[Krib]

Hello. Avast free version caught this in the following directories and files:

C:\windows\system32\drivers\downld
C:\Documents and Settings\Krib\Local Settings\Temp

C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe

Show hidden files / folders was removed from Explorer menu and had to be re-added with registry patch. Wow. Safe mode was disabled, and Gmer rootkit tool was not working.

After research, I tried killing the process hldrrr.exe and deleting all files above. When I got to the temp files, deleting them triggered round 2. Many Avast warnings, and internet stopped working.

I then panicked, did a system restore, and all symptoms disappeared. But it can't be that easy. Can it? I still see suspicious temp files in Local Settings\Temp.

Hijack This log:
=============================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:36 PM, on 8/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LM Gestion\LM Remote KeyMap\LM Remote KeyMap Blaster.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\cryptainersrv.exe
C:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\Task Killer\TaskKiller.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\FreeMeter\FreeMeter.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\LM Gestion\LM Remote KeyMap\LM Remote KeyMap.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
C:\Program Files\Mozilla Firefox 3.0\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Avast4\ashLogV.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Google Update Helper - {25D596E9-BD03-4D4A-8310-5DF3B31E8D26} - C:\Program Files\Google\Update\1.2.121.17\GoopdateBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [Task Killer] C:\Program Files\Task Killer\TaskKiller.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: FreeMeter.lnk = C:\Program Files\FreeMeter\FreeMeter.exe
O4 - Global Startup: LM Remote KeyMap.lnk = ?
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Speedfan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1204955729015
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8e62667dffd5c) (gupdate1c8e62667dffd5c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LM Remote KeyMap Blaster (LM Remote KeyMap Blaster Service) - LM Gestion - C:\Program Files\LM Gestion\LM Remote KeyMap\LM Remote KeyMap Blaster.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe

--
End of file - 8728 bytes




Thanks in advance. Kicking myself for getting this.

[Advertisements]

Hi there

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3





--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

[Mike]

Hi there

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3





--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

[Krib]

Howdy Mike.

I also did a Panda scan last night, so I'll post its findings for the sake of completeness. It claimed to clean all the low and medium threats that the free engine cleans.

Panda Activescan 2.0:

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-08-16 02:27:16
PROTECTIONS: 1
MALWARE: 18
SUSPECTS: 3
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
avast! antivirus 4.8.1201 [VPS 080815-0] 4.8.1201 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.doubleclick.net/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.yadro.ru/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Application Data\Mozilla\Firefox\Profiles\hbpums4d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.statcounter.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.bs.serving-sys.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[statse.webtrendslive.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.adultfriendfinder.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[.go.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Krib\Desktop\USB\Files\FirefoxPortable (old)\Data\profile\cookies.txt[searchportal.information.com/]
00509861 Hacktool/AngryScan HackTools No 1 Yes No C:\System Volume Information\_restore{8E807F4E-DFCF-4EF4-B776-3B516BAF25EF}\RP218\A0059562.exe
01048918 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\TagRename\Patch.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\Content.IE5\JY31LTZW\b64_3[1].jpg
02898935 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{8E807F4E-DFCF-4EF4-B776-3B516BAF25EF}\RP218\A0057297.sys
02898935 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{8E807F4E-DFCF-4EF4-B776-3B516BAF25EF}\RP217\A0057215.sys
02925267 Generic Trojan Virus/Trojan No 0 Yes No C:\Program Files\DAEMON Tools Pro\daemon.tools.pro.patch.exe
02931463 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\Program Files\Alcohol 120\keymaker.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Program Files\Universal Document Converter\UDC4.2-Patch.exe
03378666 Trj/KillAV.FJ Virus/Trojan No 0 Yes No C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
No C:\Games\LEGO Star Wars\LegoStarwars.exe
No C:\Program Files\CHM To PDF Converter\CHM To PDF Converter PRO.exe
No D:\Downloads\Lockngo_Professional_2.52_Cracked.zip[Lockngo_Professional_2.52_Cracked.exe
]
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================

Combofix:

ComboFix 08-08-15.04 - Krib 2008-08-16 14:28:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1188 [GMT -4:00]
Running from: C:\Documents and Settings\Krib\Desktop\Combo-Fix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1003549418
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1005671911
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1034989463
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1076352620
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1112889888
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-11668077
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1218151936
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1292210205
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1344895213
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1345793937
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1356057678
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1383418504
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-139203104
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1412750122
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1417029177
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1433651067
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1434407411
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1456836775
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1480882577
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-149910907
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1567141565
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1591987348
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-163439786
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1647877408
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1700689919
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1706058005
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1711178159
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1723198076
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1726555306
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1745171174
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1842233808
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1849671469
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-187410430
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1886558361
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1955965617
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1993608786
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-1997749107
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2000730730
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2005144373
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2008651715
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2048212774
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2063447508
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2097156814
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2134337746
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2217465746
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2253827208
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2350286940
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2382775695
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2385408815
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2389780719
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2398643425
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2415067085
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2465111077
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2483575429
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2489628042
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2545584189
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2580659608
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2621780611
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2629851183
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2630459018
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2646875382
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-266289696
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2679348119
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2722016331
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2763616264
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2779773296
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2857292896
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2865105471
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-293360000
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2959057692
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2982314246
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2984924840
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2995967613
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-2999062577
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3068264490
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3081117742
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3098413213
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3103676656
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3135271403
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3159919386
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3161242558
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3168541727
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3178377787
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3242403056
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3282200744
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3299563907
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3316324526
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3341679340
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3371776839
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3410938040
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3415683424
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3437048071
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3437140304
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3445486255
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3478230872
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3519524815
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3530978474
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3556616717
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-357077844
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3663159576
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3675179774
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3726826515
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3747527746
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3783212805
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3789403901
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3792667552
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3799448507
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3814368683
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3843598844
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3859558621
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3860078420
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-386728365
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3867832101
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3878875405
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-3991119130
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-4082000302
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-409685561
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-4201227420
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-426485771
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-4288513361

C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-431126316
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-481900750
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-491674561
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-517337752
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-520781565
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-525835439
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-567161769
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-609121030
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-629029636
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-656908345
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-687064496
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-689840474
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-700353286
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-705495393
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-721156854
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-764722285
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-770083002
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-773912834
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-776873446
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-797516018
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-85847068
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-871163531
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-900211332
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-929571615
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-958814968
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-96682841
C:\Documents and Settings\Krib\Local Settings\Temporary Internet Files\mpcache-988907698
C:\WINDOWS\temp\perflib_perfdata_1cc.dat

.
((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))
.

2008-08-16 02:57 . 2008-08-16 02:57 <DIR> d-------- C:\Documents and Settings\Krib\Application Data\Launchy
2008-08-16 01:22 . 2008-08-16 01:23 <DIR> d-------- C:\Documents and Settings\Krib\Application Data\PenProtect
2008-08-16 00:28 . 2008-08-16 00:28 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-15 23:53 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-15 23:52 . 2008-08-15 23:52 <DIR> d-------- C:\Program Files\Panda Security
2008-08-15 23:16 . 2008-08-15 23:16 <DIR> d-------- C:\Program Files\LClock
2008-08-15 22:32 . 2008-08-15 22:32 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-08-15 22:27 . 2008-08-15 22:27 <DIR> d-------- C:\Documents and Settings\Krib\Application Data\BitDefender
2008-08-15 22:25 . 2008-08-15 22:25 <DIR> d-------- C:\Program Files\BitDefender
2008-08-15 22:25 . 2008-08-15 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-08-15 22:23 . 2008-08-15 23:16 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-08-06 20:18 . 2008-08-06 20:18 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-08-06 19:11 . 2008-08-06 19:11 <DIR> d-------- C:\Documents and Settings\Krib\Application Data\Helios
2008-08-06 19:10 . 2008-08-06 19:10 <DIR> d-------- C:\Program Files\TextPad 5
2008-07-30 17:28 . 2008-07-30 17:28 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-30 17:28 . 2008-07-30 17:28 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-30 17:28 . 2008-07-30 17:28 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-30 17:28 . 2008-07-30 17:28 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-30 17:27 . 2008-07-30 17:28 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-30 16:13 . 2008-04-13 20:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-07-21 20:42 . 2008-07-21 20:42 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-07-20 23:35 . 2008-07-27 01:45 <DIR> d-------- C:\Program Files\EVEMon
2008-07-20 23:35 . 2008-07-27 01:45 <DIR> d-------- C:\Documents and Settings\Krib\Application Data\EVEMon
2008-07-20 18:00 . 2008-07-20 18:00 <DIR> d-------- C:\Documents and Settings\Preferences\EVE
2008-07-20 18:00 . 2008-07-20 18:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CCP
2008-07-20 05:21 . 2008-07-20 05:22 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-07-20 05:21 . 2008-07-20 05:21 <DIR> d-------- C:\Documents and Settings\Krib\Application Data\SystemRequirementsLab
2008-07-19 13:55 . 2008-07-19 13:55 <DIR> d-------- C:\Program Files\Opera
2008-07-16 20:55 . 2008-07-16 20:55 <DIR> d-------- C:\Documents and Settings\Preferences\SnagIt
2008-07-16 20:54 . 2008-08-10 19:47 <DIR> d-------- C:\Program Files\SnagIt 9
2008-07-16 20:54 . 2008-07-16 20:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-07-16 20:40 . 2008-07-16 20:47 <DIR> d-------- C:\Program Files\TrayColor95

