Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need some help gettin rid of Spyware [CLOSED]

Started by Terryc250 , Apr 19 2008 04:00 AM

  • This topic is locked This topic is locked

#1
Terryc250
Posted 19 April 2008 - 04:00 AM

Terryc250

    Member

  • Member
  • PipPip
  • 91 posts
I'm getting these popups sayin i should install WinAnonymous, or SystemErrorFixer, or AdvancedCleaner to "optimize" or "clean" my computer or something along the lines of that, i always click cancel, i dont have any new suspicious program in the bottom right hand corner of my screen however, but these popups still always come up every now and then, sometimes my internet also just stops working and requires a reboot to get it to work again

I also get these websites that pop up:
Reditty.com
fxclub.com
bestdietforme.com
and a few others

------------

Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:55 AM, on 4/17/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {4debc454-57ff-5ab8-28a4-f051ae5006c2} - {2c6005ea-150f-4a82-8ba5-ff75454cbed4} - C:\Windows\system32\palhjgjb.dll
O2 - BHO: (no name) - {53D859D0-A8FF-45E3-8936-A2700325C33C} - C:\Windows\system32\fccCVPIB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [10e99fb2] rundll32.exe "C:\Windows\system32\gpbxpddd.dll",b
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKLM\..\Run: [BM13daac2e] Rundll32.exe "C:\Windows\system32\rkmmdbrm.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Web Anti-Virus statistics - {1f460357-8a94-4d71-9ca3-aa4acf32ed8e} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O13 - Gopher Prefix:
O16 - DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing)
O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IntelDHSvcConf - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (livesrv) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (file missing)
O23 - Service: BitDefender Virus Shield (vsserv) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: VundoFix Service (vundofixsvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: Webroot Spy Sweeper Engine (webrootspysweeperservice) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (xcomm) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
  • 0

Advertisements

#2
sage5
Posted 19 April 2008 - 05:17 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Terryc250,

Welcome to Geeks to Go!
My name is sage5, and I will be helping you with this problem.

Please download the following & save to your Desktop:
ComboFix

Run ComboFix:
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply
Log file will be C:\Combofix.txt

Note: Do not mouseclick combofix's window while its running. That may cause it to stall



Cheers,

sage5

Edited by sage5, 19 April 2008 - 05:18 AM.

  • 0

#3
Terryc250
Posted 19 April 2008 - 09:39 AM

Terryc250

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
ComboFix.txt:

ComboFix 08-04-18.3 - Boss 2008-04-19 8:31:04.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1946 [GMT -7:00]
Running from: C:\Users\Boss\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Windows\cookies.ini
C:\Windows\system\update.exe
C:\Windows\System32\BIPVCccf.ini
C:\Windows\System32\BIPVCccf.ini2
C:\Windows\System32\CJRsBJjl.ini
C:\Windows\System32\CJRsBJjl.ini2
C:\Windows\system32\ckxegiiw.dll
C:\Windows\system32\cmfgfwky.dll
C:\Windows\System32\dddpxbpg.ini
C:\Windows\system32\eisbdinj.dll
C:\Windows\System32\eywvkxeo.ini
C:\Windows\system32\fccCVPIB.dll
C:\Windows\system32\gpbxpddd.dll
C:\Windows\system32\igytqimu.dll
C:\Windows\system32\irxbvaay.dll
C:\Windows\system32\ixpripeb.dll
C:\Windows\System32\llmWxbeg.ini
C:\Windows\System32\llmWxbeg.ini2
C:\Windows\system32\lokusius.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\mgnwfwtk.dll
C:\Windows\system32\mhiqmjcn.dll
C:\Windows\System32\mlltbqfk.ini
C:\Windows\system32\nrtpvvdi.dll
C:\Windows\system32\opgwrqpg.dll
C:\Windows\system32\palhjgjb.dll
C:\Windows\system32\qhoflpuw.dll
C:\Windows\System32\qiymfbkv.ini
C:\Windows\System32\rdeglkwt.ini
C:\Windows\system32\rkmmdbrm.dll
C:\Windows\system32\sasxcmab.dll
C:\Windows\system32\vkbfmyiq.dll
C:\Windows\System32\vquxspwh.ini
C:\Windows\system32\vtUopNDv.dll
C:\Windows\System32\wvnkskmi.ini
C:\Windows\system32\x64
C:\Windows\System32\ykwfgfmc.ini

----- BITS: Possible infected sites -----

hxxp://theinstalls.com
.
((((((((((((((((((((((((( Files Created from 2008-03-19 to 2008-04-19 )))))))))))))))))))))))))))))))
.

2008-04-17 00:14 . 2008-04-17 01:16 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-04-17 00:14 . 2008-04-17 01:16 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-04-16 23:45 . 2008-04-16 23:45 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-04-16 23:45 . 2008-04-16 23:45 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-04-16 23:33 . 2008-04-16 23:22 0 --a------ C:\Windows\System32\MSWINSCK - Copy.OCX
2008-04-16 23:23 . 2008-04-16 23:23 <DIR> d-------- C:\Users\Boss\AppData\Roaming\Bitdefender
2008-04-16 23:22 . 2008-04-17 00:49 <DIR> d-a------ C:\Users\All Users\TEMP
2008-04-16 23:22 . 2008-04-16 23:23 <DIR> d-------- C:\Users\All Users\BitDefender
2008-04-16 23:22 . 2008-04-17 00:49 <DIR> d-a------ C:\ProgramData\TEMP
2008-04-16 23:22 . 2008-04-16 23:23 <DIR> d-------- C:\ProgramData\BitDefender
2008-04-16 23:22 . 2008-04-16 23:33 109,248 --a------ C:\Windows\System32\MSWINSCK.OCX
2008-04-16 22:50 . 2008-04-16 22:50 <DIR> d-------- C:\Program Files\CCleaner
2008-04-16 17:34 . 2008-04-16 17:34 <DIR> d-------- C:\Windows\Content.IE5
2008-04-16 17:33 . 2008-04-16 22:11 691 --a------ C:\Users\Boss\AppData\Roaming\GetValue.vbs
2008-04-16 17:33 . 2008-04-16 22:11 35 --a------ C:\Users\Boss\AppData\Roaming\SetValue.bat
2008-04-16 17:32 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-04-16 17:32 . 2008-04-16 22:11 1,534 --a------ C:\Windows\System32\tmp.reg
2008-04-16 16:56 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-04-16 16:56 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-04-16 16:56 . 2008-04-14 19:28 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-04-16 16:56 . 2008-04-12 13:49 82,432 --a------ C:\Windows\System32\IEDFix.exe
2008-04-16 16:56 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-04-16 16:56 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-04-15 19:16 . 2008-04-16 15:20 1,603,057 ---hs---- C:\Windows\System32\ftkucokj.ini
2008-04-14 15:03 . 2008-04-17 01:16 239,561,283 --a------ C:\Windows\MEMORY.DMP
2008-04-14 15:03 . 2008-04-14 15:03 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{993e3e9b-0a6e-11dd-b04c-0019212f80c2}.TMContainer00000000000000000002.regtrans-ms
2008-04-14 15:03 . 2008-04-14 15:03 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{993e3e9b-0a6e-11dd-b04c-0019212f80c2}.TMContainer00000000000000000001.regtrans-ms
2008-04-14 15:03 . 2008-04-14 15:03 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{993e3e9f-0a6e-11dd-b04c-0019212f80c2}.TMContainer00000000000000000002.regtrans-ms
2008-04-14 15:03 . 2008-04-14 15:03 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{993e3e9f-0a6e-11dd-b04c-0019212f80c2}.TMContainer00000000000000000001.regtrans-ms
2008-04-14 15:03 . 2008-04-14 15:03 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{993e3e9b-0a6e-11dd-b04c-0019212f80c2}.TM.blf
2008-04-14 15:03 . 2008-04-14 15:03 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{993e3e9f-0a6e-11dd-b04c-0019212f80c2}.TM.blf
2008-04-14 14:57 . 2008-04-14 14:58 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-04-14 14:57 . 2008-04-14 14:58 <DIR> d-------- C:\ProgramData\Lavasoft
2008-04-14 14:57 . 2008-04-14 14:57 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-14 14:39 . 2008-04-16 17:03 538 --a------ C:\Windows\wininit.ini
2008-04-14 14:24 . 2008-04-16 16:24 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-14 14:24 . 2008-04-16 16:24 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-04-14 14:24 . 2008-04-14 14:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-14 06:50 . 2008-04-14 06:50 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-04-14 06:24 . 2008-04-14 06:50 <DIR> d-------- C:\VundoFix Backups
2008-04-14 02:07 . 2008-04-16 23:09 <DIR> d-------- C:\backups
2008-04-14 02:03 . 2008-04-14 02:04 101,865 --a------ C:\Users\Boss\startuplist.zip
2008-04-14 01:57 . 2005-01-20 13:47 175,616 --a------ C:\Windows\System32\strings.exe
2008-04-14 01:57 . 2006-03-02 23:42 73,728 --a------ C:\Windows\System32\pv.exe
2008-04-14 01:57 . 2005-01-13 21:41 39,184 --a------ C:\Windows\System32\Ntrights.exe
2008-04-14 01:57 . 2005-10-19 18:50 16,384 --a------ C:\Windows\System32\restart.exe
2008-04-14 01:57 . 2005-01-13 21:41 11,254 --a------ C:\Windows\System32\locate.com
2008-04-14 01:56 . 2008-04-14 01:56 <DIR> d-------- C:\l2m
2008-04-13 23:24 . 2008-04-13 23:24 <DIR> d-------- C:\Users\Other.Boss-PC\AppData\Roaming\vlc
2008-04-13 23:04 . 2008-04-13 23:22 2,123,263 ---hs---- C:\Windows\System32\hjqqrnop.ini
2008-04-13 22:36 . 2008-04-13 22:36 <DIR> d-------- C:\Users\Other.Boss-PC\AppData\Roaming\Logitech
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Videos
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Searches
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Saved Games
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Pictures
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Music
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Links
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Downloads
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Documents
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Contacts
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> d-------- C:\Users\Other.Boss-PC\AppData\Roaming\Webroot
2008-04-13 22:22 . 2006-11-02 05:37 <DIR> d-------- C:\Users\Other.Boss-PC\AppData\Roaming\Media Center Programs
2008-04-13 22:22 . 2007-10-28 14:33 <DIR> d--h----- C:\Users\Other.Boss-PC\AppData\Roaming\GTek
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> d--h----- C:\Users\Other.Boss-PC\AppData
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> d-------- C:\Users\Other.Boss-PC
2008-04-13 22:22 . 2008-04-13 22:50 524,288 --ahs---- C:\Users\Other.Boss-PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
2008-04-13 22:22 . 2008-04-13 22:50 524,288 --ahs---- C:\Users\Other.Boss-PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
2008-04-13 22:22 . 2008-04-19 08:31 262,144 --ah----- C:\Users\Other.Boss-PC\ntuser.dat.LOG1
2008-04-13 22:22 . 2008-04-13 22:50 65,536 --ahs---- C:\Users\Other.Boss-PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
2008-04-13 22:22 . 2008-04-13 22:22 0 --ah----- C:\Users\Other.Boss-PC\ntuser.dat.LOG2
2008-04-13 21:20 . 2008-01-04 20:34 163,696 --a------ C:\Windows\System32\drivers\ssidrv.sys
2008-04-13 21:20 . 2008-01-04 20:34 23,920 --a------ C:\Windows\System32\drivers\sskbfd.sys
2008-04-13 21:20 . 2008-01-04 20:34 21,872 --a------ C:\Windows\System32\drivers\sshrmd.sys
2008-04-13 21:20 . 2008-01-04 20:34 20,336 --a------ C:\Windows\System32\drivers\SSFS0BB9.sys
2008-04-13 21:19 . 2008-04-13 21:19 <DIR> d-------- C:\Users\Boss\AppData\Roaming\Webroot
2008-04-13 21:19 . 2008-04-13 21:19 <DIR> d-------- C:\Users\All Users\Webroot
2008-04-13 21:19 . 2008-04-13 21:19 <DIR> d-------- C:\ProgramData\Webroot
2008-04-13 21:19 . 2008-04-13 21:19 <DIR> d-------- C:\Program Files\Webroot
2008-04-13 21:19 . 2008-01-04 20:56 1,526,640 --a------ C:\Windows\WRSetup.dll
2008-04-13 21:04 . 2008-04-13 21:04 <DIR> d-------- C:\Users\Boss\AppData\Roaming\Ubisoft
2008-04-13 20:57 . 2008-04-13 20:57 <DIR> d-------- C:\Users\All Users\Ubisoft
2008-04-13 20:57 . 2008-04-13 20:57 <DIR> d-------- C:\ProgramData\Ubisoft
2008-04-13 20:56 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll
2008-04-13 20:56 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll
2008-04-13 20:56 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll
2008-04-13 20:56 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll
2008-04-13 20:56 . 2007-10-22 03:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll
2008-04-13 20:44 . 2008-04-13 20:44 <DIR> d-------- C:\Program Files\Ubisoft
2008-04-13 20:20 . 2008-04-13 22:51 2,124,379 ---hs---- C:\Windows\System32\mnewvhtl.ini
2008-04-12 15:21 . 2008-04-12 15:21 <DIR> d-------- C:\Users\All Users\Avg7
2008-04-12 15:21 . 2008-04-12 15:21 <DIR> d-------- C:\ProgramData\Avg7
2008-04-12 11:09 . 2008-04-12 11:09 53,768 --a------ C:\Windows\System32\drivers\avgwfp.sys
2008-04-12 05:46 . 2008-04-12 05:46 <DIR> d-------- C:\Program Files\Panda Security
2008-04-12 03:05 . 2008-04-16 16:56 <DIR> d-------- C:\QUARANTINE
2008-04-12 03:04 . 2008-04-12 03:04 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2008-04-12 03:04 . 2006-12-19 15:06 1,495,552 --a------ C:\Windows\System32\epoPGPsdk.dll
2008-04-12 00:04 . 2008-04-16 23:31 121 --a------ C:\Windows\bdagent.INI
2008-04-11 23:53 . 2008-04-11 23:53 <DIR> d-------- C:\Program Files\BitDefender
2008-04-11 23:52 . 2008-04-16 23:22 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-04-11 22:48 . 2008-04-11 22:48 <DIR> d-------- C:\Program Files\AskPBar
2008-04-11 02:01 . 2008-04-11 02:04 <DIR> d-------- C:\booti2
2008-04-11 01:59 . 2008-04-11 02:11 <DIR> d-------- C:\booti
2008-04-11 00:59 . 2008-04-11 01:39 <DIR> d-------- C:\Windows\BDOSCAN8
2008-04-11 00:21 . 2008-04-11 00:22 <DIR> d-------- C:\Naruto_397[Binktopia]
2008-04-10 23:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\Other\Videos
2008-04-10 23:01 . 2006-11-02 03:23 <DIR> d-------- C:\Users\Other\Saved Games
2008-04-10 23:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\Other\Pictures
2008-04-10 23:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\Other\Music
2008-04-10 23:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\Other\Links
2008-04-10 23:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\Other\Downloads
2008-04-10 23:01 . 2008-04-10 23:01 <DIR> dr------- C:\Users\Other\Documents
2008-04-10 23:01 . 2006-11-02 04:18 <DIR> d--h----- C:\Users\Other\AppData
2008-04-10 23:01 . 2008-04-10 23:01 <DIR> d-------- C:\Users\Other
2008-04-10 23:01 . 2008-04-10 23:01 524,288 --ahs---- C:\Users\Other\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
2008-04-10 23:01 . 2008-04-10 23:01 524,288 --ahs---- C:\Users\Other\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
2008-04-10 23:01 . 2008-04-19 08:30 197,632 --ah----- C:\Users\Other\ntuser.dat.LOG1
2008-04-10 23:01 . 2008-04-10 23:01 65,536 --ahs---- C:\Users\Other\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
2008-04-10 23:01 . 2008-04-10 23:01 0 --ah----- C:\Users\Other\ntuser.dat.LOG2
2008-04-10 21:35 . 2008-04-10 21:35 2 --a------ C:\283746077
2008-04-10 21:17 . 2008-04-10 21:17 159,744 --a------ C:\gkpaxt.exe
2008-04-10 21:17 . 2008-04-10 21:17 58,880 --a------ C:\njhxmjb.exe
2008-04-10 21:17 . 55,218 C:\Windows\zeqbqwp.sys
2008-04-10 21:17 . 2008-04-10 21:17 44,544 --a------ C:\ncolyrif.exe
2008-04-10 21:17 . 2008-04-10 21:17 12,800 --a------ C:\cusgi.exe
2008-04-10 21:17 . 2008-04-10 21:17 4,096 --a------ C:\vhyp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-19 15:30 --------- d-s---w C:\Program Files\HLSW
2008-04-18 06:34 --------- d-----w C:\Program Files\Steam
2008-04-17 07:08 --------- d-----w C:\ProgramData\Symantec
2008-04-17 06:52 --------- d-----w C:\Program Files\Symantec
2008-04-17 06:45 --------- d-----w C:\Users\Boss\AppData\Roaming\uTorrent
2008-04-14 21:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-14 20:58 0 ----a-w C:\Program Files\New Text Document.txt
2008-04-14 09:03 401,720 ----a-w C:\HijackThis.exe
2008-04-14 03:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-12 03:58 --------- d-----w C:\Program Files\Paltalk Messenger
2008-04-11 11:14 --------- d-----w C:\Program Files\AIM
2008-04-09 10:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-09 10:24 --------- d-----w C:\Program Files\PowerISO
2008-04-06 22:09 --------- d-----w C:\Users\Boss\AppData\Roaming\LimeWire
2008-04-05 06:57 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-18 16:17 --------- d-----w C:\Program Files\Activision
2008-03-18 04:26 --------- d-----w C:\Program Files\9Dragons
2008-03-14 06:04 46,652 ----a-w C:\Windows\system32\drivers\scdemu.sys
2008-03-13 15:01 --------- d-----w C:\Program Files\Windows Live
2008-03-13 15:00 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-13 14:59 --------- d-----w C:\ProgramData\WLInstaller
2008-03-13 06:00 --------- d-----w C:\Program Files\OGPlanet
2008-02-27 08:51 --------- d-----w C:\Program Files\Warcraft III
2008-01-19 09:28 142 ----a-w C:\Users\Boss\naruto_385.zip
2008-01-19 08:20 96,282,697 ----a-w C:\Users\Boss\rybka.zip
2008-01-19 08:01 5,002,240 ----a-w C:\Users\Boss\Rybka_v2.1c.demo.x64.exe
2008-01-19 08:00 4,681,728 ----a-w C:\Users\Boss\Rybka_v2.1c.demo.w32.exe
2008-01-19 07:53 590,942 ----a-w C:\Users\Boss\rebdec10.zip
2008-01-18 05:33 22,122 ----a-w C:\Users\Boss\shredder.classic.1.2.patch-icu.zip
2008-01-17 08:32 7,755,319 ----a-w C:\Users\Boss\SetupShredderClassic3.exe
2008-01-15 07:36 52,791,359 ----a-w C:\Users\Boss\NXMREQ.zip
2008-01-15 07:36 1,158,444 ----a-w C:\Users\Boss\setup.zip
2008-01-15 06:34 214,016 ----a-w C:\Users\Boss\ChessmasterChallenge-dm.exe
2008-01-14 13:04 1,337,837 ----a-w C:\Users\Boss\ant_stratego_install.exe
2008-01-02 15:32 527,905 ----a-w C:\Users\Boss\KainSetup.exe
2008-01-02 15:32 3,619 ----a-w C:\Users\Boss\cpugrab.zip
2008-01-02 05:01 144 ----a-w C:\Users\Boss\naruto_384.zip
2008-01-02 03:42 6,222,376 ----a-w C:\Users\Boss\DivXWebPlayerInstaller.exe
2007-12-29 07:15 22 ----a-w C:\Users\Boss\naruto_384raw.zip
2007-12-27 17:26 562,744 ----a-w C:\Users\Boss\WinPcap_4_1_beta.exe
2007-12-27 06:34 7,171,783 ----a-w C:\Users\Boss\Pcsx2_0.9.4_Setup.exe
2007-12-22 08:10 128 ----a-w C:\Users\Boss\naruto_383.zip
2007-12-20 11:41 128 ----a-w C:\Users\Boss\naruto_382.zip
2007-12-20 08:56 22 ----a-w C:\Users\Boss\DEVIL.MAY.CRY.3.SE.PLUS4TRN.ASXDOX.ZIP
2007-12-20 08:56 22 ----a-w C:\Users\Boss\DEVIL.MAY.CRY.3.SE.PLUS2TRN.ICARUS.ZIP
2007-12-20 08:39 22 ----a-w C:\Users\Boss\DEVIL.MAY.CRY.3.SE.PLUS9TRN.ASXDOX.ZIP
2007-12-19 05:30 22 ----a-w C:\Users\Boss\Chrono_Trigger_(U).zip
2007-12-19 05:28 22 ----a-w C:\Users\Boss\zsnesw151.zip
2007-12-18 08:36 94,181 ----a-w C:\Users\Boss\FABLE.TLC.PLUS7TRN.DEVIANCE.ZIP
2007-12-18 05:27 22 ----a-w C:\Users\Boss\FABLE.TLC.PLUS10TRN.W0RF.ZIP
2007-12-17 09:25 9,237,432 ----a-w C:\Users\Boss\BearShareV6.exe
2007-12-14 10:48 22 ----a-w C:\Users\Boss\naruto_382raw.zip
2007-12-10 22:06 128 ----a-w C:\Users\Boss\naruto_381.zip
2007-12-10 20:03 5,243,518 ----a-w C:\Users\Boss\shareaza_2.3.0.0.exe
2007-12-10 19:59 2,018,059 ----a-w C:\Users\Boss\aresregular209_installer.exe
2007-12-05 09:06 9,733,451 ----a-w C:\Users\Boss\vlc-0.8.6d-win32.exe
2007-12-05 08:36 742,560 ----a-w C:\Users\Boss\PMFplay_H.264_Decoder.exe
2007-12-01 09:47 128 ----a-w C:\Users\Boss\naruto_380.zip
2007-11-30 05:58 40,951,297 ----a-w C:\Users\Boss\NittoLegendsBeta0991.exe
2007-11-24 23:35 128 ----a-w C:\Users\Boss\naruto_379.zip
2007-11-23 21:19 7,555,823 ----a-w C:\Users\Boss\1320v152S.zip
2007-11-22 10:52 22 ----a-w C:\Users\Boss\MoFunZone.com--crysis_6_trainer.zip
2007-11-22 10:29 22,328 ----a-w C:\Users\Boss\AppData\Roaming\PnkBstrK.sys
2007-11-22 10:18 269,312 ----a-w C:\Users\Boss\DAMN_NFO_Viewer_v2-10-0032-RC3.exe
2007-11-19 09:32 3,238,127 ----a-w C:\Users\Boss\naruto_378.zip
2007-11-18 16:35 4,160,370 ----a-w C:\Users\Boss\Call.Of.Duty.4-KEYGEN.1911.exe
2007-11-18 16:30 1,372,178 ----a-w C:\Users\Boss\Call Of Duty 4 Crackfix and Keygen.zip
2007-11-16 10:20 1,027,090 ----a-w C:\Users\Boss\wowclient-downloader.exe
2007-11-15 03:58 2,732,032 ----a-w C:\Users\Boss\ventrilo-3.0.0-Windows-i386.exe
2007-11-07 02:29 1,110,016 ----a-w C:\Users\Boss\CohUpdater.exe
2007-11-06 03:23 2,010,624 ----a-w C:\Users\Boss\ventrilo-2.3.0-Windows-i386.exe
2007-11-04 10:04 118,739,008 ----a-w C:\Users\Boss\TheWitcherPatch_1.1a.exe
2007-11-03 14:57 1,819,802,137 ----a-w C:\Users\Boss\Rappelz_E4_072007_USA.zip
2007-11-02 11:22 22 ----a-w C:\Users\Boss\TheWitcherv1.1aGoldTrainer.zip
2007-11-02 11:22 170,496 ----a-w C:\Users\Boss\The Witcher 1.1a Promo Trainer.exe
2007-11-02 05:12 23,770,568 ----a-w C:\Users\Boss\DivXInstaller.exe
2007-10-31 06:45 8,506,408 ----a-w C:\Users\Boss\Install_AIM59.exe
2007-10-31 06:32 1,550,866 ----a-w C:\Users\Boss\mirc63.exe
2007-10-31 04:16 223,822 ----a-w C:\Users\Boss\AutoRefresher.zip
2007-10-31 01:18 114,781 ----a-w C:\Users\Boss\crysisdemo-ch.zip
2007-10-30 10:13 67,108,864 ----a-w C:\Users\Boss\Windows XP Ultimate Edition (by Johnny) [October2007-R3.1].exe
2007-10-30 10:11 2,104,776 ----a-w C:\Users\Boss\daemon410-x64.exe
2007-10-30 10:11 1,911,240 ----a-w C:\Users\Boss\daemon410-x86.exe
2007-10-30 07:20 5,741,210 ----a-w C:\Users\Boss\WARCRAFT.3.V1.21A.ENG.BOR0.NOCD.ZIP
2007-10-30 07:13 1,135,893 ----a-w C:\Users\Boss\New Compressed (zipped) Folder.zip
2007-10-30 07:07 53,026,744 ----a-w C:\Users\Boss\War3TFT_121a_English.exe
2007-10-30 00:38 1,206,366 ----a-w C:\Users\Boss\wrar371.exe
2007-10-29 23:39 2,721,721 ----a-w C:\Users\Boss\hlsw_1_2_0_setup.exe
2007-10-29 00:40 24,792,040 ----a-w C:\Users\Boss\7-10_vista32_dd_53254.exe
2007-10-29 00:39 60,816,768 ----a-w C:\Users\Boss\setpoint400.exe
2007-10-28 23:09 22 ----a-w C:\Users\Boss\Batch FLV.zip
2007-10-28 23:07 193,797,819 ----a-w C:\Users\Boss\esfb123.exe
2007-10-28 21:55 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour"="" []
"eRecoveryService"="" []
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 02:45 222208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\Windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Boss^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\10e99fb2]
C:\Windows\system32\gpbxpddd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
--a------ 2007-02-02 11:05 1261568 C:\Program Files\Acer Assist\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
--a------ 2007-06-15 16:48 326440 C:\Acer\Empowering Technology\SysMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
--a------ 2007-02-02 12:24 3383296 C:\Program Files\Acer Registration\ACE1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
--a------ 2007-05-22 15:49 151552 C:\Acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-03-08 04:38 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-02-28 23:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 15:35 67112 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apanel]
C:\ACERSW\config\SetApanel.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-11-23 09:18 962560 C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bdagent]
--a------ 2008-02-16 17:45 360448 C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-20 15:35 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bitdefender antiphishing helper]
--a------ 2007-10-09 15:46 61440 C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bm13daac2e]
C:\Windows\system32\rkmmdbrm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-06-29 16:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-09-18 07:16 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--a------ 2007-04-25 16:33 457216 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2007-03-21 13:00 174872 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
C:\Program Files\McAfee\Common Framework\UdaterUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msserver]
C:\Windows\system32\geBurppn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport]
--a------ 2007-04-06 14:07 439768 C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
c:\Program Files\Norton Internet Security\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing]
--a------ 2007-06-21 18:33 204908 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-03-14 16:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-06-20 01:56 4493312 C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2006-11-02 05:35 1196032 C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spysweeper]
--a------ 2008-01-04 20:56 5367664 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-29 14:59 1271032 c:\program files\steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-07-10 15:30 1006264 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2006-11-02 05:34 2159104 C:\Windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows updates]
c:\windows\system\Update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 05:36 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A5E2F4F9-4ACC-49D9-8E12-34C554A9F1C5}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{CB7A8998-4B1E-4D90-B5D9-67E2D40F82F4}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{D7C7B185-CD7A-4FB4-9C8F-E488FF26D873}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{41DCE02C-9070-4DE4-A4AA-097557D75583}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{9361F589-2C58-4607-9F3E-7EDDFC19A2FB}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{6C205EE7-6E99-49C4-974F-7B80F2BBA6F0}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{5A8AD70F-9DD5-4D8A-9B7C-E626EC865F3A}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{A6F6AFBC-E5E3-4FE5-99E2-7A541B465AFF}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{712344DC-3475-4A33-8CE2-9D00FC463310}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{287BA272-D032-433E-A8A7-6AEDD2FA4BEC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0D5264A-98A1-4CDB-B73A-87736FBCEA20}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{3C8ECEDC-D424-4B98-B403-3AF4A394DD2A}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{998EDADF-65F7-4ED7-BD23-D9AAF420769A}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{B1037FA5-CB88-4F8E-A3E5-851189B3BF45}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{9F614491-7339-4FDC-B9EB-6CD48575C958}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{6D6DCD2A-740B-4E54-B68E-A2BCBB2BEBA0}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{16AA6F9C-957B-435F-ACF1-C2C50D48B9A2}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
"{12591F3D-5523-4A1C-A864-560E0A37FBC8}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
"{C14AB52F-31A8-4107-B71F-15461DFAD792}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{25857231-D771-4C01-8B58-8A1A2C0D0477}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"TCP Query User{E3044BC8-6061-45DA-BB11-A6D4F25C4F2A}C:\\program files\\bittornado\\btdownloadgui.exe"= UDP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"UDP Query User{8496F8D9-EC27-429A-B88E-DD15C7E85E2C}C:\\program files\\bittornado\\btdownloadgui.exe"= TCP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"{6CA13711-570A-485E-96AB-A896129956F0}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{3C5B1A79-646C-4CBA-AD98-77167144067E}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{777150B1-0CF5-4C3A-A3AA-D0DCA50D683B}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{5BE49B3C-6BD0-4EBC-80CD-C652A572F293}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{7128608F-0F06-4D25-8E22-7F767D2FF67D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{B4C66867-FD4B-4822-A29C-13FDDA056869}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{3EC75B3C-CE3C-46D9-83D2-4B8D021214F9}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{BF964E2A-A089-4345-87A0-A56C1E7FCDEC}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{8A7C66C0-C5E9-4F0C-8ACB-8AEE5E2F8C7A}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{6E713BA8-F107-4CC3-9AB6-8EB272CD542D}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{E5EDF402-75F4-4E9B-9970-2E8A455DF1FF}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{F887BB54-0725-4284-B808-AF68A9D8F9FB}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"TCP Query User{B4BD7D29-C84E-4226-8D0E-90ED0494507C}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{7011DE3F-C482-462C-A5CE-55FB6DC58654}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"{A0006030-C83C-44C1-BD85-9CDD309BEC4C}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{5D013D89-BC1B-437F-ACA3-61288C803E03}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{5ADD0E4A-93B4-4A76-B13C-CABFCE8006BA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4B899C01-B222-4B88-A766-7DC5448E592A}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{DD810CF9-628D-48A1-8C7F-A078C7A970D7}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{017FDD7E-5BDF-41B4-9CCB-E3ECEC565734}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{B3C8C70A-BB7D-4505-959D-4BD0921E695B}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{D1F3C5CC-4740-440F-BEE0-E1B3C1DE3AE3}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{53E5F994-E9BE-437D-BC25-DBD73DDB8EC4}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DisabledInterfaces"= {550542C4-3186-48D4-9701-CE8FC3FD0832}

