . 2008-04-05 20:27 <DIR> d-------- C:\Program Files\Windows Media Components
2008-04-05 13:17 . 2008-04-05 13:17 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\CyberLink
2008-04-04 22:23 . 2008-04-04 22:23 <DIR> d----c--- C:\My Video
2008-04-04 22:22 . 2008-04-04 22:23 <DIR> d----c--- C:\Jmw9.tmp
2008-04-04 21:44 . 2008-04-04 21:44 <DIR> d----c--- C:\JmwC0.tmp
2008-04-04 21:42 . 2008-04-04 21:44 <DIR> d----c--- C:\JmwBA.tmp
2008-04-04 12:03 . 2008-04-04 13:00 669,374,748 --a--c--- C:\TV_EWTN_20080323_045951.wmv.MPG
2008-04-03 16:31 . 2008-04-03 17:20 623,935,900 --a--c--- C:\TV_EWTN_20080206_234457.wmv.MPG
2008-04-03 01:09 . 2008-04-03 01:09 <DIR> d-------- C:\Program Files\uTorrent
2008-04-03 01:08 . 2008-04-17 09:36 <DIR> d-------- C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\uTorrent
2008-04-01 23:05 . 2008-04-01 23:08 <DIR> d-------- C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\Xfire
2008-04-01 13:57 . 2008-04-01 13:57 <DIR> d-------- C:\Program Files\Windows SteadyState
2008-04-01 03:42 . 2008-04-01 03:42 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-04-01 03:42 . 2008-04-01 03:42 <DIR> d-------- C:\WINDOWS\system32\bits
2008-04-01 03:42 . 2008-04-01 03:42 <DIR> d-------- C:\WINDOWS\l2schemas
2008-04-01 03:29 . 2008-03-21 04:06 291,328 --a------ C:\WINDOWS\system32\qagentrt.dll
2008-04-01 03:29 . 2008-03-21 04:06 150,528 --a------ C:\WINDOWS\system32\qagent.dll
2008-04-01 03:29 . 2008-03-21 04:06 144,384 --a------ C:\WINDOWS\system32\onex.dll
2008-04-01 03:29 . 2008-03-21 04:06 76,800 --a------ C:\WINDOWS\system32\qutil.dll
2008-04-01 03:29 . 2008-03-21 04:06 69,120 --a------ C:\WINDOWS\system32\wlanapi.dll
2008-04-01 03:29 . 2008-03-21 04:06 62,464 --a------ C:\WINDOWS\system32\qcliprov.dll
2008-04-01 03:29 . 2008-03-21 04:06 61,952 --a------ C:\WINDOWS\system32\rasqec.dll
2008-04-01 03:29 . 2008-03-21 04:06 50,688 --a------ C:\WINDOWS\system32\tspkg.dll
2008-04-01 03:29 . 2008-03-21 04:06 32,768 --a------ C:\WINDOWS\system32\setupn.exe
2008-04-01 03:29 . 2008-03-20 22:03 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-04-01 02:37 . 2008-04-01 02:37 85 --a------ C:\WINDOWS\system32\Temp.wdp
2008-04-01 02:37 . 2008-04-01 02:37 0 --a------ C:\WINDOWS\system32\Undo.wdp
2008-04-01 02:37 . 2008-04-01 02:37 0 --a------ C:\WINDOWS\system32\Retain.wdp
2008-04-01 02:37 . 2008-04-01 02:37 0 --a------ C:\WINDOWS\system32\Overlay.wdp
2008-04-01 02:37 . 2008-04-01 02:37 0 --a------ C:\WINDOWS\system32\Enabled.wdp
2008-04-01 02:37 . 2008-04-01 02:37 0 --a------ C:\WINDOWS\system32\Enable.wdp
2008-04-01 02:37 . 2008-04-01 02:37 0 --a------ C:\WINDOWS\system32\Disable.wdp
2008-04-01 02:37 . 2008-04-01 02:37 0 --a------ C:\WINDOWS\system32\Commit.wdp
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-25 17:36 . 2008-03-25 17:36 <DIR> d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\CyberLink
2008-03-25 03:15 . 2008-03-25 03:15 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\CyberLink
2008-03-25 00:45 . 2008-04-09 18:57 <DIR> d----c--- C:\MyWorks
2008-03-25 00:44 . 2008-04-09 16:00 10,328 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-25 00:44 . 2008-04-06 13:12 56 -r-hs---- C:\WINDOWS\system32\F1B71B0D81.sys
2008-03-24 22:52 . 2008-04-19 15:47 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-24 21:10 . 2007-03-02 17:55 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-03-23 22:08 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-03-23 22:08 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-03-20 14:32 . 2008-03-20 14:32 <DIR> d-------- C:\Program Files\Microsoft Application Compatibility Toolkit 5
2008-03-20 14:17 . 2008-03-20 14:17 <DIR> d-------- C:\Program Files\CPU-Control
2008-03-20 14:17 . 2008-03-20 14:17 <DIR> d-------- C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\CPUControl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-19 08:15 --------- d-----w C:\Program Files\McAfee
2008-04-15 17:52 --------- d-----w C:\Program Files\QuickTime
2008-04-14 22:13 --------- d-----w C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\Ulead Systems
2008-04-14 14:42 --------- d-----w C:\Program Files\DivX
2008-04-14 14:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-14 14:38 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Ulead Systems
2008-04-14 10:26 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\SiteAdvisor
2008-04-12 16:58 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-04-12 04:17 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-04-12 04:12 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
2008-04-11 15:12 --------- d-----w C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\LimeWire
2008-04-11 05:14 --------- d-----w C:\Program Files\Lx_cats
2008-04-09 18:18 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-04-09 18:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-08 15:38 --------- d-----w C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\SiteAdvisor
2008-04-06 05:14 --------- d-----w C:\Program Files\CyberLink
2008-03-25 12:26 --------- d-----w C:\Program Files\Network Password Recovery
2008-03-24 18:55 --------- d-----w C:\Program Files\Chikka V4
2008-03-24 17:59 --------- d-----w C:\Documents and Settings\Paolo Guanco.FLECHAS-YTEKYFC\Application Data\Cyberlink