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 06:38 --------- d-----w C:\Program Files\Cryptainer
2008-08-16 06:29 --------- d-----w C:\Program Files\Universal Document Converter
2008-08-16 06:29 --------- d-----w C:\Program Files\TagRename
2008-08-16 06:29 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-08-16 06:29 --------- d-----w C:\Program Files\Alcohol 120
2008-08-16 04:54 --------- d-----w C:\Program Files\Mozilla Firefox 3.0
2008-08-16 04:52 --------- d-----w C:\Program Files\SpeedFan
2008-08-16 04:23 --------- d-----w C:\Program Files\eMule
2008-08-16 03:18 --------- d-----w C:\Program Files\7-Zip
2008-08-16 03:16 --------- d-----w C:\Documents and Settings\Krib\Application Data\uTorrent
2008-08-15 04:35 --------- d-----w C:\Program Files\MediaPortal
2008-08-11 23:56 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-11 23:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-10 22:04 --------- d-----w C:\Program Files\IconWorkshop
2008-08-08 03:46 --------- d-----w C:\Documents and Settings\Krib\Application Data\Xfire
2008-08-07 22:34 --------- d-----w C:\Program Files\Xfire
2008-08-01 22:57 --------- d-----w C:\Program Files\Google
2008-07-11 00:24 --------- d-----w C:\Documents and Settings\Krib\Application Data\Windows Live Writer
2008-07-11 00:19 --------- d-----w C:\Program Files\Windows Live Writer
2008-07-05 21:07 --------- d-----w C:\Program Files\Galactopedia
2008-07-05 20:33 --------- dc-h--w C:\Documents and Settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019}
2008-07-05 20:33 --------- d-----w C:\Documents and Settings\Krib\Application Data\Stardock
2008-07-05 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Stardock
2008-07-05 20:32 --------- d-----w C:\Program Files\Stardock
2008-07-04 01:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-29 07:30 --------- d-----w C:\Program Files\Avast4
2008-03-08 20:17 161,862 --sha-r C:\Program Files\desktop1.ico
2008-03-08 20:17 123 --sha-r C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 14:27 65536]
"Task Killer"="C:\Program Files\Task Killer\TaskKiller.exe" [2007-11-04 08:51 221696]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:39 1289000]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 03:08 2512392]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2008-05-15 19:19 79224]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
FreeMeter.lnk - C:\Program Files\FreeMeter\FreeMeter.exe [2008-03-08 15:20:22 614400]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
"NoUserNameInStartMenu"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 13:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-03-08 04:45 210168 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 19:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 19:16]
R2 LM Remote KeyMap Blaster Service;LM Remote KeyMap Blaster;C:\Program Files\LM Gestion\LM Remote KeyMap\LM Remote KeyMap Blaster.exe [2008-02-23 18:00]
R2 ssoftnt4;ssoftnt4;C:\WINDOWS\system32\Drivers\ssoftnt4.sys [2007-01-24 12:16]
R3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-12-30 10:53]
S2 gupdate1c8e62667dffd5c;Google Update Service (gupdate1c8e62667dffd5c);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-07-14 22:56]
S3 bcgame;Nostromo HID Device Minidriver;C:\WINDOWS\system32\drivers\bcgame.sys [2003-07-24 02:16]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ae9b7d7-f38d-11dc-90d2-123456789abc}]
\Shell\AutoRun\command - G:\cryptainermobile.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PAVBOOT
*Newly Created Service* - PROCEXP90
*Newly Created Service* - SSOFTSERVICE
.
Contents of the 'Scheduled Tasks' folder

2008-08-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]

2008-08-16 C:\WINDOWS\Tasks\GoogleUpdateTask.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2008-07-14 22:56]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Start WingMan Profiler - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Krib\Application Data\Mozilla\Firefox\Profiles\qo09gos1.Kribensis\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.nytimes.com
FF -: plugin - C:\Documents and Settings\Krib\Application Data\Mozilla\Firefox\Profiles\qo09gos1.Kribensis\extensions\[email protected]\plugins\npiaplayer.dll
FF -: plugin - C:\Documents and Settings\Krib\Application Data\Mozilla\Firefox\Profiles\qo09gos1.Kribensis\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp07051001.dll
FF -: plugin - C:\Program Files\Google\Lively\nplively.dll
FF -: plugin - C:\Program Files\Google\Update\1.2.121.17\npGoogleOneClick.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3.0\plugins\npnul32.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 14:32:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-16 14:37:37
ComboFix-quarantined-files.txt 2008-08-16 18:37:02

Pre-Run: 40,060,850,176 bytes free
Post-Run: 40,384,323,584 bytes free

328 --- E O F --- 2008-06-29 07:42:25

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:40:28 PM, on 8/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\Task Killer\TaskKiller.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LM Gestion\LM Remote KeyMap\LM Remote KeyMap.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LM Gestion\LM Remote KeyMap\LM Remote KeyMap Blaster.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox 3.0\firefox.exe
C:\WINDOWS\system32\cryptainersrv.exe
G:\CryptainerMobileFiles\cryptainer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Google Update Helper - {25D596E9-BD03-4D4A-8310-5DF3B31E8D26} - C:\Program Files\Google\Update\1.2.121.17\GoopdateBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\

[Mike]

Hi there,

Stay away from cracks.

Uninstall these programs:
Alcohol 120
CHM To PDF Converter
DAEMON Tools Pro
ESET
TagRename
Universal Document Converter

Did you set these policies?

"NoSMHelp"
"NoSMMyDocs"
"NoSMMyPictures"
"NoUserNameInStartMenu"

Please click Start then Run, in the window appears type in Notepad.exe.
Highlight the entire content of the codebox below. Copy (Control + C) and Paste (Control + V) the content into the notepad window:

File::
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Games\LEGO Star Wars\LegoStarwars.exe
D:\Downloads\Lockngo_Professional_2.52_Cracked.zip[Lockngo_Professional_2.52_Cracked.exe

Folder::
C:\Program Files\Alcohol 120
C:\Program Files\CHM To PDF Converter
C:\Program Files\DAEMON Tools Pro
C:\Program Files\ESET
C:\Program Files\TagRename
C:\Program Files\Universal Document Converter

Driver::
gupdate1c8e62667dffd5c

DirLook::
D:\downloads

Now in Notepad, go to File and in the menu that drops down click on Save As...
Save the file as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.


After that please reboot your computer if it asks you to and post ComboFix.txt (the report the ComboFix will generate) in your next reply.

And,

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Lets run an F-Secure online scan for Viruses, Spyware and RootKits:

• Go to http://support.f-sec.../home/ols.shtml
• Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
• Allow the Active X control to be installed on your computer, then click the Accept button
• Click Full System Scan and allow the components to download and the scan to complete.
• If malware is found, check Submit samples to F-Secure then select Automatic cleaning
• When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
• Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan

• When the cleaning option is presented, Uncheck Submit samples to F-Secure
• Click Automatic cleaning
• When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
• Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

Notes:

• This scan will only work with Internet Explorer
• You must have administrator rights to run this scan
• This scan can take several hours, so please be patient

Post back with the logs and a new Hijack This log - if they are to long you have to spread the logs across multiple posts.

Edited by Mike, 16 August 2008 - 02:15 PM.

[Krib]

Mike, I'll proceed with all of that, but I need some of those applications. Not ESET, which should not be there. Are they compromised, and in need of being reinstalled? If so, that's fine; I'll put them back afterwards. Just let me know.

As far as the policies, I remember setting the userphoto one. Not sure about the others.

Edited by Krib, 16 August 2008 - 04:44 PM.

[Mike]

Hi there

The programs I'm having you remove have been cracked or patched, if you decide to reinstall afterwards I can't stop you - but be aware if you use patches/cracks you are breaking the law, and yes - some of them are infected.

Go ahead with the steps if you still want help

Mike

[Krib]

I probably deserved that. I appreciate the help.

All scans run, the online scan did not find anything.