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-06-21 18:33]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2007-02-12 10:46]
R2 eDataSecurity Service;eDataSecurity Service;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 20:34]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-28 20:13]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-10-28 14:33]
S3 DHTRACE;Intel® DHTrace Controller;C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-04-06 14:08]
S3 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-11-20 21:42]
S3 IntelDHSvcConf;IntelDHSvcConf;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2007-04-06 14:08]
S3 NMSCore;Intel® NMSCore;"C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe" [2007-04-06 14:07]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-06-21 13:55]
S3 QualityManager;Intel® Quality Manager;"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe" [2007-04-06 14:10]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-04 22:03]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\autorun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5eff3f94-86d1-11dc-8b87-0019212f80c2}]
\shell\autorun\command - K:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd405468-98b9-11dc-9911-0019212f80c2}]
\shell\AutoRun\command - N:\autorun.exe

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-19 08:34:57
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\Ati2evxx.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Windows\System32\WUDFHost.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-04-19 8:37:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-19 15:37:13

Pre-Run: 60,419,825,664 bytes free
Post-Run: 60,364,607,488 bytes free

523 --- E O F --- 2007-10-28 21:52:25

---

My HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:07 AM, on 4/19/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing)
O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IntelDHSvcConf - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (livesrv) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (file missing)
O23 - Service: BitDefender Virus Shield (vsserv) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: VundoFix Service (vundofixsvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: Webroot Spy Sweeper Engine (webrootspysweeperservice) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (xcomm) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 8605 bytes
  • 0

#4
sage5
Posted 21 April 2008 - 06:37 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Terryc250,

Create a CombFix Script:
  • Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.
  • Now copy/paste the entire content of the codebox below into the Notepad window:
File::C:\Windows\System32\ftkucokj.iniC:\Windows\System32\hjqqrnop.iniC:\Users\Other.Boss-PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-msC:\Users\Other.Boss-PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-msC:\Users\Other.Boss-PC\ntuser.dat.LOG1C:\Users\Other.Boss-PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-msC:\Users\Other.Boss-PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-msC:\Users\Other.Boss-PC\ntuser.dat.LOG1C:\Users\Other.Boss-PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blfC:\Users\Other.Boss-PC\ntuser.dat.LOG2C:\Windows\System32\mnewvhtl.iniC:\Windows\System32\epoPGPsdk.dllC:\Users\Other\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-msC:\Users\Other\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-msC:\Users\Other\ntuser.dat.LOG1C:\Users\Other\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blfC:\Users\Other\ntuser.dat.LOG2C:\283746077C:\gkpaxt.exeC:\njhxmjb.exeC:\Windows\zeqbqwp.sysC:\ncolyrif.exeC:\cusgi.exeC:\vhyp.exeC:\Users\Boss\naruto_385.zipC:\Users\Boss\rybka.zipC:\Users\Boss\Rybka_v2.1c.demo.x64.exeC:\Users\Boss\Rybka_v2.1c.demo.w32.exeC:\Users\Boss\rebdec10.zipC:\Users\Boss\shredder.classic.1.2.patch-icu.zipC:\Users\Boss\SetupShredderClassic3.exeC:\Users\Boss\NXMREQ.zipC:\Users\Boss\setup.zipC:\Users\Boss\ChessmasterChallenge-dm.exeC:\Users\Boss\ant_stratego_install.exeC:\Users\Boss\KainSetup.exeC:\Users\Boss\cpugrab.zipC:\Users\Boss\naruto_384.zipC:\Users\Boss\DivXWebPlayerInstaller.exeC:\Users\Boss\naruto_384raw.zipC:\Users\Boss\WinPcap_4_1_beta.exeC:\Users\Boss\Pcsx2_0.9.4_Setup.exeC:\Users\Boss\naruto_383.zipC:\Users\Boss\naruto_382.zipC:\Users\Boss\DEVIL.MAY.CRY.3.SE.PLUS4TRN.ASXDOX.ZIPC:\Users\Boss\DEVIL.MAY.CRY.3.SE.PLUS2TRN.ICARUS.ZIPC:\Users\Boss\DEVIL.MAY.CRY.3.SE.PLUS9TRN.ASXDOX.ZIPC:\Users\Boss\Chrono_Trigger_(U).zipC:\Users\Boss\zsnesw151.zipC:\Users\Boss\FABLE.TLC.PLUS7TRN.DEVIANCE.ZIPC:\Users\Boss\FABLE.TLC.PLUS10TRN.W0RF.ZIPC:\Users\Boss\BearShareV6.exeC:\Users\Boss\naruto_382raw.zipC:\Users\Boss\naruto_381.zipC:\Users\Boss\shareaza_2.3.0.0.exeC:\Users\Boss\aresregular209_installer.exeC:\Users\Boss\vlc-0.8.6d-win32.exeC:\Users\Boss\PMFplay_H.264_Decoder.exeC:\Users\Boss\naruto_380.zipC:\Users\Boss\NittoLegendsBeta0991.exeC:\Users\Boss\naruto_379.zipC:\Users\Boss\1320v152S.zipC:\Users\Boss\MoFunZone.com--crysis_6_trainer.zipC:\Users\Boss\DAMN_NFO_Viewer_v2-10-0032-RC3.exeC:\Users\Boss\naruto_378.zipC:\Users\Boss\Call.Of.Duty.4-KEYGEN.1911.exeC:\Users\Boss\Call Of Duty 4 Crackfix and Keygen.zipC:\Users\Boss\wowclient-downloader.exeC:\Users\Boss\ventrilo-3.0.0-Windows-i386.exeC:\Users\Boss\CohUpdater.exeC:\Users\Boss\ventrilo-2.3.0-Windows-i386.exeC:\Users\Boss\TheWitcherPatch_1.1a.exeC:\Users\Boss\Rappelz_E4_072007_USA.zipC:\Users\Boss\TheWitcherv1.1aGoldTrainer.zipC:\Users\Boss\The Witcher 1.1a Promo Trainer.exeC:\Users\Boss\DivXInstaller.exeC:\Users\Boss\Install_AIM59.exeC:\Users\Boss\mirc63.exeC:\Users\Boss\AutoRefresher.zipC:\Users\Boss\crysisdemo-ch.zipC:\Users\Boss\Windows XP Ultimate Edition (by Johnny) [October2007-R3.1].exeC:\Users\Boss\daemon410-x64.exeC:\Users\Boss\daemon410-x86.exeC:\Users\Boss\WARCRAFT.3.V1.21A.ENG.BOR0.NOCD.ZIPC:\Users\Boss\New Compressed (zipped) Folder.zipC:\Users\Boss\War3TFT_121a_English.exeC:\Users\Boss\wrar371.exeC:\Users\Boss\hlsw_1_2_0_setup.exeC:\Users\Boss\7-10_vista32_dd_53254.exeC:\Users\Boss\setpoint400.exeC:\Users\Boss\Batch FLV.zipC:\Users\Boss\esfb123.exeRegistry::[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\10e99fb2][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bm13daac2e][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msserver][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\bdx]

  • Save the above as CFScript.txt
  • Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
    Posted Image
  • After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.


Create an Uninstall list:
  • Open HijackThis, click Open the Misc Tools section
  • Click Open Uninstall Manager
  • Click Save list.
This generates uninstall_list.txt in the same folder as HijackThis. I will need you to paste the text from this file, into a post later


Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to C:\active_scan.txt
  • Post the contents of the TotalScan report, the Uninstall list, the Combofix log & a fresh HijackThis log


The text from these files may exceed the maximum post length for this forum, and may need to be sent over 2 or more posts. Please ensure all text is posted.

Cheers,

sage5

Edited by sage5, 21 April 2008 - 06:39 AM.

  • 0

#5
Terryc250
Posted 21 April 2008 - 02:20 PM

Terryc250

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
These are the logs after i ran the CFScript with ComboFix.exe

ComboFix.txt:

ComboFix 08-04-18.3 - Boss 2008-04-21 13:13:10.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2106 [GMT -7:00]
Running from: C:\Users\Boss\Desktop\ComboFix.exe
Command switches used :: C:\Users\Boss\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))))
.