2008-03-24 17:01 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2008-03-23 14:55 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-23 14:54 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-03-23 14:19 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-23 14:18 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead
2008-03-23 14:18 --------- d-----w C:\Program Files\Ahead
2008-03-23 08:46 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-03-23 08:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-20 20:07 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-03-20 20:07 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-03-20 20:07 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-03-20 20:07 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-03-20 20:06 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-03-20 20:06 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-03-20 20:06 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-03-20 20:06 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-03-20 20:06 32,866 ----a-w C:\WINDOWS\slrundll.exe
2008-03-20 20:06 3,901 ----a-w C:\WINDOWS\system32\drivers\siint5.dll
2008-03-20 20:06 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-03-20 20:06 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-03-20 20:06 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-03-20 20:06 11,325 ----a-w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-03-20 20:06 10,752 ----a-w C:\WINDOWS\hh.exe
2008-03-20 20:06 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-03-20 14:51 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-03-20 14:42 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-03-20 14:42 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-03-20 14:42 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-03-20 14:42 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-03-20 14:41 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-03-20 14:41 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-03-20 14:41 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-03-20 14:41 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-03-20 14:41 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-03-20 14:40 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-03-20 14:39 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-03-20 14:39 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-03-20 14:39 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-03-20 14:38 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-03-20 14:38 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-03-20 14:38 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-03-20 14:37 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-03-20 14:37 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-03-20 14:37 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-03-20 14:36 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-03-20 14:36 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-03-20 14:21 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-03-20 14:21 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-03-20 14:21 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-03-20 14:18 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-03-20 14:18 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-03-20 14:18 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-03-20 14:18 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-03-20 14:18 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-03-20 14:18 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-03-20 14:18 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-03-20 14:17 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-03-20 14:17 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-03-20 14:17 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-03-20 14:17 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-03-20 14:17 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-03-20 14:17 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-03-20 14:16 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-03-20 14:16 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-03-20 14:16 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-03-20 14:16 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-03-20 14:15 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-03-20 14:14 88,192 ----a-w C:\WINDOWS\system32\drivers\irda.sys
2008-03-20 14:14 22,016 ----a-w C:\WINDOWS\system32\drivers\msircomm.sys
2008-03-20 14:14 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-03-20 14:13 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-03-20 14:13 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-03-20 14:13 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-03-20 14:13 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-03-20 14:11 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-03-20 14:11 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-03-20 14:11 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-03-20 14:11 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-03-20 14:11 101,120 ----a-w C:\WINDOWS\system32\drivers\bthpan.sys
2008-03-20 14:10 85,248 ----a-w C:\WINDOWS\system32\drivers\nabtsfec.sys
2008-03-20 14:10 59,136 ----a-w C:\WINDOWS\system32\drivers\rfcomm.sys
2003-01-13 03:20 278,528 ----a-w C:\Program Files\internet explorer\plugins\PanoViewer.dll
1999-04-30 08:00 98,304 ----a-w C:\Program Files\internet explorer\plugins\UPjpeg.dll
2005-07-14 18:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\20080409 ----