Combofix below:

ComboFix 08-08-17.03 - Krib 2008-08-18 8:26:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1458 [GMT -4:00]
Running from: C:\Documents and Settings\Krib\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Krib\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Games\LEGO Star Wars\LegoStarwars.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
D:\Downloads\Lockngo_Professional_2.52_Cracked.zip[Lockngo_Professional_2.52_Cracked.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Krib\Cookies\krib@impulsedriven[1].txt
C:\Documents and Settings\Krib\UserData
C:\Documents and Settings\Krib\UserData\AHP2VMH8\oWindowsUpdate[1].xml
C:\Documents and Settings\Krib\UserData\BE4FZLKH\oWindowsUpdate[1].xml
C:\Documents and Settings\Krib\UserData\index.dat
C:\Games\LEGO Star Wars\LegoStarwars.exe
C:\Program Files\CHM To PDF Converter
C:\Program Files\CHM To PDF Converter\chmMRU.inf
C:\Program Files\CHM To PDF Converter\convSch.inf
C:\Program Files\CHM To PDF Converter\decPathMRU.inf
C:\Program Files\CHM To PDF Converter\mru.inf
C:\Program Files\CHM To PDF Converter\mrupdf.inf
C:\Program Files\ESET
C:\Program Files\ESET\Eset Login Viewer v1.2.exe
C:\Program Files\ESET\Servers.reg
C:\Program Files\ESET\Thanks!
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\TagRename
C:\Program Files\TagRename\TagRename.BAK

----- BITS: Possible infected sites -----

http://dl1.impulsedriven.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GUPDATE1C8E62667DFFD5C
-------\Service_gupdate1c8e62667dffd5c


((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
.

2008-08-17 17:33 . 2008-08-17 18:26 <DIR> d-------- C:\Program Files\AutoIt3
2008-08-17 15:00 . 2008-08-17 15:08 <DIR> d-------- C:\Program Files\Launchy
2008-08-16 22:58 . 2008-08-17 19:49 <DIR> d-------- C:\Program Files\Bat to Exe
2008-08-16 20:31 . 2008-08-16 20:31 <DIR> d-------- C:\Downloads
2008-08-16 20:31 . 2008-08-16 20:33 <DIR> d-------- C:\Documents and Settings\Krib\Application Data\GetRightToGo
2008-08-16 02:57 . 2008-08-17 15:08 <DIR> d-------- C:\Documents and Settings\Krib\Application Data\Launchy
2008-08-16 01:22 . 2008-08-16 01:23 <DIR> d-------- C:\Documents and Settings\Krib\Application Data\PenProtect
2008-08-16 00:28 . 2008-08-16 00:28 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-15 23:53 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-15 23:52 . 2008-08-15 23:52 <DIR> d-------- C:\Program Files\Panda Security
2008-08-15 23:16 . 2008-08-15 23:16 <DIR> d-------- C:\Program Files\LClock
2008-08-15 22:32 . 2008-08-15 22:32 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-08-15 22:27 . 2008-08-15 22:27 <DIR> d-------- C:\Documents and Settings\Krib\Application Data\BitDefender
2008-08-15 22:25 . 2008-08-15 22:25 <DIR> d-------- C:\Program Files\BitDefender
2008-08-15 22:25 . 2008-08-15 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-08-15 22:23 . 2008-08-15 23:16 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-08-06 20:18 . 2008-08-06 20:18 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-08-06 19:11 . 2008-08-06 19:11 <DIR> d-------- C:\Documents and Settings\Krib\Application Data\Helios
2008-07-30 17:28 . 2008-07-30 17:28 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-30 17:28 . 2008-07-30 17:28 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-30 17:28 . 2008-07-30 17:28 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-30 17:28 . 2008-07-30 17:28 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-30 17:27 . 2008-07-30 17:28 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-30 16:13 . 2008-04-13 20:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-07-21 20:42 . 2008-07-21 20:42 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-07-20 23:35 . 2008-07-27 01:45 <DIR> d-------- C:\Program Files\EVEMon
2008-07-20 23:35 . 2008-07-27 01:45 <DIR> d-------- C:\Documents and Settings\Krib\Application Data\EVEMon
2008-07-20 18:00 . 2008-07-20 18:00 <DIR> d-------- C:\Documents and Settings\Preferences\EVE
2008-07-20 18:00 . 2008-07-20 18:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CCP
2008-07-19 13:55 . 2008-07-19 13:55 <DIR> d-------- C:\Program Files\Opera

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 12:31 --------- d-----w C:\Program Files\SpeedFan
2008-08-18 04:34 --------- d-----w C:\Program Files\Cryptainer
2008-08-18 03:56 --------- d-----w C:\Program Files\IconWorkshop
2008-08-17 23:28 --------- d-----w C:\Program Files\Common Files\Stardock
2008-08-17 23:23 --------- d-----w C:\Documents and Settings\Krib\Application Data\Stardock
2008-08-17 18:49 --------- d-----w C:\Program Files\Windows Live
2008-08-16 04:23 --------- d-----w C:\Program Files\eMule
2008-08-16 03:18 --------- d-----w C:\Program Files\7-Zip
2008-08-16 03:16 --------- d-----w C:\Documents and Settings\Krib\Application Data\uTorrent
2008-08-15 04:35 --------- d-----w C:\Program Files\MediaPortal
2008-08-11 23:56 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-11 23:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-10 23:47 --------- d-----w C:\Program Files\SnagIt 9
2008-08-08 03:46 --------- d-----w C:\Documents and Settings\Krib\Application Data\Xfire
2008-08-07 22:34 --------- d-----w C:\Program Files\Xfire
2008-08-01 22:57 --------- d-----w C:\Program Files\Google
2008-07-17 00:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-07-17 00:47 --------- d-----w C:\Program Files\TrayColor95
2008-07-11 00:24 --------- d-----w C:\Documents and Settings\Krib\Application Data\Windows Live Writer
2008-07-05 21:07 --------- d-----w C:\Program Files\Galactopedia
2008-07-05 20:33 --------- dc-h--w C:\Documents and Settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019}
2008-07-05 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Stardock
2008-07-05 20:32 --------- d-----w C:\Program Files\Stardock
2008-07-04 01:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-29 07:30 --------- d-----w C:\Program Files\Avast4
2008-03-08 20:17 161,862 --sha-r C:\Program Files\desktop1.ico
2008-03-08 20:17 123 --sha-r C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of D:\downloads ----