2008-04-17 00:14 . 2008-04-17 01:16 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-04-17 00:14 . 2008-04-17 01:16 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-04-16 23:45 . 2008-04-16 23:45 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-04-16 23:45 . 2008-04-16 23:45 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-04-16 23:33 . 2008-04-16 23:22 0 --a------ C:\Windows\System32\MSWINSCK - Copy.OCX
2008-04-16 23:23 . 2008-04-16 23:23 <DIR> d-------- C:\Users\Boss\AppData\Roaming\Bitdefender
2008-04-16 23:22 . 2008-04-17 00:49 <DIR> d-a------ C:\Users\All Users\TEMP
2008-04-16 23:22 . 2008-04-16 23:23 <DIR> d-------- C:\Users\All Users\BitDefender
2008-04-16 23:22 . 2008-04-17 00:49 <DIR> d-a------ C:\ProgramData\TEMP
2008-04-16 23:22 . 2008-04-16 23:23 <DIR> d-------- C:\ProgramData\BitDefender
2008-04-16 23:22 . 2008-04-16 23:33 109,248 --a------ C:\Windows\System32\MSWINSCK.OCX
2008-04-16 22:50 . 2008-04-16 22:50 <DIR> d-------- C:\Program Files\CCleaner
2008-04-16 17:34 . 2008-04-16 17:34 <DIR> d-------- C:\Windows\Content.IE5
2008-04-16 17:33 . 2008-04-16 22:11 691 --a------ C:\Users\Boss\AppData\Roaming\GetValue.vbs
2008-04-16 17:33 . 2008-04-16 22:11 35 --a------ C:\Users\Boss\AppData\Roaming\SetValue.bat
2008-04-16 17:32 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-04-16 17:32 . 2008-04-16 22:11 1,534 --a------ C:\Windows\System32\tmp.reg
2008-04-16 16:56 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-04-16 16:56 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-04-16 16:56 . 2008-04-14 19:28 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-04-16 16:56 . 2008-04-12 13:49 82,432 --a------ C:\Windows\System32\IEDFix.exe
2008-04-16 16:56 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-04-16 16:56 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-04-15 19:16 . 2008-04-16 15:20 1,603,057 ---hs---- C:\Windows\System32\ftkucokj.ini
2008-04-14 15:03 . 2008-04-17 01:16 239,561,283 --a------ C:\Windows\MEMORY.DMP
2008-04-14 15:03 . 2008-04-14 15:03 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{993e3e9b-0a6e-11dd-b04c-0019212f80c2}.TMContainer00000000000000000002.regtrans-ms
2008-04-14 15:03 . 2008-04-14 15:03 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{993e3e9b-0a6e-11dd-b04c-0019212f80c2}.TMContainer00000000000000000001.regtrans-ms
2008-04-14 15:03 . 2008-04-14 15:03 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{993e3e9f-0a6e-11dd-b04c-0019212f80c2}.TMContainer00000000000000000002.regtrans-ms
2008-04-14 15:03 . 2008-04-14 15:03 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{993e3e9f-0a6e-11dd-b04c-0019212f80c2}.TMContainer00000000000000000001.regtrans-ms
2008-04-14 15:03 . 2008-04-14 15:03 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{993e3e9b-0a6e-11dd-b04c-0019212f80c2}.TM.blf
2008-04-14 15:03 . 2008-04-14 15:03 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{993e3e9f-0a6e-11dd-b04c-0019212f80c2}.TM.blf
2008-04-14 14:57 . 2008-04-14 14:58 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-04-14 14:57 . 2008-04-14 14:58 <DIR> d-------- C:\ProgramData\Lavasoft
2008-04-14 14:57 . 2008-04-14 14:57 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-14 14:39 . 2008-04-16 17:03 538 --a------ C:\Windows\wininit.ini
2008-04-14 14:24 . 2008-04-16 16:24 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-14 14:24 . 2008-04-16 16:24 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-04-14 14:24 . 2008-04-14 14:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-14 06:50 . 2008-04-14 06:50 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-04-14 06:24 . 2008-04-14 06:50 <DIR> d-------- C:\VundoFix Backups
2008-04-14 02:07 . 2008-04-16 23:09 <DIR> d-------- C:\backups
2008-04-14 02:03 . 2008-04-14 02:04 101,865 --a------ C:\Users\Boss\startuplist.zip
2008-04-14 01:57 . 2005-01-20 13:47 175,616 --a------ C:\Windows\System32\strings.exe
2008-04-14 01:57 . 2006-03-02 23:42 73,728 --a------ C:\Windows\System32\pv.exe
2008-04-14 01:57 . 2005-01-13 21:41 39,184 --a------ C:\Windows\System32\Ntrights.exe
2008-04-14 01:57 . 2005-10-19 18:50 16,384 --a------ C:\Windows\System32\restart.exe
2008-04-14 01:57 . 2005-01-13 21:41 11,254 --a------ C:\Windows\System32\locate.com
2008-04-14 01:56 . 2008-04-14 01:56 <DIR> d-------- C:\l2m
2008-04-13 23:24 . 2008-04-13 23:24 <DIR> d-------- C:\Users\Other.Boss-PC\AppData\Roaming\vlc
2008-04-13 23:04 . 2008-04-13 23:22 2,123,263 ---hs---- C:\Windows\System32\hjqqrnop.ini
2008-04-13 22:36 . 2008-04-13 22:36 <DIR> d-------- C:\Users\Other.Boss-PC\AppData\Roaming\Logitech
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Videos
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Searches
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Saved Games
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Pictures
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Music
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Links
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Downloads
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Documents
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Contacts
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> d-------- C:\Users\Other.Boss-PC\AppData\Roaming\Webroot
2008-04-13 22:22 . 2006-11-02 05:37 <DIR> d-------- C:\Users\Other.Boss-PC\AppData\Roaming\Media Center Programs
2008-04-13 22:22 . 2007-10-28 14:33 <DIR> d--h----- C:\Users\Other.Boss-PC\AppData\Roaming\GTek
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> d--h----- C:\Users\Other.Boss-PC\AppData
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> d-------- C:\Users\Other.Boss-PC
2008-04-13 22:22 . 2008-04-13 22:50 524,288 --ahs---- C:\Users\Other.Boss-PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
2008-04-13 22:22 . 2008-04-13 22:50 524,288 --ahs---- C:\Users\Other.Boss-PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
2008-04-13 22:22 . 2008-04-19 08:31 262,144 --ah----- C:\Users\Other.Boss-PC\ntuser.dat.LOG1
2008-04-13 22:22 . 2008-04-13 22:50 65,536 --ahs---- C:\Users\Other.Boss-PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
2008-04-13 22:22 . 2008-04-13 22:22 0 --ah----- C:\Users\Other.Boss-PC\ntuser.dat.LOG2
2008-04-13 21:20 . 2008-01-04 20:34 163,696 --a------ C:\Windows\System32\drivers\ssidrv.sys
2008-04-13 21:20 . 2008-01-04 20:34 23,920 --a------ C:\Windows\System32\drivers\sskbfd.sys
2008-04-13 21:20 . 2008-01-04 20:34 21,872 --a------ C:\Windows\System32\drivers\sshrmd.sys
2008-04-13 21:20 . 2008-01-04 20:34 20,336 --a------ C:\Windows\System32\drivers\SSFS0BB9.sys
2008-04-13 21:19 . 2008-04-13 21:19 <DIR> d-------- C:\Users\Boss\AppData\Roaming\Webroot
2008-04-13 21:19 . 2008-04-13 21:19 <DIR> d-------- C:\Users\All Users\Webroot
2008-04-13 21:19 . 2008-04-13 21:19 <DIR> d-------- C:\ProgramData\Webroot
2008-04-13 21:19 . 2008-04-13 21:19 <DIR> d-------- C:\Program Files\Webroot
2008-04-13 21:19 . 2008-01-04 20:56 1,526,640 --a------ C:\Windows\WRSetup.dll
2008-04-13 21:04 . 2008-04-13 21:04 <DIR> d-------- C:\Users\Boss\AppData\Roaming\Ubisoft
2008-04-13 20:57 . 2008-04-13 20:57 <DIR> d-------- C:\Users\All Users\Ubisoft
2008-04-13 20:57 . 2008-04-13 20:57 <DIR> d-------- C:\ProgramData\Ubisoft
2008-04-13 20:56 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll
2008-04-13 20:56 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll
2008-04-13 20:56 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll
2008-04-13 20:56 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll
2008-04-13 20:56 . 2007-10-22 03:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll
2008-04-13 20:44 . 2008-04-13 20:44 <DIR> d-------- C:\Program Files\Ubisoft
2008-04-13 20:20 . 2008-04-13 22:51 2,124,379 ---hs---- C:\Windows\System32\mnewvhtl.ini
2008-04-12 15:21 . 2008-04-12 15:21 <DIR> d-------- C:\Users\All Users\Avg7
2008-04-12 15:21 . 2008-04-12 15:21 <DIR> d-------- C:\ProgramData\Avg7
2008-04-12 11:09 . 2008-04-12 11:09 53,768 --a------ C:\Windows\System32\drivers\avgwfp.sys
2008-04-12 05:46 . 2008-04-12 05:46 <DIR> d-------- C:\Program Files\Panda Security
2008-04-12 03:05 . 2008-04-16 16:56 <DIR> d-------- C:\QUARANTINE
2008-04-12 03:04 . 2008-04-12 03:04 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2008-04-12 03:04 . 2006-12-19 15:06 1,495,552 --a------ C:\Windows\System32\epoPGPsdk.dll
2008-04-12 00:04 . 2008-04-16 23:31 121 --a------ C:\Windows\bdagent.INI
2008-04-11 23:53 . 2008-04-11 23:53 <DIR> d-------- C:\Program Files\BitDefender
2008-04-11 23:52 . 2008-04-16 23:22 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-04-11 22:48 . 2008-04-11 22:48 <DIR> d-------- C:\Program Files\AskPBar
2008-04-11 02:01 . 2008-04-11 02:04 <DIR> d-------- C:\booti2
2008-04-11 01:59 . 2008-04-11 02:11 <DIR> d-------- C:\booti
2008-04-11 00:59 . 2008-04-11 01:39 <DIR> d-------- C:\Windows\BDOSCAN8
2008-04-11 00:21 . 2008-04-11 00:22 <DIR> d-------- C:\Naruto_397[Binktopia]
2008-04-10 23:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\Other\Videos
2008-04-10 23:01 . 2006-11-02 03:23 <DIR> d-------- C:\Users\Other\Saved Games
2008-04-10 23:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\Other\Pictures
2008-04-10 23:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\Other\Music
2008-04-10 23:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\Other\Links
2008-04-10 23:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\Other\Downloads
2008-04-10 23:01 . 2008-04-10 23:01 <DIR> dr------- C:\Users\Other\Documents
2008-04-10 23:01 . 2006-11-02 04:18 <DIR> d--h----- C:\Users\Other\AppData
2008-04-10 23:01 . 2008-04-10 23:01 <DIR> d-------- C:\Users\Other
2008-04-10 23:01 . 2008-04-10 23:01 524,288 --ahs---- C:\Users\Other\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
2008-04-10 23:01 . 2008-04-10 23:01 524,288 --ahs---- C:\Users\Other\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
2008-04-10 23:01 . 2008-04-19 08:30 197,632 --ah----- C:\Users\Other\ntuser.dat.LOG1
2008-04-10 23:01 . 2008-04-10 23:01 65,536 --ahs---- C:\Users\Other\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
2008-04-10 23:01 . 2008-04-10 23:01 0 --ah----- C:\Users\Other\ntuser.dat.LOG2
2008-04-10 21:35 . 2008-04-10 21:35 2 --a------ C:\283746077
2008-04-10 21:17 . 2008-04-10 21:17 159,744 --a------ C:\gkpaxt.exe
2008-04-10 21:17 . 2008-04-10 21:17 58,880 --a------ C:\njhxmjb.exe
2008-04-10 21:17 . 55,218 C:\Windows\zeqbqwp.sys
2008-04-10 21:17 . 2008-04-10 21:17 44,544 --a------ C:\ncolyrif.exe
2008-04-10 21:17 . 2008-04-10 21:17 12,800 --a------ C:\cusgi.exe
2008-04-10 21:17 . 2008-04-10 21:17 4,096 --a------ C:\vhyp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 20:12 --------- d-s---w C:\Program Files\HLSW
2008-04-21 07:51 --------- d-----w C:\Program Files\Steam
2008-04-21 02:47 --------- d-----w C:\Users\Boss\AppData\Roaming\LimeWire
2008-04-17 07:08 --------- d-----w C:\ProgramData\Symantec
2008-04-17 06:52 --------- d-----w C:\Program Files\Symantec
2008-04-17 06:45 --------- d-----w C:\Users\Boss\AppData\Roaming\uTorrent
2008-04-14 21:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-14 20:58 0 ----a-w C:\Program Files\New Text Document.txt
2008-04-14 09:03 401,720 ----a-w C:\HijackThis.exe
2008-04-14 03:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-12 03:58 --------- d-----w C:\Program Files\Paltalk Messenger
2008-04-11 11:14 --------- d-----w C:\Program Files\AIM
2008-04-09 10:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-09 10:24 --------- d-----w C:\Program Files\PowerISO
2008-04-05 06:57 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-19 08:15 82,774 ----a-w C:\Windows\Uninstall Jade Empire.exe
2008-03-18 16:17 --------- d-----w C:\Program Files\Activision
2008-03-18 04:26 --------- d-----w C:\Program Files\9Dragons
2008-03-14 06:04 46,652 ----a-w C:\Windows\system32\drivers\scdemu.sys
2008-03-13 15:01 --------- d-----w C:\Program Files\Windows Live
2008-03-13 15:00 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-13 14:59 --------- d-----w C:\ProgramData\WLInstaller
2008-03-13 06:00 --------- d-----w C:\Program Files\OGPlanet
2008-02-27 08:51 --------- d-----w C:\Program Files\Warcraft III
2008-02-19 18:27 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-01-19 09:28 142 ----a-w C:\Users\Boss\naruto_385.zip
2008-01-19 08:20 96,282,697 ----a-w C:\Users\Boss\rybka.zip
2008-01-19 08:01 5,002,240 ----a-w C:\Users\Boss\Rybka_v2.1c.demo.x64.exe
2008-01-19 08:00 4,681,728 ----a-w C:\Users\Boss\Rybka_v2.1c.demo.w32.exe
2008-01-19 07:53 590,942 ----a-w C:\Users\Boss\rebdec10.zip
2008-01-18 05:33 22,122 ----a-w C:\Users\Boss\shredder.classic.1.2.patch-icu.zip
2008-01-17 08:32 7,755,319 ----a-w C:\Users\Boss\SetupShredderClassic3.exe
2008-01-15 07:36 52,791,359 ----a-w C:\Users\Boss\NXMREQ.zip
2008-01-15 07:36 1,158,444 ----a-w C:\Users\Boss\setup.zip
2008-01-15 06:34 214,016 ----a-w C:\Users\Boss\ChessmasterChallenge-dm.exe
2008-01-14 13:04 1,337,837 ----a-w C:\Users\Boss\ant_stratego_install.exe
2008-01-02 15:32 527,905 ----a-w C:\Users\Boss\KainSetup.exe
2008-01-02 15:32 3,619 ----a-w C:\Users\Boss\cpugrab.zip
2008-01-02 05:01 144 ----a-w C:\Users\Boss\naruto_384.zip
2008-01-02 03:42 6,222,376 ----a-w C:\Users\Boss\DivXWebPlayerInstaller.exe
2007-12-29 07:15 22 ----a-w C:\Users\Boss\naruto_384raw.zip
2007-12-27 17:26 562,744 ----a-w C:\Users\Boss\WinPcap_4_1_beta.exe
2007-12-27 06:34 7,171,783 ----a-w C:\Users\Boss\Pcsx2_0.9.4_Setup.exe
2007-12-22 08:10 128 ----a-w C:\Users\Boss\naruto_383.zip
2007-12-20 11:41 128 ----a-w C:\Users\Boss\naruto_382.zip
2007-12-20 08:56 22 ----a-w C:\Users\Boss\DEVIL.MAY.CRY.3.SE.PLUS4TRN.ASXDOX.ZIP
2007-12-20 08:56 22 ----a-w C:\Users\Boss\DEVIL.MAY.CRY.3.SE.PLUS2TRN.ICARUS.ZIP
2007-12-20 08:39 22 ----a-w C:\Users\Boss\DEVIL.MAY.CRY.3.SE.PLUS9TRN.ASXDOX.ZIP
2007-12-19 05:30 22 ----a-w C:\Users\Boss\Chrono_Trigger_(U).zip
2007-12-19 05:28 22 ----a-w C:\Users\Boss\zsnesw151.zip
2007-12-18 08:36 94,181 ----a-w C:\Users\Boss\FABLE.TLC.PLUS7TRN.DEVIANCE.ZIP
2007-12-18 05:27 22 ----a-w C:\Users\Boss\FABLE.TLC.PLUS10TRN.W0RF.ZIP
2007-12-17 09:25 9,237,432 ----a-w C:\Users\Boss\BearShareV6.exe
2007-12-14 10:48 22 ----a-w C:\Users\Boss\naruto_382raw.zip
2007-12-10 22:06 128 ----a-w C:\Users\Boss\naruto_381.zip
2007-12-10 20:03 5,243,518 ----a-w C:\Users\Boss\shareaza_2.3.0.0.exe
2007-12-10 19:59 2,018,059 ----a-w C:\Users\Boss\aresregular209_installer.exe
2007-12-05 09:06 9,733,451 ----a-w C:\Users\Boss\vlc-0.8.6d-win32.exe
2007-12-05 08:36 742,560 ----a-w C:\Users\Boss\PMFplay_H.264_Decoder.exe
2007-12-01 09:47 128 ----a-w C:\Users\Boss\naruto_380.zip
2007-11-30 05:58 40,951,297 ----a-w C:\Users\Boss\NittoLegendsBeta0991.exe
2007-11-24 23:35 128 ----a-w C:\Users\Boss\naruto_379.zip
2007-11-23 21:19 7,555,823 ----a-w C:\Users\Boss\1320v152S.zip
2007-11-22 10:52 22 ----a-w C:\Users\Boss\MoFunZone.com--crysis_6_trainer.zip
2007-11-22 10:29 22,328 ----a-w C:\Users\Boss\AppData\Roaming\PnkBstrK.sys
2007-11-22 10:18 269,312 ----a-w C:\Users\Boss\DAMN_NFO_Viewer_v2-10-0032-RC3.exe
2007-11-19 09:32 3,238,127 ----a-w C:\Users\Boss\naruto_378.zip
2007-11-18 16:35 4,160,370 ----a-w C:\Users\Boss\Call.Of.Duty.4-KEYGEN.1911.exe
2007-11-18 16:30 1,372,178 ----a-w C:\Users\Boss\Call Of Duty 4 Crackfix and Keygen.zip
2007-11-16 10:20 1,027,090 ----a-w C:\Users\Boss\wowclient-downloader.exe
2007-11-15 03:58 2,732,032 ----a-w C:\Users\Boss\ventrilo-3.0.0-Windows-i386.exe
2007-11-07 02:29 1,110,016 ----a-w C:\Users\Boss\CohUpdater.exe
2007-11-06 03:23 2,010,624 ----a-w C:\Users\Boss\ventrilo-2.3.0-Windows-i386.exe
2007-11-04 10:04 118,739,008 ----a-w C:\Users\Boss\TheWitcherPatch_1.1a.exe
2007-11-03 14:57 1,819,802,137 ----a-w C:\Users\Boss\Rappelz_E4_072007_USA.zip
2007-11-02 11:22 22 ----a-w C:\Users\Boss\TheWitcherv1.1aGoldTrainer.zip
2007-11-02 11:22 170,496 ----a-w C:\Users\Boss\The Witcher 1.1a Promo Trainer.exe
2007-11-02 05:12 23,770,568 ----a-w C:\Users\Boss\DivXInstaller.exe
2007-10-31 06:45 8,506,408 ----a-w C:\Users\Boss\Install_AIM59.exe
2007-10-31 06:32 1,550,866 ----a-w C:\Users\Boss\mirc63.exe
2007-10-31 04:16 223,822 ----a-w C:\Users\Boss\AutoRefresher.zip
2007-10-31 01:18 114,781 ----a-w C:\Users\Boss\crysisdemo-ch.zip
2007-10-30 10:13 67,108,864 ----a-w C:\Users\Boss\Windows XP Ultimate Edition (by Johnny) [October2007-R3.1].exe
2007-10-30 10:11 2,104,776 ----a-w C:\Users\Boss\daemon410-x64.exe
2007-10-30 10:11 1,911,240 ----a-w C:\Users\Boss\daemon410-x86.exe
2007-10-30 07:20 5,741,210 ----a-w C:\Users\Boss\WARCRAFT.3.V1.21A.ENG.BOR0.NOCD.ZIP
2007-10-30 07:13 1,135,893 ----a-w C:\Users\Boss\New Compressed (zipped) Folder.zip
2007-10-30 07:07 53,026,744 ----a-w C:\Users\Boss\War3TFT_121a_English.exe
2007-10-30 00:38 1,206,366 ----a-w C:\Users\Boss\wrar371.exe
2007-10-29 23:39 2,721,721 ----a-w C:\Users\Boss\hlsw_1_2_0_setup.exe
2007-10-29 00:40 24,792,040 ----a-w C:\Users\Boss\7-10_vista32_dd_53254.exe
2007-10-29 00:39 60,816,768 ----a-w C:\Users\Boss\setpoint400.exe
2007-10-28 23:09 22 ----a-w C:\Users\Boss\Batch FLV.zip
2007-10-28 23:07 193,797,819 ----a-w C:\Users\Boss\esfb123.exe
2007-10-28 21:55 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-04-19_ 8.36.45.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-19 15:34:38 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-04-19 15:34:38 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-04-19 15:34:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-04-19 15:36:15 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-04-19 15:36:15 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-19 15:29:43 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-21 20:09:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-19 15:29:43 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-21 20:09:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-19 15:29:43 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-21 20:09:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-17 08:21:26 107,508 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-19 15:39:18 107,508 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-17 08:21:26 626,738 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-19 15:39:18 626,738 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-17 08:19:16 76,176 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-19 15:36:57 76,410 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-17 07:51:15 51,652 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-19 15:36:54 51,952 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour"="" []
"eRecoveryService"="" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\Windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Boss^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\10e99fb2]
C:\Windows\system32\gpbxpddd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
--a------ 2007-02-02 11:05 1261568 C:\Program Files\Acer Assist\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
--a------ 2007-06-15 16:48 326440 C:\Acer\Empowering Technology\SysMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
--a------ 2007-02-02 12:24 3383296 C:\Program Files\Acer Registration\ACE1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
--a------ 2007-05-22 15:49 151552 C:\Acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-03-08 04:38 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-02-28 23:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 15:35 67112 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apanel]
C:\ACERSW\config\SetApanel.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-11-23 09:18 962560 C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bdagent]
--a------ 2008-02-16 17:45 360448 C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-20 15:35 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bitdefender antiphishing helper]
--a------ 2007-10-09 15:46 61440 C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bm13daac2e]
C:\Windows\system32\rkmmdbrm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-06-29 16:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-09-18 07:16 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--a------ 2007-04-25 16:33 457216 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2007-03-21 13:00 174872 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
C:\Program Files\McAfee\Common Framework\UdaterUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msserver]
C:\Windows\system32\geBurppn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport]
--a------ 2007-04-06 14:07 439768 C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
c:\Program Files\Norton Internet Security\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing]
--a------ 2007-06-21 18:33 204908 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-03-14 16:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-06-20 01:56 4493312 C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2006-11-02 05:35 1196032 C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spysweeper]
--a------ 2008-01-04 20:56 5367664 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-29 14:59 1271032 c:\program files\steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-07-10 15:30 1006264 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2006-11-02 05:34 2159104 C:\Windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows updates]
c:\windows\system\Update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 05:36 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A5E2F4F9-4ACC-49D9-8E12-34C554A9F1C5}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{CB7A8998-4B1E-4D90-B5D9-67E2D40F82F4}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{D7C7B185-CD7A-4FB4-9C8F-E488FF26D873}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{41DCE02C-9070-4DE4-A4AA-097557D75583}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{9361F589-2C58-4607-9F3E-7EDDFC19A2FB}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{6C205EE7-6E99-49C4-974F-7B80F2BBA6F0}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{5A8AD70F-9DD5-4D8A-9B7C-E626EC865F3A}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{A6F6AFBC-E5E3-4FE5-99E2-7A541B465AFF}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{712344DC-3475-4A33-8CE2-9D00FC463310}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{287BA272-D032-433E-A8A7-6AEDD2FA4BEC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0D5264A-98A1-4CDB-B73A-87736FBCEA20}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{3C8ECEDC-D424-4B98-B403-3AF4A394DD2A}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{998EDADF-65F7-4ED7-BD23-D9AAF420769A}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{B1037FA5-CB88-4F8E-A3E5-851189B3BF45}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{9F614491-7339-4FDC-B9EB-6CD48575C958}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{6D6DCD2A-740B-4E54-B68E-A2BCBB2BEBA0}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{16AA6F9C-957B-435F-ACF1-C2C50D48B9A2}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
"{12591F3D-5523-4A1C-A864-560E0A37FBC8}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
"{C14AB52F-31A8-4107-B71F-15461DFAD792}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{25857231-D771-4C01-8B58-8A1A2C0D0477}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"TCP Query User{E3044BC8-6061-45DA-BB11-A6D4F25C4F2A}C:\\program files\\bittornado\\btdownloadgui.exe"= UDP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"UDP Query User{8496F8D9-EC27-429A-B88E-DD15C7E85E2C}C:\\program files\\bittornado\\btdownloadgui.exe"= TCP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"{6CA13711-570A-485E-96AB-A896129956F0}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{3C5B1A79-646C-4CBA-AD98-77167144067E}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{777150B1-0CF5-4C3A-A3AA-D0DCA50D683B}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{5BE49B3C-6BD0-4EBC-80CD-C652A572F293}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{7128608F-0F06-4D25-8E22-7F767D2FF67D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{B4C66867-FD4B-4822-A29C-13FDDA056869}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{3EC75B3C-CE3C-46D9-83D2-4B8D021214F9}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{BF964E2A-A089-4345-87A0-A56C1E7FCDEC}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{8A7C66C0-C5E9-4F0C-8ACB-8AEE5E2F8C7A}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{6E713BA8-F107-4CC3-9AB6-8EB272CD542D}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{E5EDF402-75F4-4E9B-9970-2E8A455DF1FF}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{F887BB54-0725-4284-B808-AF68A9D8F9FB}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"TCP Query User{B4BD7D29-C84E-4226-8D0E-90ED0494507C}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{7011DE3F-C482-462C-A5CE-55FB6DC58654}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"{A0006030-C83C-44C1-BD85-9CDD309BEC4C}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{5D013D89-BC1B-437F-ACA3-61288C803E03}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{5ADD0E4A-93B4-4A76-B13C-CABFCE8006BA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4B899C01-B222-4B88-A766-7DC5448E592A}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{DD810CF9-628D-48A1-8C7F-A078C7A970D7}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{017FDD7E-5BDF-41B4-9CCB-E3ECEC565734}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{B3C8C70A-BB7D-4505-959D-4BD0921E695B}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{D1F3C5CC-4740-440F-BEE0-E1B3C1DE3AE3}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{53E5F994-E9BE-437D-BC25-DBD73DDB8EC4}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DisabledInterfaces"= {550542C4-3186-48D4-9701-CE8FC3FD0832}