C:\20080409\

---- Directory of C:\20080414 ----

2008-04-15 22:06 126976 --ahsc--- C:\20080414\Thumbs.db
2008-04-14 18:48 313562 --a--c--- C:\20080414\14042008580.jpg
2008-04-14 18:48 291361 --a--c--- C:\20080414\14042008581.jpg
2008-04-14 15:07 331889 --a--c--- C:\20080414\14042008579.jpg
2008-04-14 15:00 305042 --a--c--- C:\20080414\14042008578.jpg
2008-04-14 14:59 363439 --a--c--- C:\20080414\14042008577.jpg
2008-04-14 03:22 9152 --a--c--- C:\20080414\IMG0099A.jpg
2008-04-14 03:21 9713 --a--c--- C:\20080414\IMG0101A.jpg
2008-04-14 03:20 9381 --a--c--- C:\20080414\IMG0104A.jpg
2008-04-14 01:59 18240392 --a--c--- C:\20080414\14042008088.mp4
2008-04-14 01:59 18240392 --a--c--- C:\20080414\14042008088(1).mp4
2008-04-14 01:42 275185 --a--c--- C:\20080414\14042008576.jpg
2008-04-14 01:42 271943 --a--c--- C:\20080414\14042008575.jpg
2008-04-14 01:42 270427 --a--c--- C:\20080414\14042008574.jpg
2008-04-14 01:42 267170 --a--c--- C:\20080414\14042008573.jpg
2008-04-14 01:38 326717 --a--c--- C:\20080414\14042008572.jpg
2008-04-14 01:37 345872 --a--c--- C:\20080414\14042008571.jpg
2008-04-14 01:31 284457 --a--c--- C:\20080414\14042008570.jpg
2008-04-14 01:13 289022 --a--c--- C:\20080414\14042008569.jpg
2008-04-14 01:13 286024 --a--c--- C:\20080414\14042008568.jpg
2008-04-14 00:35 3565954 --a--c--- C:\20080414\14042008087.mp4
2008-04-14 00:35 3565954 --a--c--- C:\20080414\14042008087(1).mp4
2008-04-14 00:31 4546735 --a--c--- C:\20080414\14042008086.mp4
2008-04-14 00:19 278764 --a--c--- C:\20080414\14042008565.jpg
2008-04-14 00:16 273456 --a--c--- C:\20080414\14042008564.jpg
2008-04-14 00:14 274344 --a--c--- C:\20080414\14042008563.jpg
2008-04-14 00:11 2345466 --a--c--- C:\20080414\14042008085.mp4
2008-04-14 00:11 2345466 --a--c--- C:\20080414\14042008085(1).mp4
2008-04-13 22:03 8475740 --a--c--- C:\20080414\13042008084.mp4
2008-04-13 21:12 20102103 --a--c--- C:\20080414\13042008083.mp4
2008-04-13 21:03 8716712 --a--c--- C:\20080414\13042008082.mp4
2008-04-13 20:56 4565773 --a--c--- C:\20080414\13042008081.mp4