2008-08-16 00:31 178 --a------ D:\downloads\__TEMP\001.part.met.bak
2008-08-16 00:31 178 --a------ D:\downloads\__TEMP\001.part.met
2008-08-16 00:31 1105920 --a------ D:\downloads\__TEMP\001.part
2008-08-16 00:07 118 --a------ D:\downloads\__TEMP\003.part.met.bak
2008-08-16 00:07 118 --a------ D:\downloads\__TEMP\003.part.met
2008-08-16 00:07 0 --a------ D:\downloads\__TEMP\003.part
2008-08-15 20:30 142 --a------ D:\downloads\__TEMP\002.part.met.bak
2008-08-15 20:30 142 --a------ D:\downloads\__TEMP\002.part.met
2008-08-15 20:29 0 --a------ D:\downloads\__TEMP\002.part
2008-04-06 20:08 538624 --ahs---- D:\downloads\Cameraphone\Thumbs.db
2008-04-05 23:13 150773 --a------ D:\downloads\Cameraphone\cameraphone150.jpg
2008-04-05 23:12 152167 --a------ D:\downloads\Cameraphone\cameraphone149.jpg
2008-04-05 23:02 131254 --a------ D:\downloads\Cameraphone\cameraphone148.jpg
2008-04-05 18:47 206003 --a------ D:\downloads\Cameraphone\cameraphone146.jpg
2008-04-05 18:46 167491 --a------ D:\downloads\Cameraphone\cameraphone145.jpg
2008-04-05 14:35 179890 --a------ D:\downloads\Cameraphone\cameraphone143.jpg
2008-04-05 14:34 161880 --a------ D:\downloads\Cameraphone\cameraphone141.jpg
2008-04-05 14:34 158080 --a------ D:\downloads\Cameraphone\cameraphone142.jpg
2008-04-05 14:33 157806 --a------ D:\downloads\Cameraphone\cameraphone140.jpg
2008-04-05 14:33 149167 --a------ D:\downloads\Cameraphone\cameraphone139.jpg
2008-04-05 14:32 171763 --a------ D:\downloads\Cameraphone\cameraphone138.jpg
2008-04-05 14:32 171600 --a------ D:\downloads\Cameraphone\cameraphone137.jpg
2008-04-05 14:31 189452 --a------ D:\downloads\Cameraphone\cameraphone135.jpg
2008-04-05 14:31 180610 --a------ D:\downloads\Cameraphone\cameraphone136.jpg
2008-04-05 14:27 172169 --a------ D:\downloads\Cameraphone\cameraphone134.jpg
2008-04-05 14:26 184163 --a------ D:\downloads\Cameraphone\cameraphone132.jpg
2008-04-05 14:26 177462 --a------ D:\downloads\Cameraphone\cameraphone133.jpg
2008-04-05 14:22 187662 --a------ D:\downloads\Cameraphone\cameraphone130.jpg
2008-04-05 14:21 180786 --a------ D:\downloads\Cameraphone\cameraphone129.jpg
2008-04-05 14:21 125280 --a------ D:\downloads\Cameraphone\cameraphone127.jpg
2008-04-05 14:20 168709 --a------ D:\downloads\Cameraphone\cameraphone125.jpg
2008-04-05 14:20 145684 --a------ D:\downloads\Cameraphone\cameraphone126.jpg
2008-04-05 14:19 191782 --a------ D:\downloads\Cameraphone\cameraphone124.jpg
2008-04-05 14:19 177128 --a------ D:\downloads\Cameraphone\cameraphone123.jpg
2008-04-05 14:14 266108 --a------ D:\downloads\Cameraphone\cameraphone117.jpg
2008-04-05 14:12 160910 --a------ D:\downloads\Cameraphone\cameraphone116.jpg
2008-04-05 14:11 149003 --a------ D:\downloads\Cameraphone\cameraphone115.jpg
2008-04-05 14:09 248758 --a------ D:\downloads\Cameraphone\cameraphone113.jpg
2008-04-05 14:09 196750 --a------ D:\downloads\Cameraphone\cameraphone112.jpg
2008-04-05 14:07 240216 --a------ D:\downloads\Cameraphone\cameraphone110.jpg
2008-04-05 13:19 264074 --a------ D:\downloads\Cameraphone\cameraphone108.jpg
2008-04-05 13:18 149848 --a------ D:\downloads\Cameraphone\cameraphone107.jpg
2008-04-05 12:30 330694 --a------ D:\downloads\Cameraphone\cameraphone104.jpg
2008-04-05 12:30 313607 --a------ D:\downloads\Cameraphone\cameraphone105.jpg
2008-03-30 16:25 70 ---hs---- D:\downloads\Cameraphone\Desktop.ini
2007-12-06 01:30 96 --a-s---- D:\downloads\Phone stuff\old Start Menu\Applications\Get MySpace Mobile.lnk
2007-12-06 01:30 89 --a-s---- D:\downloads\Phone stuff\old Start Menu\Applications\Get MobiTV.lnk
2007-12-06 01:30 69 --a-s---- D:\downloads\Phone stuff\old Start Menu\IM & Email\Get XpressMail.lnk
2007-12-06 01:30 56 --a-s---- D:\downloads\Phone stuff\old Start Menu\Cellular Video.lnk
2007-12-06 01:30 54 --a-s---- D:\downloads\Phone stuff\old Start Menu\IM & Email\Get Good.lnk
2007-12-06 01:30 53 --a-s---- D:\downloads\Phone stuff\old Start Menu\ATT Mall\5 Shop Applications.lnk
2007-12-06 01:30 53 --a-s---- D:\downloads\Phone stuff\old Start Menu\ATT Mall\3 Shop Graphics.lnk
2007-12-06 01:30 50 --a-s---- D:\downloads\Phone stuff\old Start Menu\ATT Mall\4 Shop Multimedia.lnk
2007-12-06 01:30 49 --a-s---- D:\downloads\Phone stuff\old Start Menu\My Stuff\Personalize My Q\Home Screen Shortcuts.lnk
2007-12-06 01:30 49 --a-s---- D:\downloads\Phone stuff\old Start Menu\ATT Music\7 Community.lnk
2007-12-06 01:30 48 --a-s---- D:\downloads\Phone stuff\old Start Menu\My Stuff\Personalize My Q\Sounds and Ringtones.lnk
2007-12-06 01:30 48 --a-s---- D:\downloads\Phone stuff\old Start Menu\ATT Mall\1 Shop Tones.lnk
2007-12-06 01:30 48 --a-s---- D:\downloads\Phone stuff\old Start Menu\Applications\GetTeleNav GPS Navigator.lnk
2007-12-06 01:30 47 --a-s---- D:\downloads\Phone stuff\old Start Menu\My Stuff\Personalize My Q\Home Screen Settings.lnk
2007-12-06 01:30 46 --a-s---- D:\downloads\Phone stuff\old Start Menu\ATT Music\5 Music Videos.lnk
2007-12-06 01:30 46 --a-s---- D:\downloads\Phone stuff\old Start Menu\ATT Mall\2 Shop Games.lnk
2007-12-06 01:30 45 --a-s---- D:\downloads\Phone stuff\old Start Menu\My Stuff\My Documents.lnk
2007-12-06 01:30 44 --a-s---- D:\downloads\Phone stuff\old Start Menu\ATT Music\8 Music Apps.lnk
2007-12-06 01:30 42 --a-s---- D:\downloads\Phone stuff\old Start Menu\Applications\Java Manager.lnk
2007-12-06 01:30 41 --a-s---- D:\downloads\Phone stuff\old Start Menu\My Stuff\Storage Card.lnk
2007-12-06 01:30 40 --a-s---- D:\downloads\Phone stuff\old Start Menu\ATT Music\1 Windows Media Player.lnk
2007-12-06 01:30 40 --a-s---- D:\downloads\Phone stuff\old Start Menu\ATT Mall\6 Media Net Home.lnk
2007-12-06 01:30 36 --a-s---- D:\downloads\Phone stuff\old Start Menu\System Tools\Memory Manager.lnk
