Hello,
sorry....
This time i didn't disable the spybot
ComboFix Log
ComboFix 08-07-21.2 - User 2008-07-23 6:30:28.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.613 [GMT 8:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((( Files Created from 2008-06-22 to 2008-07-22 )))))))))))))))))))))))))))))))
.
2008-07-22 17:01 . 2008-07-22 17:01 <DIR> d-------- C:\Documents and Settings\User\Application Data\Sony
2008-07-22 17:01 . 2008-07-22 17:01 <DIR> d-------- C:\Documents and Settings\User\Application Data\Publish Providers
2008-07-22 16:57 . 2008-07-22 16:57 <DIR> d-------- C:\Program Files\Vstplugins
2008-07-22 16:57 . 2008-07-22 16:57 <DIR> d-------- C:\Program Files\Sony
2008-07-22 16:57 . 2008-07-22 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-07-22 16:56 . 2008-07-22 16:56 <DIR> d-------- C:\Program Files\Sony Setup
2008-07-22 04:43 . 2008-07-22 04:43 <DIR> d-------- C:\Program Files\BitDefender
2008-07-22 04:43 . 2008-07-22 04:43 <DIR> d-------- C:\Documents and Settings\User\Application Data\BitDefender
2008-07-22 04:43 . 2008-07-22 04:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-20 11:40 . 2008-07-20 11:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-20 10:00 . 2008-07-22 02:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-20 10:00 . 2008-07-22 03:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-20 09:58 . 2008-07-18 19:50 117,757 -r-hs---- C:\ivcvknr.bat
2008-07-20 08:54 . 2008-07-20 08:57 <DIR> d-------- C:\Program Files\Total Video Converter
2008-07-20 08:54 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-07-19 02:48 . 2008-07-19 02:48 <DIR> d-------- C:\Documents and Settings\User\Application Data\Media Player Classic
2008-07-19 02:35 . 2008-07-19 02:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Storm
2008-07-19 02:34 . 2008-07-19 02:34 <DIR> d-------- C:\Documents and Settings\User\Application Data\Application Data
2008-07-18 20:35 . 2008-07-18 20:35 268 --ah----- C:\sqmdata09.sqm
2008-07-18 20:35 . 2008-07-18 20:35 244 --ah----- C:\sqmnoopt09.sqm
2008-07-18 20:26 . 2008-07-18 20:28 <DIR> d-------- C:\Program Files\Chessmaster 10th Edition
2008-07-18 20:14 . 2008-07-18 20:22 <DIR> d-------- C:\Program Files\Wan Mei Online
2008-07-18 19:47 . 2008-07-18 19:47 268 --ah----- C:\sqmdata08.sqm
2008-07-18 19:47 . 2008-07-18 19:47 244 --ah----- C:\sqmnoopt08.sqm
2008-07-18 18:33 . 2008-07-18 19:10 <DIR> d-------- C:\Program Files\XoftSpySE
2008-07-18 18:14 . 2008-07-23 06:34 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-18 18:12 . 2008-07-18 18:12 268 --ah----- C:\sqmdata07.sqm
2008-07-18 18:12 . 2008-07-18 18:12 244 --ah----- C:\sqmnoopt07.sqm
2008-07-18 01:48 . 2008-07-18 01:48 268 --ah----- C:\sqmdata06.sqm
2008-07-18 01:48 . 2008-07-18 01:48 244 --ah----- C:\sqmnoopt06.sqm
2008-07-18 01:03 . 2008-07-18 01:03 268 --ah----- C:\sqmdata05.sqm
2008-07-18 01:03 . 2008-07-18 01:03 244 --ah----- C:\sqmnoopt05.sqm
2008-07-18 00:53 . 2008-07-18 00:53 268 --ah----- C:\sqmdata04.sqm
2008-07-18 00:53 . 2008-07-18 00:53 244 --ah----- C:\sqmnoopt04.sqm
2008-07-18 00:24 . 2008-07-18 00:24 268 --ah----- C:\sqmdata03.sqm
2008-07-18 00:24 . 2008-07-18 00:24 244 --ah----- C:\sqmnoopt03.sqm
2008-07-18 00:24 . 2008-07-23 06:28 121 --a------ C:\WINDOWS\bdagent.INI
2008-07-18 00:20 . 2008-07-18 00:21 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-07-18 00:12 . 2008-07-18 00:12 268 --ah----- C:\sqmdata02.sqm
2008-07-18 00:12 . 2008-07-18 00:12 244 --ah----- C:\sqmnoopt02.sqm
2008-07-17 20:03 . 2008-07-17 20:03 268 --ah----- C:\sqmdata01.sqm
2008-07-17 20:03 . 2008-07-17 20:03 244 --ah----- C:\sqmnoopt01.sqm
2008-07-17 10:18 . 2008-07-17 10:18 268 --ah----- C:\sqmdata00.sqm
2008-07-17 10:18 . 2008-07-17 10:18 244 --ah----- C:\sqmnoopt00.sqm
2008-07-09 01:25 . 2008-07-09 01:25 <DIR> d-------- C:\Program Files\Network Stumbler
2008-07-09 01:01 . 2008-07-09 01:01 <DIR> d-------- C:\Program Files\Makayama Interactive
2008-07-09 01:01 . 2004-02-06 03:53 389,120 --------- C:\WINDOWS\system32\actskn43.ocx
2008-07-09 01:01 . 2004-11-01 19:38 57,344 --------- C:\WINDOWS\system32\XButton.ocx