((((((((((((((((((((((((((((( snapshot_2008-04-15_12.53.01.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-16 05:42:40 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
+ 2008-04-19 11:21:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-24 11:33:02 1,527,056 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2005-10-20 12:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-03-13 18:13:07 2,560 ----a-r C:\WINDOWS\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-03-13 18:16:23 2,560 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-03-20 06:32:43 2,862 ----a-r C:\WINDOWS\Installer\{BBB3F622-D848-4CDA-B282-CC53627432F0}\CompatAdmin.exe
+ 2008-03-20 06:32:43 2,862 ----a-r C:\WINDOWS\Installer\{BBB3F622-D848-4CDA-B282-CC53627432F0}\SetupAnalysis.exe
+ 2008-03-20 06:32:43 2,862 ----a-r C:\WINDOWS\Installer\{BBB3F622-D848-4CDA-B282-CC53627432F0}\SUAnalyzer.exe
+ 2008-03-20 06:32:43 2,862 ----a-r C:\WINDOWS\Installer\{BBB3F622-D848-4CDA-B282-CC53627432F0}\SUAnalyzerIcon.exe
+ 2008-03-20 06:32:43 2,862 ----a-r C:\WINDOWS\Installer\{BBB3F622-D848-4CDA-B282-CC53627432F0}\TestTool.exe
+ 2008-01-18 15:13:09 2,247 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscdsbl.bat
+ 2005-10-05 03:03:47 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\1VRVZJF9.DAT
+ 2005-10-05 03:03:46 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\3FP3HZND.DAT
+ 2005-10-06 00:24:44 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\8ZDZ7DZX.DAT
+ 2005-10-05 03:03:53 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\AX3XNPRX.DAT
+ 2005-10-06 00:24:42 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\AXNLBP39.DAT
+ 2005-10-06 00:25:01 2,232 -c--a-w C:\WINDOWS\java\Packages\Data\D775B3DB.DAT
+ 2005-10-06 00:24:45 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\DR3Z9F3D.DAT
+ 2005-10-05 03:03:58 2,232 -c--a-w C:\WINDOWS\java\Packages\Data\HV7FR1ZD.DAT
+ 2005-12-06 17:11:27 2,814 -c--a-w C:\WINDOWS\java\Packages\Data\R1ZZD3LJ.DAT
+ 2005-10-05 03:03:45 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\UCMHJXJV.DAT
+ 2005-10-06 00:24:43 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\XJZTNZTN.DAT
+ 2005-10-06 00:24:54 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\Z5J3JB5V.DAT
+ 2005-10-05 03:03:46 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\ZXNHRJ93.DAT
+ 2007-10-11 01:55:14 2,560 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2005-09-22 19:41:50 2,560 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\VJSharp\VJSharpSxS10.dll
+ 2007-03-22 14:12:28 2,855 -c--a-w C:\WINDOWS\PIF\COMMAND.PIF
+ 2008-03-20 20:19:44 1,804 ------w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2008-03-20 14:08:39 2,944 ------w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2008-03-20 12:22:19 2,560 ------w C:\WINDOWS\ServicePackFiles\i386\iconlib.dll
+ 2008-01-18 15:13:09 2,247 ------w C:\WINDOWS\ServicePackFiles\i386\tscdsbl.bat
+ 2001-08-23 12:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2001-08-23 12:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV
+ 2001-08-23 12:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV
+ 2001-08-23 12:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV
- 2008-04-15 03:01:27 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-19 10:52:35 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-15 03:01:27 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-19 10:52:35 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-20 20:19:44 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
+ 2001-08-17 05:12:12 2,944 -c--a-w C:\WINDOWS\system32\dllcache\brfilt.sys
+ 2001-08-23 12:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
+ 2001-08-23 12:00:00 2,560 -c--a-w C:\WINDOWS\system32\dllcache\lz32.dll
+ 2001-08-23 12:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
+ 2001-08-17 14:00:04 2,944 -c--a-w C:\WINDOWS\system32\dllcache\msmpu401.sys
+ 2001-08-23 12:00:00 2,944 -c--a-w C:\WINDOWS\system32\dllcache\null.sys
+ 2001-08-23 12:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
+ 2001-08-23 12:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
+ 2001-08-23 12:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll
+ 2001-08-23 12:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe
+ 2001-08-23 12:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe
+ 2006-10-17 19:00:00 2,432 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
+ 2006-10-17 19:00:00 2,560 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
+ 2008-03-20 14:08:39 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2001-08-17 14:00:04 2,944 ----a-w C:\WINDOWS\system32\drivers\msmpu401.sys
+ 2001-08-23 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
- 2008-04-15 04:00:15 221,021 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-04-19 11:26:33 221,019 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2001-08-23 12:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
+ 2001-08-23 12:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
- 2008-03-07 18:12:12 74,137 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-04-15 14:19:42 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2004-04-10 01:42:36 2,944 ----a-w C:\WINDOWS\system32\mbmiodrvr.sys
+ 2001-08-23 12:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
+ 2001-08-23 12:00:00 2,656 ----a-w C:\WINDOWS\system32\netware.drv
+ 2000-10-25 20:27:24 3,000 ----a-r C:\WINDOWS\system32\SetupNT.sys
+ 2001-08-23 12:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
+ 2001-08-30 08:06:54 2,048 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\bvrpwf2000.dll
+ 2007-02-05 07:24:38 2,048 ----a-w C:\WINDOWS\system32\UncRes.dll
+ 2008-03-20 12:22:19 2,560 ----a-w C:\WINDOWS\system32\usmt\iconlib.dll
+ 2001-08-23 12:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
+ 2001-08-23 12:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
+ 2001-08-23 12:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
+ 2001-08-23 12:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe
+ 2008-04-19 11:22:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_2b8.dat
+ 2008-04-19 11:23:18 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_908.dat
+ 2008-04-19 11:23:00 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_aa0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@={8D2223A2-B3C6-4e32-B096-CDD11F628C60}