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-06-21 18:33]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2007-02-12 10:46]
R2 eDataSecurity Service;eDataSecurity Service;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 20:34]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-28 20:13]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-10-28 14:33]
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-04 22:03]
S3 DHTRACE;Intel® DHTrace Controller;C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-04-06 14:08]
S3 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-11-20 21:42]
S3 IntelDHSvcConf;IntelDHSvcConf;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2007-04-06 14:08]
S3 NMSCore;Intel® NMSCore;"C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe" [2007-04-06 14:07]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-06-21 13:55]
S3 QualityManager;Intel® Quality Manager;"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe" [2007-04-06 14:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\autorun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5eff3f94-86d1-11dc-8b87-0019212f80c2}]
\shell\autorun\command - K:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd405468-98b9-11dc-9911-0019212f80c2}]
\shell\AutoRun\command - N:\autorun.exe

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 13:14:46
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-21 13:15:43
ComboFix-quarantined-files.txt 2008-04-21 20:15:34
ComboFix2.txt 2008-04-19 15:37:18

Pre-Run: 56,954,007,552 bytes free
Post-Run: 57,100,918,784 bytes free

482 --- E O F --- 2007-10-28 21:52:25




HijackThis.log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:12 PM, on 4/21/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Steam\Steam.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing)
O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IntelDHSvcConf - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (livesrv) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (file missing)
O23 - Service: BitDefender Virus Shield (vsserv) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: VundoFix Service (vundofixsvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: Webroot Spy Sweeper Engine (webrootspysweeperservice) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (xcomm) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 8686 bytes
  • 0

#6
Terryc250
Posted 21 April 2008 - 03:43 PM

Terryc250

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
Here is the active_scan.txt:

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-04-21 14:39:28
PROTECTIONS: 1
MALWARE: 69
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Norton Internet Security 2007 Yes No
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Other.Boss-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\other@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@atdmt[2].txt
00139535 Application/Processor HackTools No 0 Yes No C:\Windows\System32\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Users\Boss\Desktop\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Users\Boss\Desktop\smitrem\smitRem\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Users\Boss\Desktop\smitRem.exe[smitRem/Process.exe]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@tradedoubler[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@247realmedia[3].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@mediaplex[1].txt
00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@mysearch[1].txt
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
00147814 Cookie/AspinallsOnlineCasino TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@pacificpoker[2].txt
00149046 Cookie/Casinotropez TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@casinotropez[1].txt
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@findwhat[1].txt
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@xiti[1].txt
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@gostats[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@toplist[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@statcounter[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@apmebf[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@888[2].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@888[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@advertising[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@realmedia[2].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@zedo[2].txt
00172483 Cookie/888 TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][4].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@bluestreak[2].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@bravenet[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@adultfriendfinder[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@adultfriendfinder[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@target[1].txt
00252281 Adware/Trymedia Adware No 0 Yes No C:\Users\Boss\ChessmasterChallenge-dm.exe
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@atwola[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@smartadserver[1].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
00286734 Cookie/Adserver TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
00517584 Application/SuperFast HackTools No 0 Yes No C:\Users\Boss\Desktop\l2mfix\restart.exe
00517584 Application/SuperFast HackTools No 0 Yes No C:\Users\Boss\Desktop\l2mfix.exe[l2mfix/restart.exe]
00517584 Application/SuperFast HackTools No 0 Yes No C:\Windows\System32\restart.exe
00517584 Application/SuperFast HackTools No 0 Yes No C:\l2m\l2mfix\restart.exe
00517584 Application/SuperFast HackTools No 0 Yes No C:\Users\Boss\Desktop\SmitfraudFix\restart.exe
01018182 Generic Trojan Virus/Trojan No 0 No No D:\Download Accelerator Plus v8.5.5.5 Premium\DAP 8.5.5.5.exe[²ÖÇ\UltraKit-2.exe][spoolsv.exe]
01139220 Generic Trojan Virus/Trojan No 0 Yes No C:\Users\Boss\Desktop\l2mfix.exe
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Users\Boss\Desktop\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
01271851 Generic Malware Virus/Trojan No 0 Yes No C:\backups\backup-20080414-020700-106.dll
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
01650428 Application/ErrorSafe HackTools No 0 Yes No D:\Download Accelerator Plus v8.5.5.5 Premium\Lesnar\DAP.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Users\Boss\Desktop\SmitfraudFix\Reboot.exe
02763634 Trj/ClassLoader.AH Virus/Trojan No 0 Yes No C:\Users\Boss\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\7836d960-2a8fd26f[VaannnaaBaa.class]
02763635 Trj/ClassLoader.AH Virus/Trojan No 0 Yes No C:\Users\Boss\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\7836d960-2a8fd26f[Bnnnnn.class]
02763636 Trj/ClassLoader.AH Virus/Trojan No 0 Yes No C:\Users\Boss\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\7836d960-2a8fd26f[BnnnnBaa.class]
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@advancedcleaner[3].txt
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@advancedcleaner[2].txt
02897073 Cookie/Revenue TrackingCookie No 0 Yes No C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\boss@adsrevenue[2].txt
02912795 Spyware/Virtumonde Spyware No 1 Yes No C:\backups\backup-20080414-020700-439.dll
02914400 Spyware/Vundo Spyware No 0 Yes No C:\QooBox\Quarantine\C\Windows\System32\ckxegiiw.dll.vir
02914400 Spyware/Vundo Spyware No 0 Yes No C:\QooBox\Quarantine\C\Windows\System32\eisbdinj.dll.vir
02914400 Spyware/Vundo Spyware No 0 Yes No C:\QooBox\Quarantine\C\Windows\System32\qhoflpuw.dll.vir
02914400 Spyware/Vundo Spyware No 0 Yes No C:\QooBox\Quarantine\C\Windows\System32\igytqimu.dll.vir
02914400 Spyware/Vundo Spyware No 0 Yes No C:\QooBox\Quarantine\C\Windows\System32\irxbvaay.dll.vir
02914400 Spyware/Vundo Spyware No 0 Yes No C:\QooBox\Quarantine\C\Windows\System32\nrtpvvdi.dll.vir
02914400 Spyware/Vundo Spyware No 0 Yes No C:\QooBox\Quarantine\C\Windows\System32\ixpripeb.dll.vir
02914400 Spyware/Vundo Spyware No 0 Yes No C:\QooBox\Quarantine\C\Windows\System32\mgnwfwtk.dll.vir
02915147 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\cusgi.exe
02917481 Trj/Clicker.WM Virus/Trojan No 1 Yes No C:\Windows\zeqbqwp.sys
02918010 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\Other.Boss-PC\AppData\Local\Temp\tmp003d50a0
02918010 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\Windows\System32\vtUopNDv.dll.vir
02918010 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\Other.Boss-PC\AppData\Local\Temp\tmp0006a7b3
02919031 Spyware/Virtumonde Spyware No 1 Yes No C:\backups\backup-20080416-152626-938.dll
02919038 Spyware/Virtumonde Spyware No 1 Yes No C:\backups\backup-20080414-142226-490.dll
02919142 Trj/Clicker.WM Virus/Trojan No 1 Yes No C:\njhxmjb.exe
02927489 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\Windows\System32\vkbfmyiq.dll.vir
02927489 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\Windows\System32\gpbxpddd.dll.vir
02927489 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\Windows\System32\cmfgfwky.dll.vir
02927493 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\Windows\System32\rkmmdbrm.dll.vir
02927493 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\Windows\System32\palhjgjb.dll.vir
02927493 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\Windows\System32\opgwrqpg.dll.vir
02927493 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\Windows\System32\sasxcmab.dll.vir
02927493 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\Windows\System32\mhiqmjcn.dll.vir
02927493 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\Windows\System32\lokusius.dll.vir
;===============================================================================
=================================================================================
===================
SUSPECTS
Location
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================




Uninstall List:

9Dragons
AC3Filter (remove only)
Acer Arcade Live Main Page
Acer Assist
Acer DV Magician
Acer DVDivine
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePerformance Management
Acer HomeMedia
Acer HomeMedia Connect
Acer Registration
Acer ScreenSaver
Acer SlideShow DVD
Acer Tour
Acer VideoMagician
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware 2007
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 8.1.0
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Ant Stratego
AOL Instant Messenger
AppCore
Ares 2.0.9
Ask Toolbar
Assassin's Creed
AV
Big Kahuna Reef 2
Big Pack 8.4
BitDefender Antivirus 2008
BitTornado 0.3.18
Bricks of Egypt
Call of Duty® 4 - Modern Warfare™
ccCommon
CCleaner (remove only)
CDDRV_Installer
CDisplay 1.8
Chessmaster Challenge (remove only)
Counter-Strike
Counter-Strike: Source
Crysis®
Crysis® SP Demo
dBpowerAMP Music Converter
Deep Fritz GM Deluxe
Devil May Cry 3 Special Edition
DivX Codec
DivX Content Uploader
DivX Player
DivX Web Player
Dream Of Mirror Online
Dynasty
Earth's Special Forces
Empire Earth II
eSobi v2
Fable - The Lost Chapters
FLV Player
Freez FLV to AVI/MPEG/WMV Converter
Galapago
GoldWave v5.20
GSpot Codec Information Appliance
Half-Life
Half-Life 2
HijackThis 2.0.2
HLSW v1.2.0
Intel® Matrix Storage Manager
Intel® PRO Network Connections Drivers
Intel® Viiv™ Software
ITECIR Driver
Jade Empire
Java™ 6 Update 3
Jewel Quest Solitaire
KhalInstallWrapper
LANDE PMF PLAYER
Legacy of Kain
Legacy of Kain: Defiance 1.0
LimeWire PRO 4.14.3
Logitech SetPoint
Luxor 2
MCF Ravenhearst
MechMod
Microsoft .NET Framework 1.1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mIRC
Moyea FLV Downloader version 1.10.0.2
Moyea FLV to Video Converter Pro version 1.25.1.0
MSRedist
MSXML 4.0 SP2 (KB936181)
Mystery Case Files - Prime Suspects
Nero 8
neroxml
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Protection Center
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
PaltalkScene
Panda ActiveScan 2.0
Pcsx2 0.9.4 Watermoose
PDF Settings
PowerISO
PunkBuster Services
Rappelz_USA
Realtek High Definition Audio Driver
Rumble Fighter
Shareaza version 2.3.0.0
Shredder Classic 3
SPBBC 32bit
Spy Sweeper
Spybot - Search & Destroy
Steam
Symantec Real Time Storage Protection Component
SymNet
The Hulk™
The Witcher
Treasures of the Deep
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
VCRedistSetup
Ventrilo Client
VideoLAN VLC media player 0.8.6d
Viewpoint Media Player
Warcraft III
Windows Driver Package - ITE Tech.Inc. (itecir) HIDClass (01/05/2007 5.0.0003.2)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
WinPcap 4.1 beta
WinRAR archiver
World of Warcraft
X-Men™ Legends 2
Yahoo! Toolbar
Zuma Deluxe



ComboFix.txt:

ComboFix 08-04-18.3 - Boss 2008-04-21 13:13:10.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2106 [GMT -7:00]
Running from: C:\Users\Boss\Desktop\ComboFix.exe
Command switches used :: C:\Users\Boss\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))))
.