2007-12-06 01:30 36 --a-s---- D:\downloads\Phone stuff\old Start Menu\My Stuff\Personalize My Q\Home Screen Right Soft Key.lnk
2007-12-06 01:30 36 --a-s---- D:\downloads\Phone stuff\old Start Menu\Applications\File Manager.lnk
2007-12-06 01:30 35 --a-s---- D:\downloads\Phone stuff\old Start Menu\My Stuff\Personalize My Q\Start Menu View.lnk
2007-12-06 01:30 34 --a-s---- D:\downloads\Phone stuff\old Start Menu\Office Tools\McAfee VirusScan.lnk
2007-12-06 01:30 34 --a-s---- D:\downloads\Phone stuff\old Start Menu\My Stuff\My Device.lnk
2007-12-06 01:30 34 --a-s---- D:\downloads\Phone stuff\old Start Menu\ATT Music\2 Shop Music.lnk
2007-12-06 01:30 33 --a-s---- D:\downloads\Phone stuff\old Start Menu\My Stuff\Personalize My Q\Help.lnk
2007-12-06 01:30 33 --a-s---- D:\downloads\Phone stuff\old Start Menu\ATT Music\3 Music ID.lnk
2007-12-06 01:30 32 --a-s---- D:\downloads\Phone stuff\old Start Menu\System Tools\Task Manager.lnk
2007-12-06 01:30 32 --a-s---- D:\downloads\Phone stuff\old Start Menu\System Tools\Master Reset.lnk
2007-12-06 01:30 32 --a-s---- D:\downloads\Phone stuff\old Start Menu\System Tools\Master Clear.lnk
2007-12-06 01:30 31 --a-s---- D:\downloads\Phone stuff\old Start Menu\Games\Solitaire.lnk
2007-12-06 01:30 31 --a-s---- D:\downloads\Phone stuff\old Start Menu\Applications\MyCast Weather.lnk
2007-12-06 01:30 31 --a-s---- D:\downloads\Phone stuff\old Start Menu\Applications\Bluetooth\Bluetooth Manager.lnk
2007-12-06 01:30 30 --a-s---- D:\downloads\Phone stuff\old Start Menu\Applications\Documents To Go\Slideshow To Go.lnk
2007-12-06 01:30 30 --a-s---- D:\downloads\Phone stuff\old Start Menu\Applications\Bluetooth\BT Send Object.lnk
2007-12-06 01:30 29 --a-s---- D:\downloads\Phone stuff\old Start Menu\System Tools\Format Storage Card.lnk
2007-12-06 01:30 29 --a-s---- D:\downloads\Phone stuff\old Start Menu\MEdia Net.lnk
2007-12-06 01:30 29 --a-s---- D:\downloads\Phone stuff\old Start Menu\Calendar.lnk
2007-12-06 01:30 28 --a-s---- D:\downloads\Phone stuff\old Start Menu\System Tools\Help and QuickStart.lnk
2007-12-06 01:30 28 --a-s---- D:\downloads\Phone stuff\old Start Menu\Opera.lnk
2007-12-06 01:30 28 --a-s---- D:\downloads\Phone stuff\old Start Menu\Applications\Bluetooth\BT PC Remote.lnk
2007-12-06 01:30 27 --ahs---- D:\downloads\Phone stuff\old Start Menu\Voicemail.lnk
2007-12-06 01:30 26 --a-s---- D:\downloads\Phone stuff\old Start Menu\Applications\Documents To Go\Sheet To Go.lnk
2007-12-06 01:30 24 --a-s---- D:\downloads\Phone stuff\old Start Menu\System Tools\Settings.lnk
2007-12-06 01:30 24 --a-s---- D:\downloads\Phone stuff\old Start Menu\Applications\Documents To Go\Word To Go.lnk
2007-12-06 01:30 24 --a-s---- D:\downloads\Phone stuff\old Start Menu\ActiveSync.lnk
2007-12-06 01:30 23 --a-s---- D:\downloads\Phone stuff\old Start Menu\Office Tools\Tasks.lnk
2007-12-06 01:30 23 --a-s---- D:\downloads\Phone stuff\old Start Menu\Office Tools\Calculator.lnk
2007-12-06 01:30 22 --a-s---- D:\downloads\Phone stuff\old Start Menu\Office Tools\Voice Notes.lnk
2007-12-06 01:30 22 --a-s---- D:\downloads\Phone stuff\old Start Menu\Games\Bubble Breaker.lnk
2007-12-06 01:30 22 --a-s---- D:\downloads\Phone stuff\old Start Menu\Applications\Documents To Go\Zip To Go.lnk
2007-12-06 01:30 22 --a-s---- D:\downloads\Phone stuff\old Start Menu\Applications\Documents To Go\PDF To Go.lnk
2007-12-06 01:30 22 --a-s---- D:\downloads\Phone stuff\old Start Menu\Applications\Camera.lnk
2007-12-06 01:30 21 --a-s---- D:\downloads\Phone stuff\old Start Menu\My Stuff\Photos.lnk
2007-12-06 01:30 21 --a-s---- D:\downloads\Phone stuff\old Start Menu\My Stuff\Notes.lnk
2007-12-06 01:30 21 --a-s---- D:\downloads\Phone stuff\old Start Menu\IM & Email\IM.lnk
2007-12-06 01:30 21 --a-s---- D:\downloads\Phone stuff\old Start Menu\Call History.lnk
2007-12-06 01:30 21 --a-s---- D:\downloads\Phone stuff\old Start Menu\Applications\Speed Dial.lnk
2007-12-06 01:30 20 --ahs---- D:\downloads\Phone stuff\old Start Menu\System Tools\icon.lnk
2007-12-06 01:30 20 --a-s---- D:\downloads\Phone stuff\old Start Menu\ATT Music\4 XM Radio.lnk
2007-12-06 01:30 17 --a-s---- D:\downloads\Phone stuff\old Start Menu\Applications\Internet Explorer.lnk
2007-12-06 01:30 15 --ahs---- D:\downloads\Phone stuff\old Start Menu\ATT Music\icon.lnk
2007-12-06 01:30 15 --ahs---- D:\downloads\Phone stuff\old Start Menu\Applications\icon.lnk
2007-12-06 01:30 15 --ahs---- D:\downloads\Phone stuff\old Start Menu\Applications\Documents To Go\icon.lnk
2007-12-06 01:30 14 --ahs---- D:\downloads\Phone stuff\old Start Menu\SimTkUI.lnk
2007-12-06 01:30 13 --ahs---- D:\downloads\Phone stuff\old Start Menu\Applications\Bluetooth\icon.lnk
2007-12-06 01:30 12 --ahs---- D:\downloads\Phone stuff\old Start Menu\Office Tools\icon.lnk
2007-12-06 01:30 12 --ahs---- D:\downloads\Phone stuff\old Start Menu\My Stuff\Personalize My Q\icon.lnk
2007-12-06 01:30 12 --a-s---- D:\downloads\Phone stuff\old Start Menu\Games\Get Games\icon.lnk
2007-12-06 01:30 113 --a-s---- D:\downloads\Phone stuff\old Start Menu\ATT Music\6 The Buzz.lnk
2007-12-06 01:30 110 --a-s---- D:\downloads\Phone stuff\old Start Menu\Games\Get Games\Get Brain Challenge.lnk
2007-12-06 01:30 108 --a-s---- D:\downloads\Phone stuff\old Start Menu\Games\Get Games\Get EA Scrabble Blast.lnk
2007-12-06 01:30 105 --a-s---- D:\downloads\Phone stuff\old Start Menu\Games\Get Games\Get EA Sports Tiger Woods.lnk
2007-12-06 01:30 102 --a-s---- D:\downloads\Phone stuff\old Start Menu\Games\Get Games\Get PAC-MAN Ms.PAC-MAN.lnk
2007-12-06 01:30 10 --ahs---- D:\downloads\Phone stuff\old Start Menu\My Stuff\icon.lnk
2007-12-06 01:30 10 --ahs---- D:\downloads\Phone stuff\old Start Menu\IM & Email\icon.lnk
2007-12-06 01:30 10 --ahs---- D:\downloads\Phone stuff\old Start Menu\Games\icon.lnk