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 13:04 97064 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 05:22 3739648]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-20 04:13 486856]
"AlcoholAutomount"="I:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 23:58 217544]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-03-21 04:06 15360]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 21:08 136136]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 14:08 2289664]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"Power2GoExpress"="" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-11-06 19:51 3810544]
"PC Suite Tray"="F:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296]
"Nokia.PCSync"="F:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-13 08:34 8466432]
"WheelMouse"="C:\PROGRAM FILES\A4Tech\Mouse\Amoumain.exe" [2002-12-27 16:48 159744]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32 208952]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-07-13 08:34 81920]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-04-23 19:19 2165536]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"TV Card Remote Control Device Monitor"="C:\WINDOWS\713xRMT.exe" [2007-09-14 04:00 466944]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 11:12 16062464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 05:49 106544 C:\WINDOWS\system32\tweakui.cpl]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-06-22 07:12 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 04:21 69632]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"SecurDisc"="C:\Program Files\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 13:04 2049320]
"InCD"="C:\Program Files\Nero\Nero8\InCD\InCD.exe" [2008-02-28 13:03 1083176]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-27 20:00 185896]
"PCMService"="E:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2007-10-16 13:21 159744]
"CLMLServer"="E:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" [2007-09-27 23:10 122880]
"Power2GoExpress"="E:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" [2007-09-29 16:53 2680104]
"CLJ"="0 (0x0)" []
"Bubble"="C:\Program Files\Windows SteadyState\Bubble.exe" [2007-06-05 15:56 64000]
"UVS11 Preload"="E:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 13:55 341232]
"UpdatePPShortCut"="E:\Program Files\CyberLink\PowerProducer\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-02-21 21:04 222504]
"NokiaMServer"="C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"Corel Photo Downloader"="F:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe" [2007-08-17 11:50 483144]
"muBlinder"="C:\muBlinder\muBlinder.exe" [2008-03-27 19:29 1406464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-07 13:06 5181440]
"Nokia.PCSync"="F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-03-21 04:06 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 22:59 44544]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-12-26 15:30:14 1183744]
Start GetRight.lnk - G:\Program Files\GetRight\GetRight.exe [2005-11-10 02:35:10 4596808]
TV Expert Schedule Agent.lnk - C:\Program Files\TV Expert\ADTVScheduleAgent.exe [2007-12-25 12:11:15 35840]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"GreyMSIAds"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= H:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 15:18 49152]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= F:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
F:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 F:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windows SteadyState]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Onfolio Server.lnk]
backup=C:\WINDOWS\pss\Onfolio Server.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^TV Expert Schedule Agent.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\TV Expert Schedule Agent.lnk
backup=C:\WINDOWS\pss\TV Expert Schedule Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Ulead Photo Express 4.0 SE Calendar Checker .lnk]
backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
--a------ 2006-11-08 20:29 226904 C:\Program Files\Dealio\DealioAU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a--c--- 2005-01-20 10:19 299008 C:\Program Files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcwPVRReset]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--------- 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\muBlinder]
--a--c--- 2006-11-14 17:02 651264 J:\Downloads\muBlinder\muBlinder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-05-30 12:14 98304 C:\WINDOWS\system32\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Cleaner]
--a------ 2006-09-30 20:09 122880 C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-09-07 15:51 49263 F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-07-27 20:00 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
--a------ 2003-02-27 18:48 45056 E:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-11-06 19:51 3810544 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NProtectService"=2 (0x2)
"MWLSvc"=3 (0x3)
"MSK80Service"=2 (0x2)
"MDM"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
"a2free"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Tweak UI"="RUNDLL32.EXE" TWEAKUI.CPL,TweakMeUp
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"nwiz"=nwiz.exe /install
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
"AcronisTimounterMonitor"=C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
"MaxBlastMonitor.exe"=C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
"OSSelectorReinstall"=C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"F:\\Program Files\\LimeWire\\LimeWire.exe"=
"F:\\Program Files\\Skype\\Phone\\Skype.exe"=
"E:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"F:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"E:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"E:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"E:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"G:\\Program Files\\GetRight\\GetRight.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"1723:TCP"= 1723:TCP

xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP

xpsp2res.dll,-22016
"500:UDP"= 500:UDP

xpsp2res.dll,-22017
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP

eer Name Resolution Protocol (PNRP)
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"43840:TCP"= 43840:TCP:72.20.34.145/255.255.255.255:Enabled:UTottent 1