2008-04-17 00:14 . 2008-04-17 01:16 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-04-17 00:14 . 2008-04-17 01:16 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-04-16 23:45 . 2008-04-16 23:45 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-04-16 23:45 . 2008-04-16 23:45 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-04-16 23:33 . 2008-04-16 23:22 0 --a------ C:\Windows\System32\MSWINSCK - Copy.OCX
2008-04-16 23:23 . 2008-04-16 23:23 <DIR> d-------- C:\Users\Boss\AppData\Roaming\Bitdefender
2008-04-16 23:22 . 2008-04-17 00:49 <DIR> d-a------ C:\Users\All Users\TEMP
2008-04-16 23:22 . 2008-04-16 23:23 <DIR> d-------- C:\Users\All Users\BitDefender
2008-04-16 23:22 . 2008-04-17 00:49 <DIR> d-a------ C:\ProgramData\TEMP
2008-04-16 23:22 . 2008-04-16 23:23 <DIR> d-------- C:\ProgramData\BitDefender
2008-04-16 23:22 . 2008-04-16 23:33 109,248 --a------ C:\Windows\System32\MSWINSCK.OCX
2008-04-16 22:50 . 2008-04-16 22:50 <DIR> d-------- C:\Program Files\CCleaner
2008-04-16 17:34 . 2008-04-16 17:34 <DIR> d-------- C:\Windows\Content.IE5
2008-04-16 17:33 . 2008-04-16 22:11 691 --a------ C:\Users\Boss\AppData\Roaming\GetValue.vbs
2008-04-16 17:33 . 2008-04-16 22:11 35 --a------ C:\Users\Boss\AppData\Roaming\SetValue.bat
2008-04-16 17:32 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-04-16 17:32 . 2008-04-16 22:11 1,534 --a------ C:\Windows\System32\tmp.reg
2008-04-16 16:56 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-04-16 16:56 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-04-16 16:56 . 2008-04-14 19:28 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-04-16 16:56 . 2008-04-12 13:49 82,432 --a------ C:\Windows\System32\IEDFix.exe
2008-04-16 16:56 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-04-16 16:56 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-04-15 19:16 . 2008-04-16 15:20 1,603,057 ---hs---- C:\Windows\System32\ftkucokj.ini
2008-04-14 15:03 . 2008-04-17 01:16 239,561,283 --a------ C:\Windows\MEMORY.DMP
2008-04-14 15:03 . 2008-04-14 15:03 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{993e3e9b-0a6e-11dd-b04c-0019212f80c2}.TMContainer00000000000000000002.regtrans-ms
2008-04-14 15:03 . 2008-04-14 15:03 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{993e3e9b-0a6e-11dd-b04c-0019212f80c2}.TMContainer00000000000000000001.regtrans-ms
2008-04-14 15:03 . 2008-04-14 15:03 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{993e3e9f-0a6e-11dd-b04c-0019212f80c2}.TMContainer00000000000000000002.regtrans-ms
2008-04-14 15:03 . 2008-04-14 15:03 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{993e3e9f-0a6e-11dd-b04c-0019212f80c2}.TMContainer00000000000000000001.regtrans-ms
2008-04-14 15:03 . 2008-04-14 15:03 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{993e3e9b-0a6e-11dd-b04c-0019212f80c2}.TM.blf
2008-04-14 15:03 . 2008-04-14 15:03 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{993e3e9f-0a6e-11dd-b04c-0019212f80c2}.TM.blf
2008-04-14 14:57 . 2008-04-14 14:58 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-04-14 14:57 . 2008-04-14 14:58 <DIR> d-------- C:\ProgramData\Lavasoft
2008-04-14 14:57 . 2008-04-14 14:57 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-14 14:39 . 2008-04-16 17:03 538 --a------ C:\Windows\wininit.ini
2008-04-14 14:24 . 2008-04-16 16:24 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-14 14:24 . 2008-04-16 16:24 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-04-14 14:24 . 2008-04-14 14:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-14 06:50 . 2008-04-14 06:50 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-04-14 06:24 . 2008-04-14 06:50 <DIR> d-------- C:\VundoFix Backups
2008-04-14 02:07 . 2008-04-16 23:09 <DIR> d-------- C:\backups
2008-04-14 02:03 . 2008-04-14 02:04 101,865 --a------ C:\Users\Boss\startuplist.zip
2008-04-14 01:57 . 2005-01-20 13:47 175,616 --a------ C:\Windows\System32\strings.exe
2008-04-14 01:57 . 2006-03-02 23:42 73,728 --a------ C:\Windows\System32\pv.exe
2008-04-14 01:57 . 2005-01-13 21:41 39,184 --a------ C:\Windows\System32\Ntrights.exe
2008-04-14 01:57 . 2005-10-19 18:50 16,384 --a------ C:\Windows\System32\restart.exe
2008-04-14 01:57 . 2005-01-13 21:41 11,254 --a------ C:\Windows\System32\locate.com
2008-04-14 01:56 . 2008-04-14 01:56 <DIR> d-------- C:\l2m
2008-04-13 23:24 . 2008-04-13 23:24 <DIR> d-------- C:\Users\Other.Boss-PC\AppData\Roaming\vlc
2008-04-13 23:04 . 2008-04-13 23:22 2,123,263 ---hs---- C:\Windows\System32\hjqqrnop.ini
2008-04-13 22:36 . 2008-04-13 22:36 <DIR> d-------- C:\Users\Other.Boss-PC\AppData\Roaming\Logitech
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Videos
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Searches
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Saved Games
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Pictures
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Music
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Links
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Downloads
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Documents
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Contacts
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> d-------- C:\Users\Other.Boss-PC\AppData\Roaming\Webroot
2008-04-13 22:22 . 2006-11-02 05:37 <DIR> d-------- C:\Users\Other.Boss-PC\AppData\Roaming\Media Center Programs
2008-04-13 22:22 . 2007-10-28 14:33 <DIR> d--h----- C:\Users\Other.Boss-PC\AppData\Roaming\GTek
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> d--h----- C:\Users\Other.Boss-PC\AppData
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> d-------- C:\Users\Other.Boss-PC
2008-04-13 22:22 . 2008-04-13 22:50 524,288 --ahs---- C:\Users\Other.Boss-PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
2008-04-13 22:22 . 2008-04-13 22:50 524,288 --ahs---- C:\Users\Other.Boss-PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
2008-04-13 22:22 . 2008-04-19 08:31 262,144 --ah----- C:\Users\Other.Boss-PC\ntuser.dat.LOG1
2008-04-13 22:22 . 2008-04-13 22:50 65,536 --ahs---- C:\Users\Other.Boss-PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
2008-04-13 22:22 . 2008-04-13 22:22 0 --ah----- C:\Users\Other.Boss-PC\ntuser.dat.LOG2
2008-04-13 21:20 . 2008-01-04 20:34 163,696 --a------ C:\Windows\System32\drivers\ssidrv.sys
2008-04-13 21:20 . 2008-01-04 20:34 23,920 --a------ C:\Windows\System32\drivers\sskbfd.sys
2008-04-13 21:20 . 2008-01-04 20:34 21,872 --a------ C:\Windows\System32\drivers\sshrmd.sys
2008-04-13 21:20 . 2008-01-04 20:34 20,336 --a------ C:\Windows\System32\drivers\SSFS0BB9.sys
2008-04-13 21:19 . 2008-04-13 21:19 <DIR> d-------- C:\Users\Boss\AppData\Roaming\Webroot
2008-04-13 21:19 . 2008-04-13 21:19 <DIR> d-------- C:\Users\All Users\Webroot
2008-04-13 21:19 . 2008-04-13 21:19 <DIR> d-------- C:\ProgramData\Webroot
2008-04-13 21:19 . 2008-04-13 21:19 <DIR> d-------- C:\Program Files\Webroot
2008-04-13 21:19 . 2008-01-04 20:56 1,526,640 --a------ C:\Windows\WRSetup.dll
2008-04-13 21:04 . 2008-04-13 21:04 <DIR> d-------- C:\Users\Boss\AppData\Roaming\Ubisoft
2008-04-13 20:57 . 2008-04-13 20:57 <DIR> d-------- C:\Users\All Users\Ubisoft
2008-04-13 20:57 . 2008-04-13 20:57 <DIR> d-------- C:\ProgramData\Ubisoft
2008-04-13 20:56 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll
2008-04-13 20:56 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll
2008-04-13 20:56 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll
2008-04-13 20:56 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll
2008-04-13 20:56 . 2007-10-22 03:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll
2008-04-13 20:44 . 2008-04-13 20:44 <DIR> d-------- C:\Program Files\Ubisoft
2008-04-13 20:20 . 2008-04-13 22:51 2,124,379 ---hs---- C:\Windows\System32\mnewvhtl.ini
2008-04-12 15:21 . 2008-04-12 15:21 <DIR> d-------- C:\Users\All Users\Avg7
2008-04-12 15:21 . 2008-04-12 15:21 <DIR> d-------- C:\ProgramData\Avg7
2008-04-12 11:09 . 2008-04-12 11:09 53,768 --a------ C:\Windows\System32\drivers\avgwfp.sys
2008-04-12 05:46 . 2008-04-12 05:46 <DIR> d-------- C:\Program Files\Panda Security
2008-04-12 03:05 . 2008-04-16 16:56 <DIR> d-------- C:\QUARANTINE
2008-04-12 03:04 . 2008-04-12 03:04 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2008-04-12 03:04 . 2006-12-19 15:06 1,495,552 --a------ C:\Windows\System32\epoPGPsdk.dll
2008-04-12 00:04 . 2008-04-16 23:31 121 --a------ C:\Windows\bdagent.INI
2008-04-11 23:53 . 2008-04-11 23:53 <DIR> d-------- C:\Program Files\BitDefender
2008-04-11 23:52 . 2008-04-16 23:22 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-04-11 22:48 . 2008-04-11 22:48 <DIR> d-------- C:\Program Files\AskPBar
2008-04-11 02:01 . 2008-04-11 02:04 <DIR> d-------- C:\booti2
2008-04-11 01:59 . 2008-04-11 02:11 <DIR> d-------- C:\booti
2008-04-11 00:59 . 2008-04-11 01:39 <DIR> d-------- C:\Windows\BDOSCAN8
2008-04-11 00:21 . 2008-04-11 00:22 <DIR> d-------- C:\Naruto_397[Binktopia]
2008-04-10 23:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\Other\Videos
2008-04-10 23:01 . 2006-11-02 03:23 <DIR> d-------- C:\Users\Other\Saved Games
2008-04-10 23:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\Other\Pictures
2008-04-10 23:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\Other\Music
2008-04-10 23:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\Other\Links
2008-04-10 23:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\Other\Downloads
2008-04-10 23:01 . 2008-04-10 23:01 <DIR> dr------- C:\Users\Other\Documents
2008-04-10 23:01 . 2006-11-02 04:18 <DIR> d--h----- C:\Users\Other\AppData
2008-04-10 23:01 . 2008-04-10 23:01 <DIR> d-------- C:\Users\Other
2008-04-10 23:01 . 2008-04-10 23:01 524,288 --ahs---- C:\Users\Other\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
2008-04-10 23:01 . 2008-04-10 23:01 524,288 --ahs---- C:\Users\Other\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
2008-04-10 23:01 . 2008-04-19 08:30 197,632 --ah----- C:\Users\Other\ntuser.dat.LOG1
2008-04-10 23:01 . 2008-04-10 23:01 65,536 --ahs---- C:\Users\Other\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
2008-04-10 23:01 . 2008-04-10 23:01 0 --ah----- C:\Users\Other\ntuser.dat.LOG2
2008-04-10 21:35 . 2008-04-10 21:35 2 --a------ C:\283746077
2008-04-10 21:17 . 2008-04-10 21:17 159,744 --a------ C:\gkpaxt.exe
2008-04-10 21:17 . 2008-04-10 21:17 58,880 --a------ C:\njhxmjb.exe
2008-04-10 21:17 . 55,218 C:\Windows\zeqbqwp.sys
2008-04-10 21:17 . 2008-04-10 21:17 44,544 --a------ C:\ncolyrif.exe
2008-04-10 21:17 . 2008-04-10 21:17 12,800 --a------ C:\cusgi.exe
2008-04-10 21:17 . 2008-04-10 21:17 4,096 --a------ C:\vhyp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 20:12 --------- d-s---w C:\Program Files\HLSW
2008-04-21 07:51 --------- d-----w C:\Program Files\Steam
2008-04-21 02:47 --------- d-----w C:\Users\Boss\AppData\Roaming\LimeWire
2008-04-17 07:08 --------- d-----w C:\ProgramData\Symantec
2008-04-17 06:52 --------- d-----w C:\Program Files\Symantec
2008-04-17 06:45 --------- d-----w C:\Users\Boss\AppData\Roaming\uTorrent
2008-04-14 21:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-14 20:58 0 ----a-w C:\Program Files\New Text Document.txt
2008-04-14 09:03 401,720 ----a-w C:\HijackThis.exe
2008-04-14 03:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-12 03:58 --------- d-----w C:\Program Files\Paltalk Messenger
2008-04-11 11:14 --------- d-----w C:\Program Files\AIM
2008-04-09 10:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-09 10:24 --------- d-----w C:\Program Files\PowerISO
2008-04-05 06:57 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-19 08:15 82,774 ----a-w C:\Windows\Uninstall Jade Empire.exe
2008-03-18 16:17 --------- d-----w C:\Program Files\Activision
2008-03-18 04:26 --------- d-----w C:\Program Files\9Dragons
2008-03-14 06:04 46,652 ----a-w C:\Windows\system32\drivers\scdemu.sys
2008-03-13 15:01 --------- d-----w C:\Program Files\Windows Live
2008-03-13 15:00 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-13 14:59 --------- d-----w C:\ProgramData\WLInstaller
2008-03-13 06:00 --------- d-----w C:\Program Files\OGPlanet
2008-02-27 08:51 --------- d-----w C:\Program Files\Warcraft III
2008-02-19 18:27 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-01-19 09:28 142 ----a-w C:\Users\Boss\naruto_385.zip
2008-01-19 08:20 96,282,697 ----a-w C:\Users\Boss\rybka.zip
2008-01-19 08:01 5,002,240 ----a-w C:\Users\Boss\Rybka_v2.1c.demo.x64.exe
2008-01-19 08:00 4,681,728 ----a-w C:\Users\Boss\Rybka_v2.1c.demo.w32.exe
2008-01-19 07:53 590,942 ----a-w C:\Users\Boss\rebdec10.zip
2008-01-18 05:33 22,122 ----a-w C:\Users\Boss\shredder.classic.1.2.patch-icu.zip
2008-01-17 08:32 7,755,319 ----a-w C:\Users\Boss\SetupShredderClassic3.exe
2008-01-15 07:36 52,791,359 ----a-w C:\Users\Boss\NXMREQ.zip
2008-01-15 07:36 1,158,444 ----a-w C:\Users\Boss\setup.zip
2008-01-15 06:34 214,016 ----a-w C:\Users\Boss\ChessmasterChallenge-dm.exe
2008-01-14 13:04 1,337,837 ----a-w C:\Users\Boss\ant_stratego_install.exe
2008-01-02 15:32 527,905 ----a-w C:\Users\Boss\KainSetup.exe
2008-01-02 15:32 3,619 ----a-w C:\Users\Boss\cpugrab.zip
2008-01-02 05:01 144 ----a-w C:\Users\Boss\naruto_384.zip
2008-01-02 03:42 6,222,376 ----a-w C:\Users\Boss\DivXWebPlayerInstaller.exe
2007-12-29 07:15 22 ----a-w C:\Users\Boss\naruto_384raw.zip
2007-12-27 17:26 562,744 ----a-w C:\Users\Boss\WinPcap_4_1_beta.exe
2007-12-27 06:34 7,171,783 ----a-w C:\Users\Boss\Pcsx2_0.9.4_Setup.exe
2007-12-22 08:10 128 ----a-w C:\Users\Boss\naruto_383.zip
2007-12-20 11:41 128 ----a-w C:\Users\Boss\naruto_382.zip
2007-12-20 08:56 22 ----a-w C:\Users\Boss\DEVIL.MAY.CRY.3.SE.PLUS4TRN.ASXDOX.ZIP
2007-12-20 08:56 22 ----a-w C:\Users\Boss\DEVIL.MAY.CRY.3.SE.PLUS2TRN.ICARUS.ZIP
2007-12-20 08:39 22 ----a-w C:\Users\Boss\DEVIL.MAY.CRY.3.SE.PLUS9TRN.ASXDOX.ZIP
2007-12-19 05:30 22 ----a-w C:\Users\Boss\Chrono_Trigger_(U).zip
2007-12-19 05:28 22 ----a-w C:\Users\Boss\zsnesw151.zip
2007-12-18 08:36 94,181 ----a-w C:\Users\Boss\FABLE.TLC.PLUS7TRN.DEVIANCE.ZIP
2007-12-18 05:27 22 ----a-w C:\Users\Boss\FABLE.TLC.PLUS10TRN.W0RF.ZIP
2007-12-17 09:25 9,237,432 ----a-w C:\Users\Boss\BearShareV6.exe
2007-12-14 10:48 22 ----a-w C:\Users\Boss\naruto_382raw.zip
2007-12-10 22:06 128 ----a-w C:\Users\Boss\naruto_381.zip
2007-12-10 20:03 5,243,518 ----a-w C:\Users\Boss\shareaza_2.3.0.0.exe
2007-12-10 19:59 2,018,059 ----a-w C:\Users\Boss\aresregular209_installer.exe
2007-12-05 09:06 9,733,451 ----a-w C:\Users\Boss\vlc-0.8.6d-win32.exe
2007-12-05 08:36 742,560 ----a-w C:\Users\Boss\PMFplay_H.264_Decoder.exe
2007-12-01 09:47 128 ----a-w C:\Users\Boss\naruto_380.zip
2007-11-30 05:58 40,951,297 ----a-w C:\Users\Boss\NittoLegendsBeta0991.exe
2007-11-24 23:35 128 ----a-w C:\Users\Boss\naruto_379.zip
2007-11-23 21:19 7,555,823 ----a-w C:\Users\Boss\1320v152S.zip
2007-11-22 10:52 22 ----a-w C:\Users\Boss\MoFunZone.com--crysis_6_trainer.zip
2007-11-22 10:29 22,328 ----a-w C:\Users\Boss\AppData\Roaming\PnkBstrK.sys
2007-11-22 10:18 269,312 ----a-w C:\Users\Boss\DAMN_NFO_Viewer_v2-10-0032-RC3.exe
2007-11-19 09:32 3,238,127 ----a-w C:\Users\Boss\naruto_378.zip
2007-11-18 16:35 4,160,370 ----a-w C:\Users\Boss\Call.Of.Duty.4-KEYGEN.1911.exe
2007-11-18 16:30 1,372,178 ----a-w C:\Users\Boss\Call Of Duty 4 Crackfix and Keygen.zip
2007-11-16 10:20 1,027,090 ----a-w C:\Users\Boss\wowclient-downloader.exe
2007-11-15 03:58 2,732,032 ----a-w C:\Users\Boss\ventrilo-3.0.0-Windows-i386.exe
2007-11-07 02:29 1,110,016 ----a-w C:\Users\Boss\CohUpdater.exe
2007-11-06 03:23 2,010,624 ----a-w C:\Users\Boss\ventrilo-2.3.0-Windows-i386.exe
2007-11-04 10:04 118,739,008 ----a-w C:\Users\Boss\TheWitcherPatch_1.1a.exe
2007-11-03 14:57 1,819,802,137 ----a-w C:\Users\Boss\Rappelz_E4_072007_USA.zip
2007-11-02 11:22 22 ----a-w C:\Users\Boss\TheWitcherv1.1aGoldTrainer.zip
2007-11-02 11:22 170,496 ----a-w C:\Users\Boss\The Witcher 1.1a Promo Trainer.exe
2007-11-02 05:12 23,770,568 ----a-w C:\Users\Boss\DivXInstaller.exe
2007-10-31 06:45 8,506,408 ----a-w C:\Users\Boss\Install_AIM59.exe
2007-10-31 06:32 1,550,866 ----a-w C:\Users\Boss\mirc63.exe
2007-10-31 04:16 223,822 ----a-w C:\Users\Boss\AutoRefresher.zip
2007-10-31 01:18 114,781 ----a-w C:\Users\Boss\crysisdemo-ch.zip
2007-10-30 10:13 67,108,864 ----a-w C:\Users\Boss\Windows XP Ultimate Edition (by Johnny) [October2007-R3.1].exe
2007-10-30 10:11 2,104,776 ----a-w C:\Users\Boss\daemon410-x64.exe
2007-10-30 10:11 1,911,240 ----a-w C:\Users\Boss\daemon410-x86.exe
2007-10-30 07:20 5,741,210 ----a-w C:\Users\Boss\WARCRAFT.3.V1.21A.ENG.BOR0.NOCD.ZIP
2007-10-30 07:13 1,135,893 ----a-w C:\Users\Boss\New Compressed (zipped) Folder.zip
2007-10-30 07:07 53,026,744 ----a-w C:\Users\Boss\War3TFT_121a_English.exe
2007-10-30 00:38 1,206,366 ----a-w C:\Users\Boss\wrar371.exe
2007-10-29 23:39 2,721,721 ----a-w C:\Users\Boss\hlsw_1_2_0_setup.exe
2007-10-29 00:40 24,792,040 ----a-w C:\Users\Boss\7-10_vista32_dd_53254.exe
2007-10-29 00:39 60,816,768 ----a-w C:\Users\Boss\setpoint400.exe
2007-10-28 23:09 22 ----a-w C:\Users\Boss\Batch FLV.zip
2007-10-28 23:07 193,797,819 ----a-w C:\Users\Boss\esfb123.exe
2007-10-28 21:55 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-04-19_ 8.36.45.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-19 15:34:38 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-04-19 15:34:38 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-04-19 15:34:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-04-19 15:36:15 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-04-19 15:36:15 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-19 15:29:43 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-21 20:09:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-19 15:29:43 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-21 20:09:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-19 15:29:43 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-21 20:09:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-17 08:21:26 107,508 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-19 15:39:18 107,508 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-17 08:21:26 626,738 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-19 15:39:18 626,738 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-17 08:19:16 76,176 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-19 15:36:57 76,410 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-17 07:51:15 51,652 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-19 15:36:54 51,952 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour"="" []
"eRecoveryService"="" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\Windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Boss^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\10e99fb2]
C:\Windows\system32\gpbxpddd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
--a------ 2007-02-02 11:05 1261568 C:\Program Files\Acer Assist\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
--a------ 2007-06-15 16:48 326440 C:\Acer\Empowering Technology\SysMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
--a------ 2007-02-02 12:24 3383296 C:\Program Files\Acer Registration\ACE1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
--a------ 2007-05-22 15:49 151552 C:\Acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-03-08 04:38 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-02-28 23:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 15:35 67112 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apanel]
C:\ACERSW\config\SetApanel.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-11-23 09:18 962560 C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bdagent]
--a------ 2008-02-16 17:45 360448 C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-20 15:35 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bitdefender antiphishing helper]
--a------ 2007-10-09 15:46 61440 C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bm13daac2e]
C:\Windows\system32\rkmmdbrm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-06-29 16:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-09-18 07:16 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--a------ 2007-04-25 16:33 457216 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2007-03-21 13:00 174872 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
C:\Program Files\McAfee\Common Framework\UdaterUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msserver]
C:\Windows\system32\geBurppn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport]
--a------ 2007-04-06 14:07 439768 C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
c:\Program Files\Norton Internet Security\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing]
--a------ 2007-06-21 18:33 204908 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxper
  • 0

#7
sage5
Posted 21 April 2008 - 06:30 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Something went wrong with the last instructions I sent you.
None of the deletions happened.
Did you highlight all the text in the codebox?
Please retry those directions, from the
Create a CombFix Script:

& this time just post the combofix log produced.