2007-12-06 01:30 10 --ahs---- D:\downloads\Phone stuff\old Start Menu\ATT Mall\icon.lnk
2007-12-05 22:26 1023380 --a------ D:\downloads\Phone stuff\Apps\GoogleMaps.CAB
2007-12-05 20:56 100921 --a------ D:\downloads\Phone stuff\Homescreens\circle2.jpg
2007-12-05 20:51 43 --a------ D:\downloads\Phone stuff\old Start Menu\Facade Settings.lnk
2007-12-05 20:44 49 --a------ D:\downloads\Phone stuff\old Start Menu\ElecontWeather.lnk
2007-12-05 20:42 62 --a------ D:\downloads\Phone stuff\old Start Menu\Resco Registry.lnk
2007-12-05 20:41 65 --a------ D:\downloads\Phone stuff\old Start Menu\System Info.lnk
2007-12-05 20:41 47 --a------ D:\downloads\Phone stuff\old Start Menu\Resco Explorer.lnk
2007-12-03 22:14 21504 --ahs---- D:\downloads\Phone stuff\Wallpaper\Thumbs.db
2007-12-03 21:42 854809 --a------ D:\downloads\Phone stuff\Apps\sktoolslite.zip
2007-12-02 18:18 1981866 --a------ D:\downloads\Phone stuff\Apps\Rivia Gentimer 2.01.zip
2007-12-02 05:16 87741 --a------ D:\downloads\Phone stuff\Apps\Resco.System.Toys.1.32.zip
2007-12-02 01:05 438472 --a------ D:\downloads\Phone stuff\Homescreens\circle2.psd
2007-12-02 00:55 1974272 --a------ D:\downloads\Phone stuff\Apps\Elecont Weather.exe
2007-12-02 00:47 605774 --a------ D:\downloads\Phone stuff\Apps\Tube2 NYC.cab
2007-12-01 14:01 1054511 --a------ D:\downloads\Phone stuff\Apps\Spb Insight.rar
2007-11-30 23:19 1633955 --a------ D:\downloads\Phone stuff\Apps\Facade_v1.31.zip
2007-11-26 00:38 2792198 --a------ D:\downloads\Phone stuff\Apps\Ruttensoft.rar
2007-11-25 20:21 5467648 --a------ D:\downloads\Phone stuff\Apps\mobireadersetup.msi
2007-11-25 00:44 83733 --a------ D:\downloads\Phone stuff\Homescreens\Krib.CAB
2007-11-24 23:46 529 --a------ D:\downloads\Phone stuff\Homescreens\Black Scheme (WM6).cab
2007-11-24 22:08 12567 --a------ D:\downloads\Phone stuff\Apps\Flashlight.zip
2007-11-24 21:51 2081660 --a------ D:\downloads\Phone stuff\Games\Virtual Pool 1.77.rar
2007-11-24 21:36 63 --a------ D:\downloads\Phone stuff\old Start Menu\Real Dice World.lnk
2007-11-23 22:42 3262653 --a------ D:\downloads\Phone stuff\Apps\Homescreen Builder.zip
2007-11-05 20:48 304 --ahs---- D:\downloads\Unsorted Music\Russian Circles\desktop.ini
2007-11-05 20:48 303 --ahs---- D:\downloads\Unsorted Music\Russian Circles\Enter\desktop.ini
2007-11-05 12:57 292 --ahs---- D:\downloads\Unsorted Music\Isis\Oceanic\desktop.ini
2007-11-05 00:06 299 --ahs---- D:\downloads\Unsorted Music\Pelican\Australasia\desktop.ini
2007-09-17 00:44 53062 --a------ D:\downloads\Phone stuff\Wallpaper\Lemming.jpg
2007-09-17 00:20 34199 --a------ D:\downloads\Phone stuff\Wallpaper\Koi.jpg
2007-09-17 00:10 48726 --a------ D:\downloads\Phone stuff\Wallpaper\Sims.jpg
2007-09-16 23:58 49745 --a------ D:\downloads\Phone stuff\Wallpaper\Earth.jpg
2007-09-06 15:20 403 --ahs---- D:\downloads\Unsorted Music\Pelican\desktop.ini
2007-09-06 15:15 350 --ahs---- D:\downloads\Unsorted Music\Isis\desktop.ini
2007-08-18 00:46 8884 --a------ D:\downloads\Phone stuff\Ringtones\Ring10.mp3
2007-08-18 00:46 23449 --a------ D:\downloads\Phone stuff\Ringtones\Ring12.mp3
2007-08-18 00:45 14464 --a------ D:\downloads\Phone stuff\Ringtones\Ring13.mp3
2007-08-15 23:15 44228 --a------ D:\downloads\Phone stuff\Wallpaper\Green earth.jpg
2007-08-15 23:04 40987 --a------ D:\downloads\Phone stuff\Wallpaper\Blex.jpg
2007-08-15 21:57 48499 --a------ D:\downloads\Phone stuff\Wallpaper\Bunny.jpg
2007-01-03 22:50 2828 --ah----- D:\downloads\folder.jpg
2006-11-10 17:44 800850 --a------ D:\downloads\Phone stuff\IBM J9\lib\charconv-src.zip
2006-11-10 17:44 719338 --a------ D:\downloads\Phone stuff\IBM J9\lib\jclMidp20\source\source.zip
2006-11-10 17:44 578048 --a------ D:\downloads\Phone stuff\IBM J9\bin\j9vmall23.dll
2006-11-10 17:44 44032 --a------ D:\downloads\Phone stuff\IBM J9\bin\j9mjitd23.dll
2006-11-10 17:44 44032 --a------ D:\downloads\Phone stuff\IBM J9\bin\emulator.exe
2006-11-10 17:44 43008 --a------ D:\downloads\Phone stuff\IBM J9\bin\j9midp20.exe
2006-11-10 17:44 37888 --a------ D:\downloads\Phone stuff\IBM J9\bin\j9.exe
2006-11-10 17:44 37376 --a------ D:\downloads\Phone stuff\IBM J9\bin\j9w.exe
2006-11-10 17:44 309248 --a------ D:\downloads\Phone stuff\IBM J9\bin\ivemidp20_23.dll
2006-11-10 17:44 27335 --a------ D:\downloads\Phone stuff\IBM J9\lib\j2me.keystore
2006-11-10 17:44 198656 --a------ D:\downloads\Phone stuff\IBM J9\bin\jclmidp20_23.dll
2006-11-10 17:44 1982 --a------ D:\downloads\Phone stuff\IBM J9\lib\security.policy
2006-11-10 17:44 192 --a------ D:\downloads\Phone stuff\IBM J9\lib\jclMidp20\AMS.jad
2006-11-10 17:44 15644 --a------ D:\downloads\Phone stuff\IBM J9\bin\java.properties
2006-11-10 17:44 13312 --a------ D:\downloads\Phone stuff\IBM J9\bin\j9rdbi23.dll
2006-11-10 17:44 108544 --a------ D:\downloads\Phone stuff\IBM J9\bin\j9mjit23.dll
2006-11-10 17:44 1035305 --a------ D:\downloads\Phone stuff\IBM J9\lib\charconv.zip
2006-11-10 17:44 101888 --a------ D:\downloads\Phone stuff\IBM J9\bin\j9dbg23.dll
2006-11-10 17:44 1013165 --a------ D:\downloads\Phone stuff\IBM J9\lib\jclMidp20\jclMidp20.jxe
2006-11-09 11:37 300074 --a------ D:\downloads\Phone stuff\Games\Java Games\Pro Golf 2007.jar
2006-10-29 04:49 77 ---hs---- D:\downloads\__TEMP\Desktop.ini
2005-01-02 01:09 42 --a-s---- D:\downloads\Phone stuff\old Start Menu\old Java Manager.lnk
2005-01-02 01:09 36 --a-s---- D:\downloads\Phone stuff\old Start Menu\File Manager.lnk
2005-01-02 01:09 33 --a-s---- D:\downloads\Phone stuff\old Start Menu\Help.lnk
2005-01-02 01:09 29 --a-s---- D:\downloads\Phone stuff\old Start Menu\Contacts.lnk
2005-01-02 01:09 22 --a-s---- D:\downloads\Phone stuff\old Start Menu\Messaging.lnk
2004-11-08 20:44 1443232 --a------ D:\downloads\Phone stuff\Games\ROMs\Sonic 2 Delta III V0.2 (Hack).bin