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 22:42]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 20:22]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 17:39]
R2 A4SII300;A4SII300;C:\WINDOWS\system32\drivers\A4SII300.SYS [1998-02-26 15:10]
R2 Prvflder;Prvflder;C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 08:22]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-03-21 04:06]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2008-03-21 04:06]
R2 Windows SteadyState;Windows SteadyState Service;"C:\Program Files\Windows SteadyState\SCTSvc.exe" [2007-06-05 15:56]
R3 3xHybrid;SAA713x TV Card Service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2007-08-16 04:00]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2002-12-31 19:35]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 05:54]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-03-20 22:07]
S2 Ca536av;DV 5100M(Video);C:\WINDOWS\system32\Drivers\Ca536av.sys [2003-09-05 13:47]
S2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 13:04]
S2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2005-02-16 16:06]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2006-12-31 00:44]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 12:41]
S3 iadusb;Prolink H9200 USB LAN Modem;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2004-07-02 16:20]
S3 iteio;iteio;C:\WINDOWS\system32\drivers\iteio.sys [1999-08-30 19:49]
S3 merger;merger;"C:\Program Files\Microsoft Application Compatibility Toolkit\Application Analyzer\merger.exe" [2005-09-27 10:33]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-03 05:10]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2008-03-21 04:06]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2008-03-21 04:06]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2008-03-21 04:06]
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2008-03-21 04:06]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 USBCamera;DV 5100M(Still);C:\WINDOWS\system32\Drivers\Bulk536.sys [2003-05-14 17:28]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"F:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17623a00-55ec-11dc-ba5c-101111111111}]
\Shell\AutoRun\command - Y:\RunGame.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 09:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- F:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-04-19 09:41:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-19 12:12:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-14 17:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2008-03-31 17:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
"2008-04-19 11:24:07 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-07-08 03:36:27 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- F:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
"2008-04-16 08:00:00 C:\WINDOWS\Tasks\{1C18B552-499D-478A-8867-CA8C592E4BC8}_FLECHAS-YTEKYFC_Paolo Guanco.job"
"2008-04-04 08:00:00 C:\WINDOWS\Tasks\{5AE149DF-A087-418C-9974-0353AF8D99EB}_FLECHAS-YTEKYFC_Paolo Guanco.job"
"2008-04-18 01:00:00 C:\WINDOWS\Tasks\{91CB59F4-F085-457D-B57E-A77F27D35E94}_FLECHAS-YTEKYFC_Paolo Guanco.job"
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-19 19:53:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CLJ = 63

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
H:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\snmp.exe
I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\searchindexer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-04-19 20:15:57 - machine was rebooted [Paolo Guanco]
ComboFix-quarantined-files.txt 2008-04-19 12:15:03
ComboFix2.txt 2008-04-15 04:53:53
ComboFix3.txt 2008-04-13 07:43:36
ComboFix4.txt 2008-04-10 14:40:40
ComboFix5.txt 2008-04-06 17:39:18

Pre-Run: 17,437,143,040 bytes free
Post-Run: 17,632,870,400 bytes free

720 --- E O F --- 2008-04-18 03:53:17

Blade81 · Apr 19, 2008

Ok. Please post Malwarebytes' Anti-Malware log and a fresh hjt log too when ready

condotiere · Apr 19, 2008

Malwarebytes log

Malwarebytes' Anti-Malware 1.11
Database version: 656

Scan type: Full Scan (C:\|P:\|)
Objects scanned: 233219
Time elapsed: 1 hour(s), 23 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{f663b917-591f-4172-8d87-3d7d729007ca} (Adware.Batco) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d279bc2b-a85b-4559-8fd9-ddc55f5d402d} (Adware.Batco) -> No action taken.
HKEY_CURRENT_USER\Software\BATCO (Adware.Batco) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Batco (Adware.Batco) -> No action taken.
HKEY_CLASSES_ROOT\AppID\bat.DLL (Adware.Batco) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bat (Adware.Batco) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bat (Adware.Batco) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{A1BF4149-F31E-4E39-8AD9-44B8BC93389E}\RP1\A0001094.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{A1BF4149-F31E-4E39-8AD9-44B8BC93389E}\RP1\A0001095.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{A1BF4149-F31E-4E39-8AD9-44B8BC93389E}\RP1\A0001096.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{A1BF4149-F31E-4E39-8AD9-44B8BC93389E}\RP15\A0005138.exe (Adware.Rabio) -> No action taken.
C:\System Volume Information\_restore{A1BF4149-F31E-4E39-8AD9-44B8BC93389E}\RP15\A0005272.exe (Adware.Rabio) -> No action taken.