Edited by sage5, 21 April 2008 - 06:31 PM.

  • 0

#8
Terryc250
Posted 24 April 2008 - 03:44 AM

Terryc250

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
It might have been because when i pasted it for some reason they all pasted on one line instead of a big list, so i had to go across pressing enter making them into a list, anyway here is the combofix.txt:

ComboFix 08-04-18.3 - Boss 2008-04-24 2:32:24.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1947 [GMT -7:00]
Running from: C:\Users\Boss\Desktop\ComboFix.exe
Command switches used :: C:\Users\Boss\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\283746077
C:\cusgi.exe
C:\gkpaxt.exe
C:\ncolyrif.exe
C:\njhxmjb.exe
C:\Users\Boss\1320v152S.zip
C:\Users\Boss\7-10_vista32_dd_53254.exe
C:\Users\Boss\ant_stratego_install.exe
C:\Users\Boss\aresregular209_installer.exe
C:\Users\Boss\AutoRefresher.zip
C:\Users\Boss\Batch FLV.zip
C:\Users\Boss\BearShareV6.exe
C:\Users\Boss\Call Of Duty 4 Crackfix and Keygen.zip
C:\Users\Boss\Call.Of.Duty.4-KEYGEN.1911.exe
C:\Users\Boss\ChessmasterChallenge-dm.exe
C:\Users\Boss\Chrono_Trigger_(U).zip
C:\Users\Boss\CohUpdater.exe
C:\Users\Boss\cpugrab.zip
C:\Users\Boss\crysisdemo-ch.zip
C:\Users\Boss\daemon410-x64.exe
C:\Users\Boss\daemon410-x86.exe
C:\Users\Boss\DAMN_NFO_Viewer_v2-10-0032-RC3.exe
C:\Users\Boss\DEVIL.MAY.CRY.3.SE.PLUS2TRN.ICARUS.ZIP
C:\Users\Boss\DEVIL.MAY.CRY.3.SE.PLUS4TRN.ASXDOX.ZIP
C:\Users\Boss\DEVIL.MAY.CRY.3.SE.PLUS9TRN.ASXDOX.ZIP
C:\Users\Boss\DivXInstaller.exe
C:\Users\Boss\DivXWebPlayerInstaller.exe
C:\Users\Boss\esfb123.exe
C:\Users\Boss\FABLE.TLC.PLUS10TRN.W0RF.ZIP
C:\Users\Boss\FABLE.TLC.PLUS7TRN.DEVIANCE.ZIP
C:\Users\Boss\hlsw_1_2_0_setup.exe
C:\Users\Boss\Install_AIM59.exe
C:\Users\Boss\KainSetup.exe
C:\Users\Boss\mirc63.exe
C:\Users\Boss\MoFunZone.com--crysis_6_trainer.zip
C:\Users\Boss\naruto_378.zip
C:\Users\Boss\naruto_379.zip
C:\Users\Boss\naruto_380.zip
C:\Users\Boss\naruto_381.zip
C:\Users\Boss\naruto_382.zip
C:\Users\Boss\naruto_382raw.zip
C:\Users\Boss\naruto_383.zip
C:\Users\Boss\naruto_384.zip
C:\Users\Boss\naruto_384raw.zip
C:\Users\Boss\naruto_385.zip
C:\Users\Boss\New Compressed (zipped) Folder.zip
C:\Users\Boss\NittoLegendsBeta0991.exe
C:\Users\Boss\NXMREQ.zip
C:\Users\Boss\Pcsx2_0.9.4_Setup.exe
C:\Users\Boss\PMFplay_H.264_Decoder.exe
C:\Users\Boss\Rappelz_E4_072007_USA.zip
C:\Users\Boss\rebdec10.zip
C:\Users\Boss\rybka.zip
C:\Users\Boss\Rybka_v2.1c.demo.w32.exe
C:\Users\Boss\Rybka_v2.1c.demo.x64.exe
C:\Users\Boss\setpoint400.exe
C:\Users\Boss\setup.zip
C:\Users\Boss\SetupShredderClassic3.exe
C:\Users\Boss\shareaza_2.3.0.0.exe
C:\Users\Boss\shredder.classic.1.2.patch-icu.zip
C:\Users\Boss\The Witcher 1.1a Promo Trainer.exe
C:\Users\Boss\TheWitcherPatch_1.1a.exe
C:\Users\Boss\TheWitcherv1.1aGoldTrainer.zip
C:\Users\Boss\ventrilo-2.3.0-Windows-i386.exe
C:\Users\Boss\ventrilo-3.0.0-Windows-i386.exe
C:\Users\Boss\vlc-0.8.6d-win32.exe
C:\Users\Boss\War3TFT_121a_English.exe
C:\Users\Boss\WARCRAFT.3.V1.21A.ENG.BOR0.NOCD.ZIP
C:\Users\Boss\Windows XP Ultimate Edition (by Johnny) [October2007-R3.1].exe
C:\Users\Boss\WinPcap_4_1_beta.exe
C:\Users\Boss\wowclient-downloader.exe
C:\Users\Boss\wrar371.exe
C:\Users\Boss\zsnesw151.zip
C:\Users\Other.Boss-PC\ntuser.dat.LOG1
C:\Users\Other.Boss-PC\ntuser.dat.LOG2
C:\Users\Other.Boss-PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
C:\Users\Other.Boss-PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
C:\Users\Other.Boss-PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
C:\Users\Other\ntuser.dat.LOG1
C:\Users\Other\ntuser.dat.LOG2
C:\Users\Other\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
C:\Users\Other\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
C:\Users\Other\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
C:\vhyp.exe
C:\Windows\System32\epoPGPsdk.dll
C:\Windows\System32\ftkucokj.ini
C:\Windows\System32\hjqqrnop.ini
C:\Windows\System32\mnewvhtl.ini
C:\Windows\zeqbqwp.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\283746077
C:\cusgi.exe
C:\gkpaxt.exe
C:\ncolyrif.exe
C:\njhxmjb.exe
C:\Users\Boss\1320v152S.zip
C:\Users\Boss\7-10_vista32_dd_53254.exe
C:\Users\Boss\ant_stratego_install.exe
C:\Users\Boss\AppData\Roaming\inst.exe
C:\Users\Boss\aresregular209_installer.exe
C:\Users\Boss\AutoRefresher.zip
C:\Users\Boss\Batch FLV.zip
C:\Users\Boss\BearShareV6.exe
C:\Users\Boss\Call Of Duty 4 Crackfix and Keygen.zip
C:\Users\Boss\Call.Of.Duty.4-KEYGEN.1911.exe
C:\Users\Boss\ChessmasterChallenge-dm.exe
C:\Users\Boss\Chrono_Trigger_(U).zip
C:\Users\Boss\CohUpdater.exe
C:\Users\Boss\cpugrab.zip
C:\Users\Boss\crysisdemo-ch.zip
C:\Users\Boss\daemon410-x64.exe
C:\Users\Boss\daemon410-x86.exe
C:\Users\Boss\DAMN_NFO_Viewer_v2-10-0032-RC3.exe
C:\Users\Boss\DEVIL.MAY.CRY.3.SE.PLUS2TRN.ICARUS.ZIP
C:\Users\Boss\DEVIL.MAY.CRY.3.SE.PLUS4TRN.ASXDOX.ZIP
C:\Users\Boss\DEVIL.MAY.CRY.3.SE.PLUS9TRN.ASXDOX.ZIP
C:\Users\Boss\DivXInstaller.exe
C:\Users\Boss\DivXWebPlayerInstaller.exe
C:\Users\Boss\esfb123.exe
C:\Users\Boss\FABLE.TLC.PLUS10TRN.W0RF.ZIP
C:\Users\Boss\FABLE.TLC.PLUS7TRN.DEVIANCE.ZIP
C:\Users\Boss\hlsw_1_2_0_setup.exe
C:\Users\Boss\Install_AIM59.exe
C:\Users\Boss\KainSetup.exe
C:\Users\Boss\mirc63.exe
C:\Users\Boss\MoFunZone.com--crysis_6_trainer.zip
C:\Users\Boss\naruto_378.zip
C:\Users\Boss\naruto_379.zip
C:\Users\Boss\naruto_380.zip
C:\Users\Boss\naruto_381.zip
C:\Users\Boss\naruto_382.zip
C:\Users\Boss\naruto_382raw.zip
C:\Users\Boss\naruto_383.zip
C:\Users\Boss\naruto_384.zip
C:\Users\Boss\naruto_384raw.zip
C:\Users\Boss\naruto_385.zip
C:\Users\Boss\New Compressed (zipped) Folder.zip
C:\Users\Boss\NittoLegendsBeta0991.exe
C:\Users\Boss\NXMREQ.zip
C:\Users\Boss\Pcsx2_0.9.4_Setup.exe
C:\Users\Boss\PMFplay_H.264_Decoder.exe
C:\Users\Boss\Rappelz_E4_072007_USA.zip
C:\Users\Boss\rebdec10.zip
C:\Users\Boss\rybka.zip
C:\Users\Boss\Rybka_v2.1c.demo.w32.exe
C:\Users\Boss\Rybka_v2.1c.demo.x64.exe
C:\Users\Boss\setpoint400.exe
C:\Users\Boss\setup.zip
C:\Users\Boss\SetupShredderClassic3.exe
C:\Users\Boss\shareaza_2.3.0.0.exe
C:\Users\Boss\shredder.classic.1.2.patch-icu.zip
C:\Users\Boss\The Witcher 1.1a Promo Trainer.exe
C:\Users\Boss\TheWitcherPatch_1.1a.exe
C:\Users\Boss\TheWitcherv1.1aGoldTrainer.zip
C:\Users\Boss\ventrilo-2.3.0-Windows-i386.exe
C:\Users\Boss\ventrilo-3.0.0-Windows-i386.exe
C:\Users\Boss\vlc-0.8.6d-win32.exe
C:\Users\Boss\War3TFT_121a_English.exe
C:\Users\Boss\WARCRAFT.3.V1.21A.ENG.BOR0.NOCD.ZIP
C:\Users\Boss\Windows XP Ultimate Edition (by Johnny) [October2007-R3.1].exe
C:\Users\Boss\WinPcap_4_1_beta.exe
C:\Users\Boss\wowclient-downloader.exe
C:\Users\Boss\wrar371.exe
C:\Users\Boss\zsnesw151.zip
C:\Users\Other.Boss-PC\ntuser.dat.LOG1
C:\Users\Other.Boss-PC\ntuser.dat.LOG2
C:\Users\Other.Boss-PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
C:\Users\Other.Boss-PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
C:\Users\Other.Boss-PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
C:\Users\Other\ntuser.dat.LOG1
C:\Users\Other\ntuser.dat.LOG2
C:\Users\Other\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
C:\Users\Other\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
C:\Users\Other\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
C:\vhyp.exe
C:\Windows\System32\epoPGPsdk.dll
C:\Windows\System32\ftkucokj.ini
C:\Windows\System32\hjqqrnop.ini
C:\Windows\System32\mnewvhtl.ini
C:\Windows\zeqbqwp.sys . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
.

2008-04-23 20:46 . 2008-04-23 20:46 <DIR> d-------- C:\Users\All Users\vsosdk
2008-04-23 20:46 . 2008-04-23 20:46 <DIR> d-------- C:\ProgramData\vsosdk
2008-04-23 19:26 . 2008-04-23 19:26 <DIR> d-------- C:\Windows\LastGood.Tmp
2008-04-23 19:25 . 2008-04-23 20:24 <DIR> d-------- C:\Users\Boss\AppData\Roaming\Vso
2008-04-23 19:25 . 2008-04-23 20:55 <DIR> d-------- C:\Program Files\DVDFab Platinum 4
2008-04-23 19:25 . 2008-04-23 19:25 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2008-04-23 19:25 . 2008-04-23 19:25 47,360 --a------ C:\Users\Boss\AppData\Roaming\pcouffin.sys
2008-04-23 18:50 . 2008-04-23 18:50 <DIR> d-------- C:\Program Files\Smart Projects
2008-04-21 23:23 . 2008-04-21 23:23 <DIR> d-------- C:\mugen
2008-04-17 00:14 . 2008-04-17 01:16 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-04-17 00:14 . 2008-04-17 01:16 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-04-16 23:45 . 2008-04-16 23:45 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-04-16 23:45 . 2008-04-16 23:45 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-04-16 23:33 . 2008-04-16 23:22 0 --a------ C:\Windows\System32\MSWINSCK - Copy.OCX
2008-04-16 23:23 . 2008-04-16 23:23 <DIR> d-------- C:\Users\Boss\AppData\Roaming\Bitdefender
2008-04-16 23:22 . 2008-04-17 00:49 <DIR> d-a------ C:\Users\All Users\TEMP
2008-04-16 23:22 . 2008-04-16 23:23 <DIR> d-------- C:\Users\All Users\BitDefender
2008-04-16 23:22 . 2008-04-17 00:49 <DIR> d-a------ C:\ProgramData\TEMP
2008-04-16 23:22 . 2008-04-16 23:23 <DIR> d-------- C:\ProgramData\BitDefender
2008-04-16 23:22 . 2008-04-16 23:33 109,248 --a------ C:\Windows\System32\MSWINSCK.OCX
2008-04-16 22:50 . 2008-04-16 22:50 <DIR> d-------- C:\Program Files\CCleaner
2008-04-16 17:34 . 2008-04-16 17:34 <DIR> d-------- C:\Windows\Content.IE5
2008-04-16 17:33 . 2008-04-16 22:11 691 --a------ C:\Users\Boss\AppData\Roaming\GetValue.vbs
2008-04-16 17:33 . 2008-04-16 22:11 35 --a------ C:\Users\Boss\AppData\Roaming\SetValue.bat
2008-04-16 17:32 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-04-16 17:32 . 2008-04-16 22:11 1,534 --a------ C:\Windows\System32\tmp.reg
2008-04-16 16:56 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-04-16 16:56 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-04-16 16:56 . 2008-04-14 19:28 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-04-16 16:56 . 2008-04-12 13:49 82,432 --a------ C:\Windows\System32\IEDFix.exe
2008-04-16 16:56 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-04-16 16:56 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-04-14 15:03 . 2008-04-17 01:16 239,561,283 --a------ C:\Windows\MEMORY.DMP
2008-04-14 15:03 . 2008-04-14 15:03 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{993e3e9b-0a6e-11dd-b04c-0019212f80c2}.TMContainer00000000000000000002.regtrans-ms
2008-04-14 15:03 . 2008-04-14 15:03 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{993e3e9b-0a6e-11dd-b04c-0019212f80c2}.TMContainer00000000000000000001.regtrans-ms
2008-04-14 15:03 . 2008-04-14 15:03 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{993e3e9f-0a6e-11dd-b04c-0019212f80c2}.TMContainer00000000000000000002.regtrans-ms
2008-04-14 15:03 . 2008-04-14 15:03 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{993e3e9f-0a6e-11dd-b04c-0019212f80c2}.TMContainer00000000000000000001.regtrans-ms
2008-04-14 15:03 . 2008-04-14 15:03 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{993e3e9b-0a6e-11dd-b04c-0019212f80c2}.TM.blf
2008-04-14 15:03 . 2008-04-14 15:03 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{993e3e9f-0a6e-11dd-b04c-0019212f80c2}.TM.blf
2008-04-14 14:57 . 2008-04-14 14:58 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-04-14 14:57 . 2008-04-14 14:58 <DIR> d-------- C:\ProgramData\Lavasoft
2008-04-14 14:57 . 2008-04-14 14:57 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-14 14:39 . 2008-04-16 17:03 538 --a------ C:\Windows\wininit.ini
2008-04-14 14:24 . 2008-04-16 16:24 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-14 14:24 . 2008-04-16 16:24 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-04-14 14:24 . 2008-04-14 14:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-14 06:50 . 2008-04-14 06:50 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-04-14 06:24 . 2008-04-14 06:50 <DIR> d-------- C:\VundoFix Backups
2008-04-14 02:07 . 2008-04-16 23:09 <DIR> d-------- C:\backups
2008-04-14 02:03 . 2008-04-14 02:04 101,865 --a------ C:\Users\Boss\startuplist.zip
2008-04-14 01:57 . 2005-01-20 13:47 175,616 --a------ C:\Windows\System32\strings.exe
2008-04-14 01:57 . 2006-03-02 23:42 73,728 --a------ C:\Windows\System32\pv.exe
2008-04-14 01:57 . 2005-01-13 21:41 39,184 --a------ C:\Windows\System32\Ntrights.exe
2008-04-14 01:57 . 2005-10-19 18:50 16,384 --a------ C:\Windows\System32\restart.exe
2008-04-14 01:57 . 2005-01-13 21:41 11,254 --a------ C:\Windows\System32\locate.com
2008-04-14 01:56 . 2008-04-14 01:56 <DIR> d-------- C:\l2m
2008-04-13 23:24 . 2008-04-13 23:24 <DIR> d-------- C:\Users\Other.Boss-PC\AppData\Roaming\vlc
2008-04-13 22:36 . 2008-04-13 22:36 <DIR> d-------- C:\Users\Other.Boss-PC\AppData\Roaming\Logitech
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Videos
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Searches
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Saved Games
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Pictures
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Music
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Links
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Downloads
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Documents
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> dr------- C:\Users\Other.Boss-PC\Contacts
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> d-------- C:\Users\Other.Boss-PC\AppData\Roaming\Webroot
2008-04-13 22:22 . 2006-11-02 05:37 <DIR> d-------- C:\Users\Other.Boss-PC\AppData\Roaming\Media Center Programs
2008-04-13 22:22 . 2007-10-28 14:33 <DIR> d--h----- C:\Users\Other.Boss-PC\AppData\Roaming\GTek
2008-04-13 22:22 . 2008-04-13 22:22 <DIR> d--h----- C:\Users\Other.Boss-PC\AppData
2008-04-13 22:22 . 2008-04-24 02:32 <DIR> d-------- C:\Users\Other.Boss-PC
2008-04-13 21:20 . 2008-01-04 20:34 163,696 --a------ C:\Windows\System32\drivers\ssidrv.sys
2008-04-13 21:20 . 2008-01-04 20:34 23,920 --a------ C:\Windows\System32\drivers\sskbfd.sys
2008-04-13 21:20 . 2008-01-04 20:34 21,872 --a------ C:\Windows\System32\drivers\sshrmd.sys
2008-04-13 21:20 . 2008-01-04 20:34 20,336 --a------ C:\Windows\System32\drivers\SSFS0BB9.sys
2008-04-13 21:19 . 2008-04-13 21:19 <DIR> d-------- C:\Users\Boss\AppData\Roaming\Webroot
2008-04-13 21:19 . 2008-04-13 21:19 <DIR> d-------- C:\Users\All Users\Webroot
2008-04-13 21:19 . 2008-04-13 21:19 <DIR> d-------- C:\ProgramData\Webroot
2008-04-13 21:19 . 2008-04-13 21:19 <DIR> d-------- C:\Program Files\Webroot
2008-04-13 21:19 . 2008-01-04 20:56 1,526,640 --a------ C:\Windows\WRSetup.dll
2008-04-13 21:04 . 2008-04-13 21:04 <DIR> d-------- C:\Users\Boss\AppData\Roaming\Ubisoft
2008-04-13 20:57 . 2008-04-13 20:57 <DIR> d-------- C:\Users\All Users\Ubisoft
2008-04-13 20:57 . 2008-04-13 20:57 <DIR> d-------- C:\ProgramData\Ubisoft
2008-04-13 20:56 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll
2008-04-13 20:56 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll
2008-04-13 20:56 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll
2008-04-13 20:56 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll
2008-04-13 20:56 . 2007-10-22 03:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll
2008-04-13 20:44 . 2008-04-13 20:44 <DIR> d-------- C:\Program Files\Ubisoft
2008-04-12 15:21 . 2008-04-12 15:21 <DIR> d-------- C:\Users\All Users\Avg7
2008-04-12 15:21 . 2008-04-12 15:21 <DIR> d-------- C:\ProgramData\Avg7
2008-04-12 11:09 . 2008-04-12 11:09 53,768 --a------ C:\Windows\System32\drivers\avgwfp.sys
2008-04-12 05:46 . 2008-04-21 13:23 <DIR> d-------- C:\Program Files\Panda Security
2008-04-12 03:05 . 2008-04-16 16:56 <DIR> d-------- C:\QUARANTINE
2008-04-12 03:04 . 2008-04-12 03:04 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2008-04-12 00:04 . 2008-04-16 23:31 121 --a------ C:\Windows\bdagent.INI
2008-04-11 23:53 . 2008-04-11 23:53 <DIR> d-------- C:\Program Files\BitDefender
2008-04-11 23:52 . 2008-04-16 23:22 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-04-11 22:48 . 2008-04-11 22:48 <DIR> d-------- C:\Program Files\AskPBar
2008-04-11 02:01 . 2008-04-11 02:04 <DIR> d-------- C:\booti2
2008-04-11 01:59 . 2008-04-11 02:11 <DIR> d-------- C:\booti
2008-04-11 00:59 . 2008-04-11 01:39 <DIR> d-------- C:\Windows\BDOSCAN8
2008-04-11 00:21 . 2008-04-11 00:22 <DIR> d-------- C:\Naruto_397[Binktopia]
2008-04-10 23:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\Other\Videos
2008-04-10 23:01 . 2006-11-02 03:23 <DIR> d-------- C:\Users\Other\Saved Games
2008-04-10 23:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\Other\Pictures
2008-04-10 23:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\Other\Music
2008-04-10 23:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\Other\Links
2008-04-10 23:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\Other\Downloads
2008-04-10 23:01 . 2008-04-10 23:01 <DIR> dr------- C:\Users\Other\Documents
2008-04-10 23:01 . 2006-11-02 04:18 <DIR> d--h----- C:\Users\Other\AppData
2008-04-10 23:01 . 2008-04-24 02:32 <DIR> d-------- C:\Users\Other
2008-04-10 21:17 . 55,218 C:\Windows\zeqbqwp.sys
2008-04-09 03:41 . 2008-04-11 01:30 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-04-09 03:41 . 2008-04-11 01:30 <DIR> d-------- C:\ProgramData\FLEXnet
2008-04-09 03:38 . 2008-04-09 03:38 <DIR> d-------- C:\Program Files\Bonjour
2008-04-09 03:32 . 2008-04-09 03:32 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-09 03:27 . 2008-04-09 03:27 <DIR> d-------- C:\Program Files\Adobe CS3
2008-04-04 01:02 . 2008-04-04 01:02 <DIR> d-------- C:\Naruto_396[Binktopia]
2008-04-03 00:53 . 2008-04-03 00:53 <DIR> d-------- C:\esfr
2008-03-31 21:25 . 2008-03-31 21:25 <DIR> d-------- C:\unbrick
2008-03-31 21:03 . 2008-03-31 21:03 <DIR> d-------- C:\game
2008-03-31 18:42 . 2008-03-31 19:22 510 --a------ C:\Windows\WORDPAD.INI
2008-03-28 01:56 . 2008-03-28 01:56 <DIR> d-------- C:\Naruto_395[Binktopia]