2008-07-08 15:12 . 2003-08-11 10:07 14,604 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-07-08 15:05 . 2008-07-08 15:05 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-07-08 03:18 . 2008-07-08 03:18 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-08 03:01 . 2008-07-08 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-07 02:11 . 2008-07-07 02:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MAGIX
2008-07-07 02:11 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-07-07 02:11 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-07-07 02:11 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-07-07 02:11 . 2003-04-18 15:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-07-07 02:11 . 2003-04-18 15:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-07-07 02:10 . 2008-07-07 02:15 <DIR> d-------- C:\Program Files\Common Files\MAGIX Shared
2008-07-07 02:09 . 2008-07-07 02:14 <DIR> d-------- C:\WINDOWS\system32\MAGIX
2008-07-07 02:09 . 2008-07-07 02:11 <DIR> d-------- C:\Program Files\MAGIX
2008-07-07 02:09 . 2002-09-20 23:33 1,089,536 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2008-07-07 02:09 . 2007-02-07 10:53 663,552 --a------ C:\WINDOWS\system32\mgxoschk.dll
2008-07-07 02:09 . 1998-10-15 16:28 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll
2008-07-07 02:09 . 1999-01-28 13:44 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2008-07-07 02:09 . 2008-07-07 02:15 5,817 --a------ C:\WINDOWS\mgxoschk.ini
2008-07-06 19:50 . 2008-07-06 19:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-07-06 15:05 . 2008-07-06 15:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-06 15:04 . 2008-07-20 01:13 <DIR> d-------- C:\Program Files\CyberLink
2008-07-06 14:22 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2008-07-06 14:22 . 2008-07-06 14:22 376 --a------ C:\WINDOWS\ODBC.INI
2008-07-06 14:20 . 2008-07-06 14:20 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-07-06 14:20 . 2008-07-06 14:20 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-07-06 14:19 . 2008-07-06 14:20 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-06 14:19 . 2008-07-20 10:01 <DIR> d-------- C:\Program Files\Microsoft Works
2008-07-06 14:17 . 2008-07-06 14:17 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-07-06 14:02 . 2008-07-06 14:02 <DIR> dr-h----- C:\MSOCache
2008-07-06 13:52 . 2008-07-11 05:28 530 --a------ C:\WINDOWS\wininit.ini
2008-07-05 18:05 . 2008-07-22 03:42 <DIR> d-------- C:\Downloads
2008-07-05 17:09 . 2001-08-23 17:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-07-05 15:20 . 2008-07-05 15:20 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-05 15:20 . 2004-08-17 08:40 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-07-05 15:04 . 2008-07-05 15:04 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-05 15:04 . 2008-07-05 15:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-07-05 14:55 . 2008-07-05 14:55 <DIR> d-------- C:\Program Files\Macromedia
2008-07-05 14:55 . 2008-07-05 14:57 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-07-05 14:54 . 2008-07-05 14:54 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-07-05 14:43 . 2008-07-05 14:43 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-07-03 21:55 . 2008-07-03 21:55 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-07-03 21:53 . 2008-07-03 21:53 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-03 21:53 . 2008-07-03 21:54 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-03 17:46 . 2008-07-03 17:46 <DIR> d-------- C:\Documents and Settings\Guest
2008-07-03 13:33 . 2008-07-13 08:23 <DIR> d-------- C:\Program Files\Xfire
2008-07-03 13:33 . 2008-07-22 04:07 <DIR> d-------- C:\Documents and Settings\User\Application Data\Xfire
2008-07-03 13:04 . 2008-04-23 12:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-03 13:04 . 2007-04-17 17:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-03 13:04 . 2007-03-08 13:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-03 13:04 . 2008-04-23 12:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-03 13:04 . 2008-04-23 12:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-03 13:04 . 2008-04-23 12:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-03 13:04 . 2008-04-23 12:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-03 13:04 . 2008-04-23 12:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-03 13:04 . 2008-04-22 15:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-03 12:16 . 2008-07-14 19:14 <DIR> d-------- C:\Program Files\IrfanView