condotiere · Apr 19, 2008

HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:06:35 AM, on 4/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows SteadyState\SCTSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
h:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VDOTool\TBPanel.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\713xRMT.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\TV Expert\ADTVScheduleAgent.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dllhost.exe
F:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn15\yt.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - G:\Program Files\GetRight\xx2gr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn15\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: PimpFish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - F:\Program Files\PimpFish\PimpFish.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WheelMouse] "C:\PROGRAM FILES\A4Tech\Mouse\Amoumain.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMT.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCMService] "E:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [CLMLServer] "E:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [Power2GoExpress] "E:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKLM\..\Run: [Bubble] "%ProgramFiles%\Windows SteadyState\Bubble.exe"
O4 - HKLM\..\Run: [UVS11 Preload] E:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [UpdatePPShortCut] "E:\Program Files\CyberLink\PowerProducer\PowerProducer\MUITransfer\MUIStartMenu.exe" "E:\Program Files\CyberLink\PowerProducer\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Corel Photo Downloader] "F:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [muBlinder] C:\muBlinder\muBlinder.exe -startup
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "I:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PC Suite Tray] "F:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "F:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Start GetRight.lnk = G:\Program Files\GetRight\GetRight.exe
O4 - Global Startup: TV Expert Schedule Agent.lnk = C:\Program Files\TV Expert\ADTVScheduleAgent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download with GetRight - G:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Download with GetRight Pro - G:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: ImTranslator - G:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html
O8 - Extra context menu item: Open With GetRight Browser - G:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - G:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: PimpFish Grab movies on this page - F:\Program Files\PimpFish\GRABPAGEMOVIES.HTM
O8 - Extra context menu item: PimpFish Grab pictures on this page - F:\Program Files\PimpFish\GRABPAGEPICS.HTM
O8 - Extra context menu item: PimpFish Grab pictures this page links to - F:\Program Files\PimpFish\GRABPAGELINKS.HTM
O8 - Extra context menu item: PimpFish Grab Target File - F:\Program Files\PimpFish\GRABLINK.HTM
O8 - Extra context menu item: PimpFish Grab This Picture - F:\Program Files\PimpFish\GRABPIC.HTM
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~2\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~2\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~2\inetrepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Bug Swatter Options - {99FEA1A2-7881-11D1-A9E2-00403320FCF2} - G:\Program Files\Desktop Armor\GeekSuperheroX.dll
O9 - Extra button: Popup Slapdown Options - {A1100DDB-B277-4CAA-A640-B299D79FE25E} - G:\Program Files\Desktop Armor\GeekSuperheroX.dll
O9 - Extra button: Phishing Net Options - {B1100DDB-B277-4CAA-A640-B299D79FE25E} - G:\Program Files\Desktop Armor\GeekSuperheroX.dll
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb101\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - G:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O9 - Extra 'Tools' menuitem: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - G:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O15 - Trusted Zone: http://www.americanpapist.com
O15 - Trusted Zone: *.brdatahost.com
O15 - Trusted Zone: *.pnb.com.ph
O15 - Trusted Zone: http://blogs.www.friendster.com
O15 - Trusted Zone: mobs.friendster.com
O15 - Trusted Zone: http://pmguanco.blogs.friendster.com
O15 - Trusted Zone: http://www.friendster.com
O15 - Trusted Zone: *.friendster.com
O15 - Trusted Zone: *.gmail.com
O15 - Trusted Zone: http://*.manilatonight.com
O15 - Trusted Zone: http://rs138.rapidshare.com
O15 - Trusted Zone: *.rapidshare.com
O15 - Trusted Zone: http://www.youtube.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab?v=13,0,1609,00
O16 - DPF: {083DB4B1-8108-42E3-AC45-A042C1631CA3} (ImportCtl Class) - http://www.wayn.com/activex/WAYNImportOE.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155832873916
O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} - http://www.friendster.com/emailimport/ms/emailimport.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - F:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - E:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - E:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - h:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - F:\Program Files\Zenturi\ProgramChecker\sassvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\SPEEDD~1\nopdb.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 22164 bytes

Blade81 · Apr 19, 2008

Hi

You need to run Malwarebytes' anti-malware again and fix those findings. Looks like you didn't fix them last time.

Start hjt, do a system scan, check:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O24 - Desktop Component 0: (no name) - (no file)

if any of these is not added by yourself or don't recognize the address check the entry:
O15 - Trusted Zone: http://www.americanpapist.com
O15 - Trusted Zone: *.brdatahost.com
O15 - Trusted Zone: *.pnb.com.ph
O15 - Trusted Zone: http://blogs.www.friendster.com
O15 - Trusted Zone: mobs.friendster.com
O15 - Trusted Zone: http://pmguanco.blogs.friendster.com
O15 - Trusted Zone: http://www.friendster.com
O15 - Trusted Zone: *.friendster.com
O15 - Trusted Zone: http://*.manilatonight.com

Close browsers and fix checked hjt entries.