((((((((((((((((((((((((((((( snapshot@2008-08-16_14.36.43.65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-17 23:23:55 700,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\02a59a9f95af482ff4a8182fe046c6f8\ICSharpCode.SharpZipLib.ni.dll
+ 2008-08-17 23:18:08 700,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\df51622b6f1fcf161dd4ae4ce6143010\ICSharpCode.SharpZipLib.ni.dll
+ 2008-08-17 23:18:20 3,715,072 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Impulse\62d10b7de67736e743747c7a923502fd\Impulse.ni.exe
+ 2008-08-17 23:24:08 3,940,352 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Impulse\fa9176121e5d2978ecd5b6295c96083c\Impulse.ni.exe
+ 2008-08-17 23:18:33 2,289,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ImpulseDock\0a5b4a8eef0f2a559620d2dcaadde88c\ImpulseDock.ni.exe
+ 2008-08-17 23:24:32 2,289,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ImpulseDock\bee28aea4a8f74e16a5b3a83292f9f0d\ImpulseDock.ni.exe
+ 2008-08-17 23:24:01 118,784 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\586a3d7b1fec472f59e1f5404640f779\Interop.IWshRuntimeLibrary.ni.dll
+ 2008-08-17 23:18:14 118,784 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\65fd8b7dd445b53bc0d5d04ab5ff1486\Interop.IWshRuntimeLibrary.ni.dll
+ 2008-08-17 23:24:25 18,370,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.mshtml\68d912ba5a0696bca680060ad65e7e00\Microsoft.mshtml.ni.dll
+ 2008-08-17 23:18:09 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MyDock.Util\5adcebefee312f5053a7cf554280d080\MyDock.Util.ni.dll
+ 2008-08-17 23:23:56 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MyDock.Util\fae821e07df4f9206cfdd92c12dc29f4\MyDock.Util.ni.dll
+ 2008-08-17 23:18:30 282,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sd.Central.Archive.#\03539fe86de2c6ebd86980dbe0a6fa92\Sd.Central.Archive.XmlSerializers.ni.dll
+ 2008-08-17 23:24:38 282,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sd.Central.Archive.#\889e580ff9ea206b4246303578a29ab7\Sd.Central.Archive.XmlSerializers.ni.dll
+ 2008-08-17 23:23:59 122,880 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sd.Central.Archive\52825b2ce1bb114c1850296b298af376\Sd.Central.Archive.ni.dll
+ 2008-08-17 23:18:13 118,784 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sd.Central.Archive\ba853e7a11198d2727282360da5aec2c\Sd.Central.Archive.ni.dll
+ 2008-08-17 23:23:56 167,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\sd.central.cmp.serv#\ad433a2865b039cc50196ac54b297eb2\sd.central.cmp.server.ni.dll
+ 2008-08-17 23:18:10 159,744 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\sd.central.cmp.serv#\bdcc44f35d144eb5b3192ae92472c057\sd.central.cmp.server.ni.dll
+ 2008-08-17 23:24:35 491,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sd.Common.XmlSerial#\5de69517282387849041bb9e1126d120\Sd.Common.XmlSerializers.ni.dll
+ 2008-08-17 23:18:27 471,040 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sd.Common.XmlSerial#\917f5059bef7a75ef21e288ef223efe2\Sd.Common.XmlSerializers.ni.dll
+ 2008-08-17 23:18:07 1,003,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sd.Common\be4894098f63ea5919a3b94071f5cd43\Sd.Common.ni.dll
+ 2008-08-17 23:23:54 1,028,096 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sd.Common\ed8e0aa5fed59165da1f934c15f9c2d4\Sd.Common.ni.dll
+ 2008-08-17 23:18:14 299,008 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sd.InstallManager\07abbf31d027489b366be71d0e5e435d\Sd.InstallManager.ni.dll
+ 2008-08-17 23:24:00 299,008 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sd.InstallManager\1b0d3e75a5ee1c2a082779bde9cccfdd\Sd.InstallManager.ni.dll
+ 2008-08-17 23:18:11 761,856 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sd.Irc\222ecc9fbb9a18bc0717d1601c9642cc\Sd.Irc.ni.dll
+ 2008-08-17 23:23:57 790,528 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sd.Irc\c6d948f9f3206ec125b2df0c28d6bb15\Sd.Irc.ni.dll
+ 2008-08-17 23:18:12 167,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sd.UI\e354fb1966556c130ca7116a1d6b745d\Sd.UI.ni.dll
+ 2008-08-17 23:23:58 167,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sd.UI\f58b3b4e7a564147931f0aec64fbbfdc\Sd.UI.ni.dll
+ 2008-08-17 23:24:01 98,304 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sd.Uninstall\93ba2bb4fa597a463c70cca5345739f5\Sd.Uninstall.ni.dll
+ 2008-08-17 23:18:15 98,304 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sd.Uninstall\fcb8327535b15da541feed79d5f800f8\Sd.Uninstall.ni.dll
+ 2008-08-17 23:18:16 618,496 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sd.Web\0ecd29159bb07b6bbe3f2bd49e9421e7\Sd.Web.ni.dll
+ 2008-08-17 23:24:03 638,976 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sd.Web\a58b02d67402fdc28edd93c621a9420a\Sd.Web.ni.dll
+ 2008-08-17 23:23:59 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sd\417aed6299996e971029b0e9d9b6dd69\Sd.ni.dll
+ 2008-08-17 23:18:12 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sd\75bd099b49c3518282e4e2c3db9c8135\Sd.ni.dll
+ 2008-08-17 23:24:09 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SharpBITS.Base\3010bd0ebbe259cf7d479eab1713cffc\SharpBITS.Base.ni.dll
+ 2008-08-17 23:18:21 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SharpBITS.Base\5d8a68536f73f1e61a7e4eaea07e2be8\SharpBITS.Base.ni.dll
+ 2008-08-17 23:23:54 55,296 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Stardock.Central.Se#\6f180359173fa68689ec4b829335bb13\Stardock.Central.Security.ni.dll
+ 2008-08-17 23:18:07 55,296 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Stardock.Central.Se#\a44e3ac4c01803fc197d72c00e459015\Stardock.Central.Security.ni.dll
+ 2008-08-17 23:18:23 618,496 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VDialog\1517c058aa6355eee8e353ff6b9a202b\VDialog.ni.dll
+ 2008-08-17 23:24:27 618,496 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VDialog\8cafea5ee19b81cfd1d0493f71e9f3bb\VDialog.ni.dll
+ 2008-08-17 23:18:22 364,544 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\afe2a525fc6444911dae6cfddf2f7d83\VistaBridgeLibrary.ni.dll
+ 2008-08-17 23:24:26 364,544 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\f56c34034c2e17d483e1046bab282aed\VistaBridgeLibrary.ni.dll
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-08-18 12:31:30 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_55c.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 14:27 65536]
"Task Killer"="C:\Program Files\Task Killer\TaskKiller.exe" [2007-11-04 08:51 221696]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:39 1289000]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 03:08 2512392]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\Krib\Start Menu\Programs\Startup\
FreeMeter.lnk - C:\Program Files\FreeMeter\FreeMeter.exe [2008-03-08 15:20:22 614400]
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [2008-08-17 15:00:37 286720]
LClock.lnk - C:\Program Files\LClock\LClock.exe [2004-09-19 14:27:44 65536]
LM Remote KeyMap.lnk - C:\WINDOWS\Installer\{EFDE10CE-DE28-4F9D-8ACB-789CD61850D0}\_EFD2873346CB79D27B0C79.exe [2008-03-08 19:09:12 22486]
Loadout Manager.lnk - C:\Program Files\Belkin\Nostromo\nost_LM.exe [2004-04-06 15:49:02 454656]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-08 01:46:53 789008]
Speedfan.lnk - C:\Program Files\SpeedFan\speedfan.exe [2007-09-17 13:04:02 2902528]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-03-08 02:06:17 3683824]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
"NoUserNameInStartMenu"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 13:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-03-08 04:45 210168 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 19:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 19:16]
R2 LM Remote KeyMap Blaster Service;LM Remote KeyMap Blaster;C:\Program Files\LM Gestion\LM Remote KeyMap\LM Remote KeyMap Blaster.exe [2008-02-23 18:00]
R2 ssoftnt4;ssoftnt4;C:\WINDOWS\system32\Drivers\ssoftnt4.sys [2007-01-24 12:16]
R3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-12-30 10:53]
S3 bcgame;Nostromo HID Device Minidriver;C:\WINDOWS\system32\drivers\bcgame.sys [2003-07-24 02:16]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ae9b7d7-f38d-11dc-90d2-123456789abc}]
\Shell\AutoRun\command - M:\go.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]