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 09:21 --------- d-s---w C:\Program Files\HLSW
2008-04-24 04:41 --------- d-----w C:\Program Files\Steam
2008-04-24 02:25 --------- d-----w C:\Users\Boss\AppData\Roaming\uTorrent
2008-04-21 20:21 401,720 ----a-w C:\HijackThis.exe
2008-04-21 02:47 --------- d-----w C:\Users\Boss\AppData\Roaming\LimeWire
2008-04-17 07:08 --------- d-----w C:\ProgramData\Symantec
2008-04-17 06:52 --------- d-----w C:\Program Files\Symantec
2008-04-14 21:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-14 20:58 0 ----a-w C:\Program Files\New Text Document.txt
2008-04-14 03:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-12 03:58 --------- d-----w C:\Program Files\Paltalk Messenger
2008-04-11 11:14 --------- d-----w C:\Program Files\AIM
2008-04-09 10:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-09 10:24 --------- d-----w C:\Program Files\PowerISO
2008-04-05 06:57 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-19 08:15 82,774 ----a-w C:\Windows\Uninstall Jade Empire.exe
2008-03-18 16:17 --------- d-----w C:\Program Files\Activision
2008-03-18 04:26 --------- d-----w C:\Program Files\9Dragons
2008-03-14 06:04 46,652 ----a-w C:\Windows\system32\drivers\scdemu.sys
2008-03-13 15:01 --------- d-----w C:\Program Files\Windows Live
2008-03-13 15:00 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-13 14:59 --------- d-----w C:\ProgramData\WLInstaller
2008-03-13 06:00 --------- d-----w C:\Program Files\OGPlanet
2008-02-27 08:51 --------- d-----w C:\Program Files\Warcraft III
2007-11-22 10:29 22,328 ----a-w C:\Users\Boss\AppData\Roaming\PnkBstrK.sys
2007-10-28 21:55 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-04-19_ 8.36.45.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-19 15:34:37 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-24 09:35:56 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2007-08-21 21:37:26 124,208 ----a-w C:\Windows\Downloaded Program Files\CONFLICT.1\ascstubie.dll
+ 2007-07-18 21:49:56 12,592 ----a-w C:\Windows\Downloaded Program Files\CONFLICT.1\libcomm.dll
- 2008-04-17 08:14:34 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-04-24 02:26:13 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-04-17 08:14:34 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-04-24 02:26:12 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-04-17 08:14:34 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-04-24 02:26:13 86,016 ----a-w C:\Windows\inf\infstrng.dat
- 2008-04-19 15:34:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-04-24 09:36:21 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-04-19 15:34:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-04-24 09:36:21 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-04-24 09:36:21 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-19 15:29:43 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-24 09:21:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-19 15:29:43 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-24 09:21:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-19 15:29:43 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-24 09:21:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-19 15:33:16 70,680 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Data\settings.dat
+ 2008-04-24 09:34:38 70,680 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Data\settings.dat
+ 2008-04-24 02:25:56 47,360 ----a-w C:\Windows\System32\DriverStore\FileRepository\pcouffin.inf_cd22a42e\pcouffin.sys
- 2008-04-17 08:21:26 107,508 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-19 15:39:18 107,508 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-17 08:21:26 626,738 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-19 15:39:18 626,738 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-17 08:19:16 76,176 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-19 15:36:57 76,410 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-17 07:51:15 51,652 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-19 15:36:54 51,952 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour"="" []
"eRecoveryService"="" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\Windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Boss^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
--a------ 2007-02-02 11:05 1261568 C:\Program Files\Acer Assist\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
--a------ 2007-06-15 16:48 326440 C:\Acer\Empowering Technology\SysMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
--a------ 2007-02-02 12:24 3383296 C:\Program Files\Acer Registration\ACE1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
--a------ 2007-05-22 15:49 151552 C:\Acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-03-08 04:38 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-02-28 23:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 15:35 67112 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apanel]
C:\ACERSW\config\SetApanel.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bdagent]
--a------ 2008-02-16 17:45 360448 C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-20 15:35 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bitdefender antiphishing helper]
--a------ 2007-10-09 15:46 61440 C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-06-29 16:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-09-18 07:16 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--a------ 2007-04-25 16:33 457216 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2007-03-21 13:00 174872 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
C:\Program Files\McAfee\Common Framework\UdaterUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport]
--a------ 2007-04-06 14:07 439768 C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
c:\Program Files\Norton Internet Security\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing]
--a------ 2007-06-21 18:33 204908 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-03-14 16:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-06-20 01:56 4493312 C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2006-11-02 05:35 1196032 C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spysweeper]
--a------ 2008-01-04 20:56 5367664 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-29 14:59 1271032 c:\program files\steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-07-10 15:30 1006264 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2006-11-02 05:34 2159104 C:\Windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows updates]
c:\windows\system\Update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 05:36 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A5E2F4F9-4ACC-49D9-8E12-34C554A9F1C5}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{CB7A8998-4B1E-4D90-B5D9-67E2D40F82F4}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{D7C7B185-CD7A-4FB4-9C8F-E488FF26D873}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{41DCE02C-9070-4DE4-A4AA-097557D75583}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{9361F589-2C58-4607-9F3E-7EDDFC19A2FB}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{6C205EE7-6E99-49C4-974F-7B80F2BBA6F0}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{5A8AD70F-9DD5-4D8A-9B7C-E626EC865F3A}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{A6F6AFBC-E5E3-4FE5-99E2-7A541B465AFF}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{712344DC-3475-4A33-8CE2-9D00FC463310}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{287BA272-D032-433E-A8A7-6AEDD2FA4BEC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0D5264A-98A1-4CDB-B73A-87736FBCEA20}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{3C8ECEDC-D424-4B98-B403-3AF4A394DD2A}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{998EDADF-65F7-4ED7-BD23-D9AAF420769A}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{B1037FA5-CB88-4F8E-A3E5-851189B3BF45}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{9F614491-7339-4FDC-B9EB-6CD48575C958}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{6D6DCD2A-740B-4E54-B68E-A2BCBB2BEBA0}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{16AA6F9C-957B-435F-ACF1-C2C50D48B9A2}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
"{12591F3D-5523-4A1C-A864-560E0A37FBC8}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
"{C14AB52F-31A8-4107-B71F-15461DFAD792}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{25857231-D771-4C01-8B58-8A1A2C0D0477}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"TCP Query User{E3044BC8-6061-45DA-BB11-A6D4F25C4F2A}C:\\program files\\bittornado\\btdownloadgui.exe"= UDP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"UDP Query User{8496F8D9-EC27-429A-B88E-DD15C7E85E2C}C:\\program files\\bittornado\\btdownloadgui.exe"= TCP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"{6CA13711-570A-485E-96AB-A896129956F0}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{3C5B1A79-646C-4CBA-AD98-77167144067E}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{777150B1-0CF5-4C3A-A3AA-D0DCA50D683B}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{5BE49B3C-6BD0-4EBC-80CD-C652A572F293}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{7128608F-0F06-4D25-8E22-7F767D2FF67D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{B4C66867-FD4B-4822-A29C-13FDDA056869}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{3EC75B3C-CE3C-46D9-83D2-4B8D021214F9}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{BF964E2A-A089-4345-87A0-A56C1E7FCDEC}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{8A7C66C0-C5E9-4F0C-8ACB-8AEE5E2F8C7A}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{6E713BA8-F107-4CC3-9AB6-8EB272CD542D}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{E5EDF402-75F4-4E9B-9970-2E8A455DF1FF}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{F887BB54-0725-4284-B808-AF68A9D8F9FB}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"TCP Query User{B4BD7D29-C84E-4226-8D0E-90ED0494507C}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{7011DE3F-C482-462C-A5CE-55FB6DC58654}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"{A0006030-C83C-44C1-BD85-9CDD309BEC4C}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{5D013D89-BC1B-437F-ACA3-61288C803E03}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{5ADD0E4A-93B4-4A76-B13C-CABFCE8006BA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4B899C01-B222-4B88-A766-7DC5448E592A}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{DD810CF9-628D-48A1-8C7F-A078C7A970D7}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{017FDD7E-5BDF-41B4-9CCB-E3ECEC565734}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{B3C8C70A-BB7D-4505-959D-4BD0921E695B}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{D1F3C5CC-4740-440F-BEE0-E1B3C1DE3AE3}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{53E5F994-E9BE-437D-BC25-DBD73DDB8EC4}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DisabledInterfaces"= {550542C4-3186-48D4-9701-CE8FC3FD0832}

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-06-21 18:33]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2007-02-12 10:46]
R2 eDataSecurity Service;eDataSecurity Service;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 20:34]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-28 20:13]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-10-28 14:33]
S3 DHTRACE;Intel® DHTrace Controller;C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-04-06 14:08]
S3 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-11-20 21:42]
S3 IntelDHSvcConf;IntelDHSvcConf;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2007-04-06 14:08]
S3 NMSCore;Intel® NMSCore;"C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe" [2007-04-06 14:07]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-06-21 13:55]
S3 QualityManager;Intel® Quality Manager;"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe" [2007-04-06 14:10]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-04 22:03]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\autorun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5eff3f94-86d1-11dc-8b87-0019212f80c2}]
\shell\autorun\command - K:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd405468-98b9-11dc-9911-0019212f80c2}]
\shell\AutoRun\command - N:\autorun.exe

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 02:36:25
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\Ati2evxx.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Windows\System32\WUDFHost.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-04-24 2:39:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-24 09:38:56
ComboFix2.txt 2008-04-21 20:15:44
ComboFix3.txt 2008-04-19 15:37:18

Pre-Run: 49,278,607,360 bytes free
Post-Run: 49,172,013,056 bytes free

626 --- E O F --- 2007-10-28 21:52:25
  • 0

#9
sage5
Posted 24 April 2008 - 06:32 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Terryc250,


Please download the following & save to your Desktop:
SDFix


Run SDFix:
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save it as C:\SDFix\Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

  • 0

#10
Terryc250
Posted 28 April 2008 - 02:52 AM

Terryc250

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
For some reason when i open RunThis.bat command prompt opens up for a split second then just closes
  • 0

#11
sage5
Posted 28 April 2008 - 11:41 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Terryc250,

That is a disappointing result.
Let's try a different scanner to see what's going on.

Please download the following & save to your Desktop:
Deckard's System Scanner

Run Deckard's System Scanner:
  • Close all other windows before proceeding.
  • Double click on the dss.exe file on your Desktop and follow the prompts.
  • Scans will run, and 2 text files will open in Notepad.
  • Close both of the text files.
These files are C:\Deckard\System Scanner\main.txt & extra.txt.
I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of
  • main.txt
  • extra.txt
in your next reply.
  • 0

#12
Terryc250
Posted 29 April 2008 - 08:09 PM

Terryc250

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
Deckard's System Scanner v20071014.68
Run by Boss on 2008-04-29 19:03:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 2 Restore Point(s) --
2: 2008-04-30 01:46:17 UTC - RP335 - ComboFix created restore point
1: 2008-04-30 01:35:04 UTC - RP334 - Last known good configuration


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Boss.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:08 PM, on 4/29/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Users\Boss\Desktop\dss.exe
C:\Boss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {512fc5a1-7de1-43f1-bc0c-371622fcb409} (TotalScan Installer Class) - http://www.nanoscan....s/ascstubie.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing)
O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IntelDHSvcConf - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (livesrv) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (file missing)
O23 - Service: BitDefender Virus Shield (vsserv) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: VundoFix Service (vundofixsvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: Webroot Spy Sweeper Engine (webrootspysweeperservice) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (xcomm) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 9046 bytes

-- HijackThis Fixed Entries (C:\\backups\) -------------------------------------

backup-20080414-020700-106 O2 - BHO: Ask Toolbar BHO - {f4d76f01-7896-458a-890f-e1f05c46069f} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
backup-20080414-020700-113 O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
backup-20080414-020700-153 O2 - BHO: Ask Search Assistant BHO - {0a94b111-4504-4e26-ab05-e61e474aa38b} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
backup-20080414-020700-245 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080414-020700-256 O4 - HKLM\..\Run: [BM13daac2e] Rundll32.exe "C:\Windows\system32\vahygity.dll",s
backup-20080414-020700-302 O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtUopNDv.dll,#1
backup-20080414-020700-416 O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
backup-20080414-020700-439 O2 - BHO: (no name) - {01a33d85-4706-452a-b71a-99510ada8c0c} - C:\Windows\system32\wvUnMcCR.dll
backup-20080414-020700-444 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20080414-020700-497 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
backup-20080414-020700-565 O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
backup-20080414-020700-659 R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
backup-20080414-020700-680 O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
backup-20080414-020700-751 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
backup-20080414-020700-772 O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
backup-20080414-020700-826 O4 - HKLM\..\Run: [10e99fb2] rundll32.exe "C:\Windows\system32\imksknvw.dll",b
backup-20080414-020700-837 O2 - BHO: (no name) - {01E0BF96-F217-4F8C-8980-8EFB4030A294} - C:\Windows\system32\fccCVPIB.dll
backup-20080414-020701-230 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
backup-20080414-020701-384 O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
backup-20080414-020701-686 O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
backup-20080414-020701-735 O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
backup-20080414-020701-963 O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
backup-20080414-142201-260 O4 - HKLM\..\Run: [BM13daac2e] Rundll32.exe "C:\Windows\system32\jlwhivfu.dll",s
backup-20080414-142201-421 O4 - HKLM\..\Run: [10e99fb2] rundll32.exe "C:\Windows\system32\oexkvwye.dll",b
backup-20080414-142226-490 O2 - BHO: {3b55c645-bf55-1a29-88e4-2ce487907559} - {95570978-4ec2-4e88-92a1-55fb546c55b3} - C:\Windows\system32\ufmrnxre.dll
backup-20080414-142226-554 O2 - BHO: (no name) - {A767F91E-599B-4406-A321-CA1A698B98B5} - C:\Windows\system32\fccCVPIB.dll
backup-20080416-152626-315 O4 - HKLM\..\Run: [10e99fb2] rundll32.exe "C:\Windows\system32\jkocuktf.dll",b
backup-20080416-152626-710 O4 - HKLM\..\Run: [BM13daac2e] Rundll32.exe "C:\Windows\system32\lkpnjhcu.dll",s
backup-20080416-152626-722 O2 - BHO: (no name) - {5252f19d-ea5e-420f-ba9d-1f1c451b4391} - C:\Windows\system32\fccCVPIB.dll
backup-20080416-152626-938 O2 - BHO: {b1b13283-0ef0-6959-9394-953186cfaa05} - {50aafc68-1359-4939-9596-0fe038231b1b} - C:\Windows\system32\kbrjeyfl.dll
backup-20080416-152653-360 O4 - HKLM\..\Run: [BM13daac2e] Rundll32.exe "C:\Windows\system32\lkpnjhcu.dll",s
backup-20080416-154120-206 O4 - HKLM\..\Run: [BM13daac2e] Rundll32.exe "C:\Windows\system32\lkpnjhcu.dll",s
backup-20080416-230920-176 O4 - HKLM\..\Run: [BM13daac2e] Rundll32.exe "C:\Windows\system32\lokusius.dll",s
backup-20080416-230928-202 O4 - HKLM\..\Run: [BM13daac2e] Rundll32.exe "C:\Windows\system32\lokusius.dll",s

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AcerMemUsageCheckService (ePerformance Service) - c:\acer\empowering technology\eperformance\memcheck.exe <Not Verified; ; MemCheck.Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 DQLWinService - "c:\program files\common files\intel\inteldh\nms\adpplugins\dqlwinservice.exe" <Not Verified; ; DQLWinSe Application>
R2 eRecoveryService (eRecovery Service) - c:\acer\empowering technology\erecovery\erecoveryservice.exe <Not Verified; Acer Inc.; eRecoveryService>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