Reboot and post a fresh hjt log & Malwarebytes' anti-malware report.

condotiere · Apr 20, 2008

Blade,

I added those sites to the trusted zone. Malwarebyte already fixed the findings. the log I posted is the one generated before I fixed the findings.

condotiere · Apr 20, 2008

HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:40 PM, on 4/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows SteadyState\SCTSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
h:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\713xRMT.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\TV Expert\ADTVScheduleAgent.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn15\yt.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - G:\Program Files\GetRight\xx2gr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn15\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: PimpFish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - F:\Program Files\PimpFish\PimpFish.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WheelMouse] "C:\PROGRAM FILES\A4Tech\Mouse\Amoumain.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMT.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCMService] "E:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [CLMLServer] "E:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [Power2GoExpress] "E:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKLM\..\Run: [Bubble] "%ProgramFiles%\Windows SteadyState\Bubble.exe"
O4 - HKLM\..\Run: [UVS11 Preload] E:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [UpdatePPShortCut] "E:\Program Files\CyberLink\PowerProducer\PowerProducer\MUITransfer\MUIStartMenu.exe" "E:\Program Files\CyberLink\PowerProducer\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Corel Photo Downloader] "F:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [muBlinder] C:\muBlinder\muBlinder.exe -startup
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "I:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PC Suite Tray] "F:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "F:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Start GetRight.lnk = G:\Program Files\GetRight\GetRight.exe
O4 - Global Startup: TV Expert Schedule Agent.lnk = C:\Program Files\TV Expert\ADTVScheduleAgent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download with GetRight - G:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Download with GetRight Pro - G:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: ImTranslator - G:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html
O8 - Extra context menu item: Open With GetRight Browser - G:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - G:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: PimpFish Grab movies on this page - F:\Program Files\PimpFish\GRABPAGEMOVIES.HTM
O8 - Extra context menu item: PimpFish Grab pictures on this page - F:\Program Files\PimpFish\GRABPAGEPICS.HTM
O8 - Extra context menu item: PimpFish Grab pictures this page links to - F:\Program Files\PimpFish\GRABPAGELINKS.HTM
O8 - Extra context menu item: PimpFish Grab Target File - F:\Program Files\PimpFish\GRABLINK.HTM
O8 - Extra context menu item: PimpFish Grab This Picture - F:\Program Files\PimpFish\GRABPIC.HTM
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~2\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~2\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~2\inetrepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Bug Swatter Options - {99FEA1A2-7881-11D1-A9E2-00403320FCF2} - G:\Program Files\Desktop Armor\GeekSuperheroX.dll
O9 - Extra button: Popup Slapdown Options - {A1100DDB-B277-4CAA-A640-B299D79FE25E} - G:\Program Files\Desktop Armor\GeekSuperheroX.dll
O9 - Extra button: Phishing Net Options - {B1100DDB-B277-4CAA-A640-B299D79FE25E} - G:\Program Files\Desktop Armor\GeekSuperheroX.dll
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb101\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - G:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O9 - Extra 'Tools' menuitem: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - G:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O15 - Trusted Zone: http://www.americanpapist.com
O15 - Trusted Zone: *.brdatahost.com
O15 - Trusted Zone: *.pnb.com.ph
O15 - Trusted Zone: http://blogs.www.friendster.com
O15 - Trusted Zone: mobs.friendster.com
O15 - Trusted Zone: http://pmguanco.blogs.friendster.com
O15 - Trusted Zone: http://www.friendster.com
O15 - Trusted Zone: *.friendster.com
O15 - Trusted Zone: *.gmail.com
O15 - Trusted Zone: http://*.manilatonight.com
O15 - Trusted Zone: http://rs138.rapidshare.com
O15 - Trusted Zone: *.rapidshare.com
O15 - Trusted Zone: http://www.youtube.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab?v=13,0,1609,00
O16 - DPF: {083DB4B1-8108-42E3-AC45-A042C1631CA3} (ImportCtl Class) - http://www.wayn.com/activex/WAYNImportOE.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155832873916
O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} - http://www.friendster.com/emailimport/ms/emailimport.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0231491208675933) (0231491208675933mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\023149~1.EXE
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - F:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - E:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - E:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - h:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - F:\Program Files\Zenturi\ProgramChecker\sassvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\SPEEDD~1\nopdb.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 22102 bytes

virtumonde detected by Spybot

New member

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

New member

Security Expert: Emeritus

New member

New member