2008-07-03 12:13 . 2008-07-03 12:13 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-07-03 12:12 . 2008-07-03 12:12 <DIR> d-------- C:\Program Files\Real
2008-07-03 11:43 . 2008-04-14 08:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-07-03 11:43 . 2008-04-14 08:11 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-07-03 06:53 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-03 06:53 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-03 06:53 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-02 12:21 . 2008-05-08 22:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-02 11:54 . 2008-07-02 11:54 <DIR> d-------- C:\Documents and Settings\User\Contacts
2008-07-02 11:47 . 2008-07-02 11:48 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-02 11:46 . 2008-07-02 11:52 <DIR> d-------- C:\Program Files\Windows Live
2008-07-02 11:46 . 2008-07-03 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-02 11:45 . 2008-06-13 19:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-02 11:43 . 2008-04-14 08:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-02 11:34 . 2008-07-02 11:34 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-02 11:34 . 2008-07-02 11:34 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-02 11:34 . 2008-07-02 11:34 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-02 11:34 . 2008-07-02 11:34 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-02 11:29 . 2008-07-02 11:29 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-02 11:07 . 2004-08-03 22:29 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-07-02 11:05 . 2004-08-03 22:29 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 16:04 --------- d-----w C:\Documents and Settings\User\Application Data\Skype
2008-07-09 16:01 --------- d-----w C:\Documents and Settings\User\Application Data\skypePM
2008-07-06 07:22 36,624 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-07-06 07:22 2,560 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-06 07:22 2,432 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-06 07:22 158,456 ------w C:\WINDOWS\system32\pxwma.dll
2008-07-03 16:56 --------- d-----w C:\Program Files\TTPlayer
2008-06-30 12:58 --------- d-----w C:\Program Files\Intel
2008-06-30 12:51 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-02 08:16 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2000-07-01 17:19 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((( snapshot@2008-07-22_ 2.11.37.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-21 20:43:59 61,440 ----a-r C:\WINDOWS\Installer\{E404EFD4-6110-413C-AD1A-D6D0F261960E}\helpicon.exe
+ 2008-07-21 20:43:59 32,768 ----a-r C:\WINDOWS\Installer\{E404EFD4-6110-413C-AD1A-D6D0F261960E}\maintenance_icon.exe
+ 2008-07-21 20:43:59 22,486 ----a-r C:\WINDOWS\Installer\{E404EFD4-6110-413C-AD1A-D6D0F261960E}\register_icon.exe
+ 2008-07-21 20:43:59 57,344 ----a-r C:\WINDOWS\Installer\{E404EFD4-6110-413C-AD1A-D6D0F261960E}\texticon.exe
+ 2006-09-28 12:52:18 655,360 ----a-w C:\WINDOWS\system32\CDDBControl.dll
+ 2006-09-28 12:52:18 98,304 ----a-w C:\WINDOWS\system32\CddbLangDE.dll
+ 2006-09-28 12:52:18 98,304 ----a-w C:\WINDOWS\system32\CddbLangES.dll
+ 2006-09-28 12:52:18 98,304 ----a-w C:\WINDOWS\system32\CddbLangFR.dll
+ 2006-09-28 12:52:18 102,400 ----a-w C:\WINDOWS\system32\CddbLangIT.dll
+ 2006-09-28 12:52:18 77,824 ----a-w C:\WINDOWS\system32\CddbLangJA.dll
+ 2006-09-28 12:52:18 98,304 ----a-w C:\WINDOWS\system32\CddbLangNL.dll
+ 2006-09-28 12:52:18 765,952 ----a-w C:\WINDOWS\system32\CDDBUI.dll
- 2008-01-07 09:41:34 196,368 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys
+ 2008-01-07 10:41:34 196,368 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys
- 2004-03-31 04:28:00 131,072 ----a-w C:\WINDOWS\system32\mapi32.dll
+ 2004-03-31 05:28:00 131,072 ----a-w C:\WINDOWS\system32\mapi32.dll
- 2002-01-04 18:48:16 974,848 ----a-w C:\WINDOWS\system32\mfc70.dll
+ 2002-01-04 19:48:16 974,848 ----a-w C:\WINDOWS\system32\mfc70.dll
- 2002-01-04 18:36:38 964,608 ----a-w C:\WINDOWS\system32\mfc70u.dll
+ 2002-01-04 19:36:38 964,608 ----a-w C:\WINDOWS\system32\mfc70u.dll
- 2003-03-18 12:20:00 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
+ 2003-03-18 13:20:00 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
- 2003-03-18 12:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
+ 2003-03-18 13:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
- 2002-01-04 18:38:38 54,784 ----a-w C:\WINDOWS\system32\msvci70.dll
+ 2002-01-04 19:38:38 54,784 ----a-w C:\WINDOWS\system32\msvci70.dll
- 2002-01-04 18:40:20 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll
+ 2002-01-04 19:40:20 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll
- 2003-03-18 11:14:52 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
+ 2003-03-18 12:14:52 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
- 2002-01-04 17:37:28 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
+ 2002-01-04 18:37:28 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
- 2003-02-20 19:42:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
+ 2003-02-20 20:42:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
- 2008-07-21 17:52:18 58,998 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-22 08:05:40 58,998 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-21 17:52:18 392,864 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-22 08:05:41 392,864 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-11-27 08:46:24 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
+ 2007-11-27 09:46:24 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
- 2007-01-31 05:50:32 913,408 ----a-w C:\WINDOWS\system32\xreglib.dll
+ 2007-01-31 06:50:32 913,408 ----a-w C:\WINDOWS\system32\xreglib.dll
+ 2006-12-01 14:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
- 2006-12-01 13:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 14:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
- 2006-12-01 13:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 14:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
- 2006-12-01 13:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-01 14:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
- 2006-12-01 15:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 16:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
- 2006-12-01 15:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 16:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
- 2006-12-01 15:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 16:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
- 2006-12-01 15:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 16:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
- 2006-12-01 15:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 16:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
- 2006-12-01 15:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 16:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
- 2006-12-01 15:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 16:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
- 2006-12-01 15:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 16:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
- 2006-12-01 15:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 16:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
- 2006-12-01 15:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 16:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
- 2006-12-01 15:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 16:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
- 2006-12-01 15:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 16:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