S2 ccEvtMgr (Symantec Event Manager) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S2 ccSetMgr (Symantec Settings Manager) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S2 SymAppCore (Symantec AppCore Service) - "c:\program files\common files\symantec shared\appcore\appsvc32.exe" (file missing)
S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S3 comHost (COM Host) - "c:\program files\common files\symantec shared\vascanner\comhost.exe" (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 ISPwdSvc (Symantec IS Password Validation) - "c:\program files\norton internet security\ispwdsvc.exe" (file missing)
S3 vundofixsvc (VundoFix Service) - vundofixsvc.exe <Not Verified; Atribune.org; Vundofix Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-03-29 and 2008-04-29 -----------------------------

2008-04-29 18:29:22 0 d-------- C:\Fraps
2008-04-29 03:57:39 0 d-------- C:\Program Files\Common Files\NSV
2008-04-29 03:56:04 0 d-------- C:\Program Files\Winamp
2008-04-28 02:06:46 0 d-------- C:\Program Files\AC Tool
2008-04-28 02:04:44 0 d-------- C:\Program Files\AutoHotkey
2008-04-25 01:55:06 0 d-------- C:\Naruto_398[Binktopia] <NA019D~1>
2008-04-24 04:39:32 0 d-------- C:\Program Files\Veoh Networks
2008-04-23 20:46:55 0 d-------- C:\Users\All Users\vsosdk
2008-04-23 19:25:54 0 d-------- C:\Program Files\DVDFab Platinum 4
2008-04-23 18:50:18 0 d-------- C:\Program Files\Smart Projects
2008-04-21 23:23:45 0 d-------- C:\mugen
2008-04-19 08:30:27 68096 --a------ C:\Windows\zip.exe
2008-04-19 08:30:27 49152 --a------ C:\Windows\VFind.exe
2008-04-19 08:30:27 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-19 08:30:27 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-19 08:30:27 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-19 08:30:27 98816 --a------ C:\Windows\sed.exe
2008-04-19 08:30:27 80412 --a------ C:\Windows\grep.exe
2008-04-19 08:30:27 73728 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-17 00:14:26 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-04-16 23:45:05 0 d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-04-16 23:22:49 0 d-------- C:\Users\All Users\BitDefender
2008-04-16 23:22:05 0 d-a------ C:\Users\All Users\TEMP
2008-04-16 22:50:19 0 d-------- C:\Program Files\CCleaner
2008-04-16 17:34:57 0 d-------- C:\Windows\Content.IE5
2008-04-16 17:32:43 1534 --a------ C:\Windows\system32\tmp.reg
2008-04-16 17:32:38 25600 --a------ C:\Windows\system32\WS2Fix.exe
2008-04-16 16:56:59 289144 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-16 16:56:59 86528 --a------ C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-16 16:56:59 288417 --a------ C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-16 16:56:59 82432 --a------ C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-16 16:56:59 51200 --a------ C:\Windows\system32\dumphive.exe
2008-04-16 16:56:58 53248 --a------ C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-14 14:57:54 0 d-------- C:\Users\All Users\Lavasoft
2008-04-14 14:57:54 0 d-------- C:\Program Files\Lavasoft
2008-04-14 14:24:45 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-14 06:50:48 24576 --a------ C:\Windows\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-04-14 06:24:02 0 d-------- C:\VundoFix Backups <VUNDOF~1>
2008-04-14 02:07:00 0 d-------- C:\backups
2008-04-14 01:57:11 175616 --a------ C:\Windows\system32\strings.exe
2008-04-14 01:57:11 16384 --a------ C:\Windows\system32\restart.exe <Not Verified; WareSoft Software; restart>
2008-04-14 01:57:11 73728 --a------ C:\Windows\system32\pv.exe
2008-04-14 01:57:11 39184 --a------ C:\Windows\system32\Ntrights.exe
2008-04-14 01:57:11 11254 --a------ C:\Windows\system32\locate.com
2008-04-14 01:56:59 0 d-------- C:\l2m
2008-04-13 22:22:46 0 dr------- C:\Users\Other.Boss-PC\Searches
2008-04-13 22:22:34 0 dr------- C:\Users\Other.Boss-PC\Contacts
2008-04-13 22:22:12 0 d--hs---- C:\Users\Other.Boss-PC\Templates
2008-04-13 22:22:12 0 d--hs---- C:\Users\Other.Boss-PC\Start Menu
2008-04-13 22:22:12 0 d--hs---- C:\Users\Other.Boss-PC\SendTo
2008-04-13 22:22:12 0 d--hs---- C:\Users\Other.Boss-PC\Recent
2008-04-13 22:22:12 0 d--hs---- C:\Users\Other.Boss-PC\PrintHood
2008-04-13 22:22:12 0 d--hs---- C:\Users\Other.Boss-PC\NetHood
2008-04-13 22:22:12 0 d--hs---- C:\Users\Other.Boss-PC\My Documents
2008-04-13 22:22:12 0 d--hs---- C:\Users\Other.Boss-PC\Local Settings
2008-04-13 22:22:12 0 d--hs---- C:\Users\Other.Boss-PC\Cookies
2008-04-13 22:22:12 0 d--hs---- C:\Users\Other.Boss-PC\Application Data
2008-04-13 22:22:11 0 dr------- C:\Users\Other.Boss-PC\Videos
2008-04-13 22:22:11 0 dr------- C:\Users\Other.Boss-PC\Saved Games
2008-04-13 22:22:11 0 dr------- C:\Users\Other.Boss-PC\Pictures
2008-04-13 22:22:11 1310720 --ahs---- C:\Users\Other.Boss-PC\NTUSER.DAT
2008-04-13 22:22:11 0 dr------- C:\Users\Other.Boss-PC\Music
2008-04-13 22:22:11 0 dr------- C:\Users\Other.Boss-PC\Links
2008-04-13 22:22:11 0 dr------- C:\Users\Other.Boss-PC\Favorites
2008-04-13 22:22:11 0 dr------- C:\Users\Other.Boss-PC\Downloads <DOWNLO~1>
2008-04-13 22:22:11 0 dr------- C:\Users\Other.Boss-PC\Documents
2008-04-13 22:22:11 0 dr------- C:\Users\Other.Boss-PC\Desktop
2008-04-13 22:22:11 0 d--h----- C:\Users\Other.Boss-PC\AppData
2008-04-13 21:19:57 0 d-------- C:\Users\All Users\Webroot
2008-04-13 21:19:57 0 d-------- C:\Program Files\Webroot
2008-04-13 20:57:19 0 d-------- C:\Users\All Users\Ubisoft
2008-04-13 20:44:43 0 d-------- C:\Program Files\Ubisoft
2008-04-12 15:21:16 0 d-------- C:\Users\All Users\Avg7
2008-04-12 05:46:42 0 d-------- C:\Program Files\Panda Security
2008-04-12 03:05:00 0 d-------- C:\QUARANTINE <QUARAN~1>
2008-04-12 03:04:30 0 d-------- C:\Program Files\Common Files\Cisco Systems
2008-04-11 23:53:02 0 d-------- C:\Program Files\BitDefender
2008-04-11 23:52:10 0 d-------- C:\Program Files\Common Files\BitDefender
2008-04-11 22:48:25 0 d-------- C:\Program Files\AskPBar
2008-04-11 02:01:17 0 d-------- C:\booti2
2008-04-11 01:59:25 0 d-------- C:\booti
2008-04-11 00:59:27 0 d-------- C:\Windows\BDOSCAN8
2008-04-11 00:21:33 0 d-------- C:\Naruto_397[Binktopia] <NA015D~1>
2008-04-09 03:41:29 0 d-------- C:\Users\All Users\FLEXnet
2008-04-09 03:38:57 0 d-------- C:\Program Files\Bonjour
2008-04-09 03:32:06 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-09 03:27:31 0 d-------- C:\Program Files\Adobe CS3
2008-04-04 01:02:17 0 d-------- C:\Naruto_396[Binktopia] <NA0116~1>
2008-04-03 00:53:23 0 d-------- C:\esfr
2008-03-31 21:25:53 0 d-------- C:\unbrick
2008-03-31 21:03:23 0 d-------- C:\game


-- Find3M Report ---------------------------------------------------------------

2008-04-29 18:40:39 0 d-------- C:\Users\Boss\AppData\Roaming\uTorrent
2008-04-29 18:36:27 0 d-------- C:\Program Files\Steam
2008-04-29 04:57:01 0 d-------- C:\Users\Boss\AppData\Roaming\Winamp
2008-04-29 03:57:39 0 d-------- C:\Program Files\Common Files
2008-04-29 01:10:54 0 d-------- C:\Users\Boss\AppData\Roaming\Adobe
2008-04-26 15:45:31 0 d---s---- C:\Program Files\HLSW
2008-04-24 04:40:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-23 20:24:36 0 d-------- C:\Users\Boss\AppData\Roaming\Vso
2008-04-23 19:26:16 34 --a------ C:\Users\Boss\AppData\Roaming\pcouffin.log
2008-04-23 19:25:56 7887 --a------ C:\Users\Boss\AppData\Roaming\pcouffin.cat
2008-04-20 19:47:35 0 d-------- C:\Users\Boss\AppData\Roaming\LimeWire
2008-04-16 23:52:13 0 d-------- C:\Program Files\Symantec
2008-04-16 23:23:16 0 d-------- C:\Users\Boss\AppData\Roaming\Bitdefender
2008-04-16 22:11:55 35 --a------ C:\Users\Boss\AppData\Roaming\SetValue.bat
2008-04-16 22:11:55 691 --a------ C:\Users\Boss\AppData\Roaming\GetValue.vbs
2008-04-14 14:27:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-14 13:58:01 0 --a------ C:\Program Files\New Text Document.txt
2008-04-13 22:36:23 71592 --a------ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2008-04-13 21:19:57 0 d-------- C:\Users\Boss\AppData\Roaming\Webroot
2008-04-13 21:04:07 0 d-------- C:\Users\Boss\AppData\Roaming\Ubisoft
2008-04-11 20:58:53 0 d-------- C:\Program Files\Paltalk Messenger
2008-04-11 04:14:57 0 d-------- C:\Program Files\AIM
2008-04-09 03:38:56 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-09 03:24:04 0 d-------- C:\Program Files\PowerISO
2008-04-04 23:57:05 0 d-------- C:\Program Files\Common Files\Steam
2008-03-19 01:15:35 82774 --a------ C:\Windows\Uninstall Jade Empire.exe <Not Verified; BioWare Corp.; Jade Empire>
2008-03-18 09:17:16 0 d-------- C:\Program Files\Activision
2008-03-17 21:26:32 0 d-------- C:\Program Files\9Dragons
2008-03-13 08:01:20 0 d-------- C:\Program Files\Windows Live
2008-03-13 08:00:52 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-12 23:00:00 0 d-------- C:\Program Files\OGPlanet
2008-02-27 01:48:40 76784 --a------ C:\Windows\War3Unin.dat
2008-02-19 11:27:47 98304 --a------ C:\Windows\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour"="" []
"eRecoveryService"="" []
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [04/01/2008 11:49 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [04/18/2008 02:30 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{7F3EA905-DE65-4D00-BC1F-FF3A77F8CA30}"= C:\Windows\system32\xxywTLcD.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\webrootspysweeperservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\Windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Boss^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
C:\Program Files\Acer Assist\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
C:\Acer\Empowering Technology\SysMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
"C:\Program Files\Acer Registration\ACE1.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
C:\Acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apanel]
C:\ACERSW\config\SetApanel.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bdagent]
"C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bitdefender antiphishing helper]
"C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
FactoryMode

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
"C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
"c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
"C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport]
"C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
"c:\Program Files\Norton Internet Security\osCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing]
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
"C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spysweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
rundll32.exe oobefldr.dll,ShowWelcomeCenter

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows updates]
c:\windows\system\Update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
"C:\Program Files\Windows Media Player\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bdx scan


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
autorun\command- J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5eff3f94-86d1-11dc-8b87-0019212f80c2}]
autorun\command- K:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd405468-98b9-11dc-9911-0019212f80c2}]
AutoRun\command- N:\autorun.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-29 19:07:20 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of Memory in Use: 24%
Physical Memory (total/avail): 3070.63 MiB / 2305.05 MiB
Pagefile Memory (total/avail): 6325.12 MiB / 5642.74 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1907.51 MiB

C: is Fixed (NTFS) - 228.13 GiB total, 58.15 GiB free.
D: is Fixed (NTFS) - 227.87 GiB total, 137.82 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
K: is CDROM (No Media)
L: is CDROM (No Media)
M: is CDROM (No Media)
N: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HDT725050VLA380 - 465.76 GiB - 3 partitions
\PARTITION0 - Unknown - 9.76 GiB
\PARTITION1 (bootable) - MS-DOS V4 Huge - 228.13 GiB - C:
\PARTITION2 - Installable File System - 227.87 GiB - D:

\\.\PHYSICALDRIVE1 - Generic- Compact Flash USB Device

\\.\PHYSICALDRIVE4 - Generic- MS/MS-Pro USB Device

\\.\PHYSICALDRIVE3 - Generic- SD/MMC USB Device

\\.\PHYSICALDRIVE2 - Generic- SM/xD-Picture USB Device



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FW: Norton Internet Security v2007 (Symantec Corporation) Disabled
AV: Norton Internet Security v2007 (Symantec Corporation) Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled
AS: Spy Sweeper v5.5.7.124 (Webroot Software Inc) Disabled
AS: Norton Internet Security v2007 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Boss\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BOSS-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HKCU_S=\REGISTRY\CUSER\Software
HKLM_S=\REGISTRY\MACHINE\Software
HOMEDRIVE=C:
HOMEPATH=\Users\Boss
LOCALAPPDATA=C:\Users\Boss\AppData\Local
LOGONSERVER=\\BOSS-PC
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Smart Projects\IsoBuster
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Boss\AppData\Local\Temp
TMP=C:\Users\Boss\AppData\Local\Temp
USERDOMAIN=Boss-PC
USERNAME=Boss
USERPROFILE=C:\Users\Boss
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Boss (admin)
Other.Boss-PC (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
9Dragons --> MsiExec.exe /I{EB0508A0-162A-4996-85A1-00C07D33445A}
AC Tool --> C:\PROGRA~1\ACTOOL~1\UNWISE.EXE C:\PROGRA~1\ACTOOL~1\INSTALL.LOG
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Acer Arcade Live Main Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall
Acer Assist --> C:\Program Files\Acer Assist\uninstall.exe
Acer DV Magician --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6EFFB76-4A07-11DA-9D78-000129760D75}\setup.exe" -uninstall
Acer DVDivine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
Acer eDataSecurity Management --> C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer ePerformance Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x9 -removeonly
Acer HomeMedia --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe" -uninstall
Acer HomeMedia Connect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}\setup.exe" -uninstall
Acer Registration --> C:\Program Files\Acer Registration\uninstall.exe
Acer ScreenSaver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer SlideShow DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41581EF5-45A7-11DA-9D78-000129760D75}\setup.exe" -uninstall
Acer Tour --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x9 -removeonly
Acer VideoMagician --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Ant Stratego --> "C:\Program Files\Ant Stratego\unins000.exe"
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
Ask Toolbar --> rundll32 C:\PROGRA~1\AskPBar\bar\1.bin\AskPBar.dll,O
Assassin's Creed --> C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly
AutoHotkey 1.0.47.06 --> C:\Program Files\AutoHotkey\uninst.exe
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Big Kahuna Reef 2 --> "C:\Program Files\Acer GameZone\Big Kahuna Reef 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef 2\install.log"
Big Pack 8.4 --> C:\bp\bp\Uninstall.exe
BitDefender Antivirus 2008 --> MsiExec.exe /I{4A56DAB1-2680-4B8A-AD84-77EECFB94D7B}
BitTornado 0.3.18 --> C:\Program Files\BitTornado\uninst.exe
Bricks of Egypt --> "C:\Program Files\Acer GameZone\Bricks of Egypt\Uninstall.exe" "C:\Program Files\Acer GameZone\Bricks of Egypt\install.log"
Call of Duty® 4 - Modern Warfare™ --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
Chessmaster Challenge (remove only) --> "C:\Program Files\PlayFirst\Chessmaster Challenge\Uninstall.exe"
Counter-Strike --> "C:\Program Files\Steam
  • 0

#13
sage5
Posted 30 April 2008 - 09:41 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Terryc250,


Please print these instructions, and have the hard copy handy, to complete the steps below.

This lot of instructions looks a bit daunting, but jsut work through each section & you will be fine

You seem to have both BitDefender & Nortons/Symantec installed. It is your choice, which you keep, but you should only have 1 Anti-virus loaded.
Which of these, if either, is current?
The Symantec stuff is all listed as "file missing", so I guess that one won't be current. The deletions in the next section assume you are removing Norton/Symantec.

If you would like to change to a new anti-virus I would recommend trying:

Alternate Anti-virus: Please install one only:
Avast! Free Edition or AntiVir PersonalEdition Classic

Anti-Virus Tutorials/Manuals:
Avast Tutorial
Avast Manual
Antivir Manual

Please allow the new Anti-virus to run a full System scan, and at the end of the process you should be able to save a scan log.
If the scan report window does not have a Save as Repot Button (or similar), you may be able to highlight the text in the window & copy & paste it to a new Notepad file.
Save it as C:\avscan.txt if you can.


Whichever way you go, there doesn't appear to be an active 3rd party firewall running.

You should check out:- Comodo Firewall Pro or Sunbelt Personal Firewall

User manuals are available for both:
Comodo's manual is built in and accessable from the Help Menu.

Sunbelt Manual Here

Both are simple to install & free to use.
Please install only 1

-------------------------------------------
Fix File Associations:
  • Go to Start > Run and type or paste "%userprofile%\desktop\dss.exe" /daft
  • Click on the Scan button.
  • Place a checkmark next to all the entries that appear in red
  • Click the Fix button.
  • Re-scan and save the logfile. This will default to daft.txt
  • Save it to your C:\ drive, I'll need that log later.
If everything is ok again, it should display the "all associations ok message"

--------------------------------------------
I see you have Ares, BitTornado, Shareaza & LimeWire installed on your system.
While these programs are legal, most of the files downloaded with it, are not.
These programs can also be one of the major infection routes for an otherwise secure PC, because you might be unknowingly downloading infected files.
I highly recommend uninstalling Ares, BitTornado, Shareaza & LimeWire as outlined below.


Run HijackThis.
  • Click the Do a system scan only button.
  • Check the boxes for the all the entries listed below:
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: Symantec AppCore Service (SymAppCore) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (file missing)
  • Now close all windows other than HijackThis and click Fix Checked.
  • Close HijackThis.


Delete bad services
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat Please save it on your desktop.

@echo off
sc stop ccEvtMgr
sc stop ccSetMgr
sc stop CLTNetCnService
sc stop SymAppCore
sc stop AresChatServer
sc stop comHost
sc stop ISPwdSvc
sc delete ccEvtMgr
sc delete ccSetMgr
sc delete CLTNetCnService
sc delete SymAppCore
sc delete AresChatServer
sc delete comHost
sc delete ISPwdSvc
exit


Double click FixServices.bat. A window will open and close. This is normal.


Remove folders & files:
  • Please go to Start > Control Panel > Add/Remove Programs and remove the following, (if present):
    Ares 2.0.9
    BitTornado 0.3.18
    LimeWire PRO 4.14.3
    Norton AntiVirus
    Norton Confidential Browser Component
    Norton Confidential Web Protection Component
    Norton Internet Security
    Norton Protection Center
    Shareaza version 2.3.0.0
    Symantec Real Time Storage Protection Component
    SymNet
    Viewpoint Media Player


    Please take note of any other programs that you don't recognise in that list, and include them in your next response
  • Using Windows Explorer, (to get there right-click your Start button and go to "Explore"), delete these folders, (if present):
    C:\Program Files\Ares
    C:\program files\bittornado
    C:\Users\Boss\AppData\Roaming\LimeWire
    C:\Users\Boss\AppData\Roaming\uTorrent
    C:\ProgramData\Symantec
    c:\Program Files\Common Files\Symantec Shared
    C:\Program Files\Shareaza
    C:\Program Files\Viewpoint


I need you to post me a fresh HijackThis log to confirm correct installation of the Anti-virus and Firewall programs.

Cheers,

sage5
  • 0

#14
sage5
Posted 13 May 2008 - 06:54 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP