My apologies for the late answering...
Here is the SDFix report which i had ran:
SDFix: Version 1.175 Run by George on Sat 04/26/2008 at 12:51 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-26 12:56:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:61,39,55,65,b8,e0,99,91,f1,40,54,03,50,b4,73,13,3c,1e,36,06,c4,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,55,11,80,ea,63,e7,9d,84,95,06,21,75,f3,f8,8c,43,2b,..
"khjeh"=hex:82,0e,e8,f9,f4,65,e4,06,bf,3f,0a,26,aa,c9,4e,f5,f6,b0,97,54,51,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1d,8d,ce,91,bf,19,fb,5c,42,d4,ce,b3,be,08,de,d7,06,91,cd,fc,07,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:61,39,55,65,b8,e0,99,91,f1,40,54,03,50,b4,73,13,3c,1e,36,06,c4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,55,11,80,ea,63,e7,9d,84,95,06,21,75,f3,f8,8c,43,2b,..
"khjeh"=hex:82,0e,e8,f9,f4,65,e4,06,bf,3f,0a,26,aa,c9,4e,f5,f6,b0,97,54,51,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1d,8d,ce,91,bf,19,fb,5c,42,d4,ce,b3,be,08,de,d7,06,91,cd,fc,07,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 11
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Limewire\\LimeWire.exe"="D:\\Limewire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java Platform SE binary"
"D:\\CS Condition Zero\\czero.exe"="D:\\CS Condition Zero\\czero.exe:*:Enabled:Condition Zero Launcher"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:pando"
"C:\\Documents and Settings\\George\\Desktop\\=P\\l2asrv.exe"="C:\\Documents and Settings\\George\\Desktop\\=P\\l2asrv.exe:*:Enabled:l2asrv"
"D:\\CS 1.6\\CS1.6\\hl.exe"="D:\\CS 1.6\\CS1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\George\\My Documents\\eL2Walker\\L2W_All.EXE"="C:\\Documents and Settings\\George\\My Documents\\eL2Walker\\L2W_All.EXE:*:Enabled:L2W_All"
"C:\\Documents and Settings\\George\\My Documents\\=P\\l2asrv.exe"="C:\\Documents and Settings\\George\\My Documents\\=P\\l2asrv.exe:*:Enabled:l2asrv"
"C:\\Documents and Settings\\George\\Desktop\\Official Walker\\Official Walker\\AuthD\\WP402F1.exe"="C:\\Documents and Settings\\George\\Desktop\\Official Walker\\Official Walker\\AuthD\\WP402F1.exe:*:Enabled:WP402F1"
"C:\\Documents and Settings\\George\\Local Settings\\Temp\\Rar$EX01.906\\Official Walker\\Official Walker\\AuthD\\WP402F1.exe"="C:\\Documents and Settings\\George\\Local Settings\\Temp\\Rar$EX01.906\\Official Walker\\Official Walker\\AuthD\\WP402F1.exe:*:Enabled:WP402F1"
"C:\\Documents and Settings\\George\\Local Settings\\Temp\\Rar$EX00.703\\Official Walker\\Official Walker\\AuthD\\WP402F1.exe"="C:\\Documents and Settings\\George\\Local Settings\\Temp\\Rar$EX00.703\\Official Walker\\Official Walker\\AuthD\\WP402F1.exe:*:Enabled:WP402F1"
"C:\\Documents and Settings\\George\\Local Settings\\Temp\\Rar$EX00.016\\Official Walker\\Official Walker\\AuthD\\WP402F1.exe"="C:\\Documents and Settings\\George\\Local Settings\\Temp\\Rar$EX00.016\\Official Walker\\Official Walker\\AuthD\\WP402F1.exe:*:Enabled:WP402F1"
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Fri 6 Aug 2004 24,448 A.SHR --- "C:\NTBOOTDD.SYS"
Thu 24 Apr 2008 120 ..SH. --- "C:\WINDOWS\S3AFA6323.tmp"
Sun 14 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!Now here is the ComboFix report:
ComboFix 08-04-24.1 - George 2008-04-26 22:18:33.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.224 [GMT 3:00]
Running from: C:\Documents and Settings\George\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\George\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\WINDOWS\system32\urqOHbyX.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\urqOHbyX.dll
.
((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 )))))))))))))))))))))))))))))))
.
2008-04-26 14:48 . 2008-04-26 14:48 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-26 13:24 . 2008-04-26 13:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-26 13:17 . 2008-04-26 13:17 <DIR> d-------- C:\_OTMoveIt
2008-04-26 12:48 . 2008-04-26 12:48 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-26 12:44 . 2008-04-26 22:15 <DIR> d-------- C:\SDFix
2008-04-26 12:26 . 2008-04-26 12:26 <DIR> d-------- C:\VundoFix Backups
2008-04-24 19:37 . 2008-04-24 19:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-04-24 19:37 . 2008-04-26 22:22 40 ---hs---- C:\Documents and Settings\All Users\Application Data\.zreglib
2008-04-24 19:33 . 2008-04-24 19:37 120 ---hs---- C:\WINDOWS\S3AFA6323.tmp
2008-04-24 19:32 . 2008-04-24 19:32 <DIR> d-------- C:\Program Files\SlySoft
2008-04-23 22:56 . 2008-04-23 22:56 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-04-23 22:54 . 2008-04-23 22:54 <DIR> d-------- C:\Program Files\Microsoft Games
2008-04-23 22:30 . 2008-04-23 22:30 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-23 22:28 . 2008-04-23 22:28 <DIR> d-------- C:\Documents and Settings\George\Application Data\DAEMON Tools
2008-04-23 22:28 . 2008-04-23 22:28 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-23 16:33 . 2008-04-23 16:33 <DIR> d-------- C:\Program Files\DVD Shrink
2008-04-23 16:33 . 2008-04-24 20:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-23 15:56 . 2008-04-26 01:12 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-23 14:40 . 2008-04-23 14:40 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG
2008-04-23 14:39 . 2008-04-23 14:39 <DIR> d-------- C:\Documents and Settings\George\Application Data\Nero
2008-04-23 14:36 . 2008-04-23 14:36 <DIR> d-------- C:\Program Files\Nero
2008-04-23 14:36 . 2008-04-23 14:37 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-04-23 14:36 . 2008-04-23 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-23 12:40 . 2008-04-23 12:40 <DIR> d-------- C:\Program Files\ScreenSaver.com
2008-04-11 17:14 . 2008-04-11 17:14 97,728 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-26 07:55 --------- d-----w C:\Documents and Settings\George\Application Data\LimeWire
2008-04-25 14:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-23 10:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-23 10:10 --------- d-----w C:\Program Files\WinHex
2008-04-23 09:52 --------- d-----w C:\Program Files\123 DVD Converter
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-14 22:24 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2008-03-12 22:59 --------- d-----w C:\Program Files\COMIC
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((( snapshot@2008-04-26_14.55.19.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-26 11:53:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-26 19:22:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 12:39 486856]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-04-11 17:42 2075584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-01-10 03:32 5513216]
"nwiz"="nwiz.exe" [2005-01-10 03:32 1490944 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-01-10 03:32 86016]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 11:54 65024 C:\WINDOWS\SOUNDMAN.EXE]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-24 19:09 262401]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SMC2862W-G 54Mbps WLAN Monitor.lnk - D:\Limewire Pro\WLANUTL.exe [2007-11-13 22:39:03 630784]
WinZip Quick Pick.lnk - C:\Program Files\WinZip1\WZQKPICK.EXE [2007-10-27 00:32:53 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqOHbyX]
urqOHbyX.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Limewire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"D:\\CS Condition Zero\\czero.exe"=
"C:\\Documents and Settings\\George\\Desktop\\=P\\l2asrv.exe"=
"D:\\CS 1.6\\CS1.6\\hl.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\George\\My Documents\\=P\\l2asrv.exe"=
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
R3 WlanUIG;SMC 802.11g 2862W-G Driver;C:\WINDOWS\system32\DRIVERS\2862w.sys [2004-02-01 09:44]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-01 13:32:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-26 22:22:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 11
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-04-26 22:24:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-26 19:24:01
ComboFix2.txt 2008-04-26 11:55:52
Pre-Run: 3,843,129,344 bytes free
Post-Run: 3,835,760,640 bytes free
139 --- E O F --- 2008-04-12 20:29:20
And here is the HijackThis Log :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:29 PM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
D:\Limewire Pro\WLANUTL.exe
C:\Program Files\WinZip1\WZQKPICK.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - Global Startup: SMC2862W-G 54Mbps WLAN Monitor.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip1\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://downloads.ewi...oOnlineScan.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{082E025F-0898-4188-9427-E34C1477483E}: NameServer = 195.170.0.1,195.170.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{082E025F-0898-4188-9427-E34C1477483E}: NameServer = 195.170.0.1,195.170.2.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{082E025F-0898-4188-9427-E34C1477483E}: NameServer = 195.170.0.1,195.170.2.2
O20 - Winlogon Notify: urqOHbyX - urqOHbyX.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5791 bytes