- 2006-12-01 15:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 16:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 16:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 08:12 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-04-16 12:51 155648]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-04-16 12:51 135168]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2007-05-21 18:27 208952]
"IMSCMIG40W"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE" [2006-03-20 16:10 25600]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-04-16 12:51 131072]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:32 455168]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:32 455168]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-27 02:30 97357]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-07-21 09:54 185896]
"TrayServer"="C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe" [2006-10-04 15:41 86016]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 15:55 222504]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-05-23 19:16 368640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 22:36]
R2 Stormser;Stormser;C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe [2008-06-20 12:35]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-06-02 16:16]
S3 0d158c78abbefe9d;0d158c78abbefe9d;C:\
0d158c78abbefe9d.dat []
S3 35c3ea389b9c8b56;35c3ea389b9c8b56;C:\35c3ea389b9c8b56.dat []
S3 6a7d1228429364ec;6a7d1228429364ec;C:\6a7d1228429364ec.dat []
S3 85f4e6c0c5a97d92;85f4e6c0c5a97d92;C:\85f4e6c0c5a97d92.dat []
S3 ff6a208451de7472;ff6a208451de7472;C:\ff6a208451de7472.dat []
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 10:12]
S3 Ptserli;PCTEL Serial Device Driver for INTEL;C:\WINDOWS\system32\DRIVERS\ptserli.sys [2001-08-17 13:28]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bec7ee0-5675-11dd-a472-001eec190b54}]
\Shell\AutoRun\command - G:\m.exe
\Shell\explore\Command - G:\m.exe
\Shell\open\Command - G:\m.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bec7ee1-5675-11dd-a472-001eec190b54}]
\Shell\AutoRun\command - H:\ivcvknr.bat
\Shell\explore\Command - H:\ivcvknr.bat
\Shell\open\Command - H:\ivcvknr.bat
*Newly Created Service* - 072C7817
*Newly Created Service* - 478B9B36
.
Contents of the 'Scheduled Tasks' folder
"2008-07-22 22:04:00 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-07-21 19:08:20 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe
HKCU-Run-winmgmt - C:\WINDOWS\system32\wmiprvse.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.msn.com
R0 -: HKLM-Main,Start Page = hxxp://www.msn.com
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{404FFF98-13CD-4E41-A886-9F02A6F4F01E}: NameServer = 202.188.0.133,202.188.1.5
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-07-23 06:34:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\
0d158c78abbefe9d]
"ImagePath"="\??\C:\
0d158c78abbefe9d.dat"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\35c3ea389b9c8b56]
"ImagePath"="\??\C:\35c3ea389b9c8b56.dat"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\6a7d1228429364ec]
"ImagePath"="\??\C:\6a7d1228429364ec.dat"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\85f4e6c0c5a97d92]
"ImagePath"="\??\C:\85f4e6c0c5a97d92.dat"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ff6a208451de7472]
"ImagePath"="\??\C:\ff6a208451de7472.dat"
.
Completion time: 2008-07-23 6:36:33
ComboFix-quarantined-files.txt 2008-07-22 22:36:24
Pre-Run: 44,969,054,208 bytes free
Post-Run: 44,940,697,600 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
354 --- E O F --- 2008-07-20 09:28:00
HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:37:54 AM, on 7/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///F:/components/hidinputmonitorx.ocx
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///F:/components/A9.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214966512421
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///F:/components/wmvhdrating.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{404FFF98-13CD-4E41-A886-9F02A6F4F01E}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX?- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Stormser - ???? - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 8258 bytes