2008-08-18 C:\WINDOWS\Tasks\GoogleUpdateTask.job
- C:\Program Files\Google\Update\GoogleUpdate.exe []
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 08:32:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\LM Gestion\LM Remote KeyMap\LM Remote KeyMap.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\cryptainersrv.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\COMMON~1\SNAPST~1\Common\X10nets.exe
.
**************************************************************************
.
Completion time: 2008-08-18 8:48:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-18 12:48:35
ComboFix2.txt 2008-08-16 18:37:38

Pre-Run: 43,133,620,224 bytes free
Post-Run: 43,067,035,648 bytes free

1852 --- E O F --- 2008-06-29 07:42:25

[Mike]

hi there,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Post back with that and a new hijack this log, how is your PC running?

[Krib]

Hi. MBAM found zilch, and the PC is running very well. Hijack This below:

ComboFix 08-08-18.05 - Krib 2008-08-19 23:25:01.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1419 [GMT -4:00]
Running from: C:\Documents and Settings\Krib\Desktop\Combo-Fix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-20 to 2008-08-20 )))))))))))))))))))))))))))))))
.

2008-08-19 22:36 . 2008-08-19 22:36 <DIR> d-------- C:\Documents and Settings\Krib\Application Data\Malwarebytes
2008-08-19 22:36 . 2008-08-19 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-19 00:32 . 2008-08-19 00:32 <DIR> dr------- C:\Documents and Settings\Preferences\My Videos
2008-08-18 09:00 . 2008-08-18 09:00 <DIR> d-------- C:\fsaua.data
2008-08-17 17:33 . 2008-08-17 18:26 <DIR> d-------- C:\Program Files\AutoIt3
2008-08-17 15:00 . 2008-08-17 15:08 <DIR> d-------- C:\Program Files\Launchy
2008-08-16 22:58 . 2008-08-17 19:49 <DIR> d-------- C:\Program Files\Bat to Exe
2008-08-16 20:31 . 2008-08-16 20:33 <DIR> d-------- C:\Documents and Settings\Krib\Application Data\GetRightToGo
2008-08-16 02:57 . 2008-08-17 15:08 <DIR> d-------- C:\Documents and Settings\Krib\Application Data\Launchy
2008-08-16 01:22 . 2008-08-16 01:23 <DIR> d-------- C:\Documents and Settings\Krib\Application Data\PenProtect
2008-08-16 00:28 . 2008-08-16 00:28 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-15 23:53 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-15 23:52 . 2008-08-15 23:52 <DIR> d-------- C:\Program Files\Panda Security
2008-08-15 23:16 . 2008-08-15 23:16 <DIR> d-------- C:\Program Files\LClock
2008-08-15 22:32 . 2008-08-15 22:32 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-08-15 22:27 . 2008-08-15 22:27 <DIR> d-------- C:\Documents and Settings\Krib\Application Data\BitDefender
2008-08-15 22:25 . 2008-08-15 22:25 <DIR> d-------- C:\Program Files\BitDefender
2008-08-15 22:25 . 2008-08-15 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-08-15 22:23 . 2008-08-15 23:16 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-08-06 20:18 . 2008-08-06 20:18 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-08-06 19:11 . 2008-08-06 19:11 <DIR> d-------- C:\Documents and Settings\Krib\Application Data\Helios
2008-07-30 17:28 . 2008-07-30 17:28 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-30 17:28 . 2008-07-30 17:28 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-30 17:28 . 2008-07-30 17:28 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-30 17:28 . 2008-07-30 17:28 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-30 17:27 . 2008-07-30 17:28 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-30 16:13 . 2008-04-13 20:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-07-21 20:42 . 2008-07-21 20:42 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-07-20 23:35 . 2008-07-27 01:45 <DIR> d-------- C:\Program Files\EVEMon
2008-07-20 23:35 . 2008-07-27 01:45 <DIR> d-------- C:\Documents and Settings\Krib\Application Data\EVEMon
2008-07-20 18:00 . 2008-07-20 18:00 <DIR> d-------- C:\Documents and Settings\Preferences\EVE
2008-07-20 18:00 . 2008-07-20 18:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CCP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-20 03:22 --------- d-----w C:\Program Files\SpeedFan
2008-08-19 02:25 --------- d-----w C:\Documents and Settings\Krib\Application Data\uTorrent
2008-08-19 01:50 --------- d-----w C:\Program Files\MediaPortal
2008-08-18 21:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-18 04:34 --------- d-----w C:\Program Files\Cryptainer
2008-08-18 03:56 --------- d-----w C:\Program Files\IconWorkshop
2008-08-17 23:28 --------- d-----w C:\Program Files\Common Files\Stardock
2008-08-17 23:23 --------- d-----w C:\Documents and Settings\Krib\Application Data\Stardock
2008-08-17 18:49 --------- d-----w C:\Program Files\Windows Live
2008-08-16 04:23 --------- d-----w C:\Program Files\eMule
2008-08-16 03:18 --------- d-----w C:\Program Files\7-Zip
2008-08-11 23:56 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-11 23:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-10 23:47 --------- d-----w C:\Program Files\SnagIt 9
2008-08-08 03:46 --------- d-----w C:\Documents and Settings\Krib\Application Data\Xfire
2008-08-07 22:34 --------- d-----w C:\Program Files\Xfire
2008-08-01 22:57 --------- d-----w C:\Program Files\Google
2008-07-19 17:55 --------- d-----w C:\Program Files\Opera
2008-07-17 00:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-07-17 00:47 --------- d-----w C:\Program Files\TrayColor95
2008-07-11 00:24 --------- d-----w C:\Documents and Settings\Krib\Application Data\Windows Live Writer
2008-07-05 21:07 --------- d-----w C:\Program Files\Galactopedia
2008-07-05 20:33 --------- dc-h--w C:\Documents and Settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019}
2008-07-05 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Stardock
2008-07-05 20:32 --------- d-----w C:\Program Files\Stardock
2008-07-04 01:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-29 07:30 --------- d-----w C:\Program Files\Avast4
2008-03-08 20:17 161,862 --sha-r C:\Program Files\desktop1.ico
2008-03-08 20:17 123 --sha-r C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot_2008-08-18_ 8.48.06.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-27 19:59:28 290,816 ----a-w C:\WINDOWS\Downloaded Program Files\auc_lib.dll
+ 2008-02-27 19:59:28 495,616 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll
+ 2008-02-27 20:00:12 262,144 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll
+ 2008-02-27 19:59:16 588,392 ----a-w C:\WINDOWS\Downloaded Program Files\gatelauncher.exe
- 2008-03-09 06:22:20 9,728 ----a-w C:\WINDOWS\system32\BASSMOD.dll
+ 2008-08-18 21:45:50 10,752 ----a-w C:\WINDOWS\system32\BASSMOD.dll
+ 2006-07-24 14:50:38 125,744 ----a-w C:\WINDOWS\system32\MSSTDFMT.DLL
+ 2006-07-24 14:50:40 39,728 ----a-w C:\WINDOWS\system32\SCP32.DLL
+ 2006-07-24 14:50:40 47,920 ----a-w C:\WINDOWS\system32\VBAME.DLL
+ 2008-08-20 03:22:45 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_564.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 14:27 65536]
"Task Killer"="C:\Program Files\Task Killer\TaskKiller.exe" [2007-11-04 08:51 221696]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:39 1289000]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 03:08 2512392]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\Krib\Start Menu\Programs\Startup\
FreeMeter.lnk - C:\Program Files\FreeMeter\FreeMeter.exe [2008-03-08 15:20:22 614400]
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [2008-08-17 15:00:37 286720]
LClock.lnk - C:\Program Files\LClock\LClock.exe [2004-09-19 14:27:44 65536]
LM Remote KeyMap.lnk - C:\WINDOWS\Installer\{EFDE10CE-DE28-4F9D-8ACB-789CD61850D0}\_EFD2873346CB79D27B0C79.exe [2008-03-08 19:09:12 22486]
Loadout Manager.lnk - C:\Program Files\Belkin\Nostromo\nost_LM.exe [2004-04-06 15:49:02 454656]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-08 01:46:53 789008]
Speedfan.lnk - C:\Program Files\SpeedFan\speedfan.exe [2007-09-17 13:04:02 2902528]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-03-08 02:06:17 3683824]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
"NoUserNameInStartMenu"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 13:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-03-08 04:45 210168 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 19:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 19:16]
R2 LM Remote KeyMap Blaster Service;LM Remote KeyMap Blaster;C:\Program Files\LM Gestion\LM Remote KeyMap\LM Remote KeyMap Blaster.exe [2008-02-23 18:00]
R2 ssoftnt4;ssoftnt4;C:\WINDOWS\system32\Drivers\ssoftnt4.sys [2007-01-24 12:16]
R3 bcgame;Nostromo HID Device Minidriver;C:\WINDOWS\system32\drivers\bcgame.sys [2003-07-24 02:16]
R3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-12-30 10:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ae9b7d7-f38d-11dc-90d2-123456789abc}]
\Shell\AutoRun\command - M:\go.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-08-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]

2008-08-20 C:\WINDOWS\Tasks\GoogleUpdateTask.job
- C:\Program Files\Google\Update\GoogleUpdate.exe []
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Krib\Application Data\Mozilla\Firefox\Profiles\d61ex3g0.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.nytimes.com
FF -: plugin - C:\Program Files\Google\Lively\nplively.dll
FF -: plugin - C:\Program Files\Google\Update\1.2.121.17\npGoogleOneClick.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-19 23:28:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
Completion time: 2008-08-19 23:34:58
ComboFix-quarantined-files.txt 2008-08-20 03:34:03
ComboFix2.txt 2008-08-18 12:48:46
ComboFix3.txt 2008-08-16 18:37:38

Pre-Run: 42,974,429,184 bytes free
Post-Run: 43,048,652,800 bytes free

194 --- E O F --- 2008-06-29 07:42:25

Got any particular free scanners you recommend keeping around? I've been going with Avast, but wouldn't mind switching if it's going to be helpful.

[Mike]

Hi there,

I was still interested in seeing a Hijack This log (the thing you posted was from combofix, the opening post has a hijack this log.)
If you say its running well and nothing was found I'm not going to make you wait by asking you to post it

Click START then RUN
Now type Combofix /u in the runbox and click OK

Notice the space between the x and / -- That needs to be there.

&

Now please download OTCleanIt.

• Save it to your desktop.
• Double Click on OTCleanIt.exe, a window will appear.
• Please press the CleanUp! Button.

This will remove the tools we used during the process of cleaning your computer.

MBAM needs to be uninstalled manually.

Now that your are clean, you'll want to stay that way.

Some important things that you should keep in mind in order to protect yourself:

• Use common sense. This is the big one! Don't download programs from suspicious sites and be careful where you browse.
  Things you can do to avoid downloading bad programs:
  • Google the program. Read reviews and opinions from other people on the internet, if you dont see any reports of foul play - then there more than likely is none.
  • Stay away from Cracks! However luring the thought of free software can be it's not worth the hassle and potential danger of getting infected.
  • Download the program directly from the website of the developer - then you can be certain you haven't downloaded a bogus copy.
  • Read the EULA (End User License Agreement) - Find out exactly what you are downloading. A good tool to aid you in this would be EULAyzer.
• Keep your programs updated! Software developers update their programs to patch possible security risks. Do a scan once in a while for outdated programs using Secunia's Software Inspector
• Keep your protection programs up to date! No matter how good your Antivirus or Antispyware program is, without an updated set of definitions it will do you no good against the new infections. If you run a free program make sure to update them at least once a week.
• Make sure that windows updates is enabled. Keeping your system up to date is a must - to turn on automatic updates take a look at this article by Microsoft.

I have listed two programs to boost your security while using no resources.

• SpywareBlaster Take a look at the tutorial here.
• ZonedOut Adds thousands of websites to your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Also consider using an alternative web browser. Two big named ones, both far superior to Internet Explorer in terms of security and performance, would be Firefox and Opera.

Make a habit of scanning your computer for viruses every week or so and backing up important files regularly.

Please also read Expert Tony Klein's excellent article: How I got Infected in the First Place

Please post back and tell me if everything is OK, so that I may mark this thread as Resolved.

[Krib]

lol oops. You did ask for HijackThis, didn't you. It's below. I'll do the other stuff this evening and post again.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:48 AM, on 8/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\Task Killer\TaskKiller.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\LM Gestion\LM Remote KeyMap\LM Remote KeyMap.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LM Gestion\LM Remote KeyMap\LM Remote KeyMap Blaster.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\cryptainersrv.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Google Update Helper - {25D596E9-BD03-4D4A-8310-5DF3B31E8D26} - C:\Program Files\Google\Update\1.2.121.17\GoopdateBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [Task Killer] C:\Program Files\Task Killer\TaskKiller.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: FreeMeter.lnk = C:\Program Files\FreeMeter\FreeMeter.exe
O4 - Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Startup: LClock.lnk = C:\Program Files\LClock\LClock.exe
O4 - Startup: LM Remote KeyMap.lnk = ?
O4 - Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Startup: Speedfan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1204955729015
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LM Remote KeyMap Blaster (LM Remote KeyMap Blaster Service) - LM Gestion - C:\Program Files\LM Gestion\LM Remote KeyMap\LM Remote KeyMap Blaster.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe

--
End of file - 8146 bytes

[Mike]

Hi there

Looks good, you need to update your JAVA though... and just to be sure you installed Taskkiller no?

• Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.

Tell me how everything went

[Krib]

Java updated and cleanup performed. Thanks again. You can close; another satisfied customer. I'll be donating.

[Mike]

Thank you very much for the kind words

Take care and have a great day still!

Mike

[Mike]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.