ComboFix 08-08-18.05 - damageplan 2008-08-20 22:15:10.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.756 [GMT -4:00] Running from: C:\Documents and Settings\damageplan.BEYOND\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\damageplan.BEYOND\Desktop\CFScript.txt * Created a new restore point * Resident AV is active FILE :: C:\WINDOWS\system\actualspystart.lnk . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\410splashfree.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\414splashfree.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\createtimes.cache C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\fileurns.cache C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\filters.props C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\gnutella.net C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\installation.props C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\library.dat C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\limewire.props C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\mojito.props C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\pub1.key C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\public.key C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\questions.props C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\responses.cache C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\simpp.xml C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\spam.dat C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\tables.props C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme.lwtp C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\01_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\02_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\03_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\04_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\05_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\chat.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\dir_closed.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\dir_open.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\forward_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\forward_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\kill.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\kill_on.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\lime.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\logo.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\notsearching.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\pause_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\pause_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\play_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\play_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\question.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\rewind_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\rewind_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\searching.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\splash.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\stop_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\stop_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\theme.txt C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\warning.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme.lwtp C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\01_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\02_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\03_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\04_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\05_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\chat.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\dir_closed.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\dir_open.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\forward_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\forward_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\kill.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\logo.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\notsearching.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\pause_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\pause_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\play_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\play_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\question.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\rewind_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\search.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\searching.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\splash.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\stop_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\stop_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\theme.txt C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\warning.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme.lwtp C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\01_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\02_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\03_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\04_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\05_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\chat.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\dir_open.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\forward_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\kill.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\kill_on.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\lime.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\logo.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\notsearching.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\pause_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\play_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\play_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\question.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\searching.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\splash.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\stop_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\theme.txt C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\warning.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme.lwtp C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\01_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\02_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\03_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\04_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\05_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\chat.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\forward_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\forward_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\kill.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\kill_on.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\logo.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\notsearching.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\pause_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\pause_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\play_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\play_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\question.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\rewind_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\rewind_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\searching.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\splash.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\stop_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\stop_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\theme.txt C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\warning.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme.lwtp C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\01_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\02_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\03_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\04_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\05_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\chat.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\forward_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\forward_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\kill.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\kill_on.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\logo.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\notsearching.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\pause_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\pause_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\play_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\play_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\question.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\rewind_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\searching.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\splash.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\splashpro.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\stop_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\stop_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\theme.txt C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\version.txt C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\warning.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\ttree.cache C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\ttrees.cache C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\ttroot.cache C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\update.xml C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\version.key C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\version.xml C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\data\delete_me C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\misc\application.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\misc\audio.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\misc\document.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\misc\image.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\misc\video.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\schemas\application.xsd C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\schemas\audio.xsd C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\schemas\document.xsd C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\schemas\image.xsd C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\schemas\video.xsd C:\WINDOWS\system\actualspystart.lnk . ((((((((((((((((((((((((( Files Created from 2008-07-21 to 2008-08-21 ))))))))))))))))))))))))))))))) . 2008-08-20 19:25 . 2008-08-20 19:25 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-08-20 19:25 . 2008-08-20 19:25 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-08-20 19:21 . 2008-08-20 19:30 <DIR> d-------- C:\Documents and Settings\damageplan.BEYOND\Application Data\PC Suite 2008-08-20 19:21 . 2008-08-20 20:14 <DIR> d-------- C:\Documents and Settings\damageplan.BEYOND\Application Data\Nokia 2008-08-20 19:21 . 2008-08-20 19:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite 2008-08-20 19:20 . 2008-08-20 19:20 <DIR> d-------- C:\Program Files\DIFX 2008-08-20 19:20 . 2008-08-20 19:20 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-08-20 19:20 . 2008-08-20 19:20 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-08-20 19:19 . 2008-08-20 19:19 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-08-20 19:19 . 2008-08-20 19:20 <DIR> d-------- C:\Program Files\Nokia 2008-08-20 19:19 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-08-20 19:19 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-08-20 19:19 . 2008-05-07 07:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-08-20 19:19 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-08-20 19:19 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys 2008-08-20 19:19 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys 2008-08-20 19:19 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys 2008-08-20 19:18 . 2008-08-20 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations 2008-08-20 15:17 . 2008-08-20 18:15 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak 2008-08-19 11:16 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-08-19 11:15 . 2008-08-19 11:16 <DIR> d-------- C:\Program Files\Java 2008-08-19 11:08 . 2008-08-19 11:08 <DIR> d-------- C:\Program Files\Windows Installer Clean Up 2008-08-19 11:08 . 2008-08-19 11:08 <DIR> d-------- C:\Program Files\MSECACHE 2008-08-18 19:32 . 2008-08-18 19:32 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-17 13:26 . 2008-08-20 13:16 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-17 13:26 . 2008-08-17 13:26 <DIR> d-------- C:\Documents and Settings\damageplan.BEYOND\Application Data\Malwarebytes 2008-08-17 13:26 . 2008-08-17 13:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-17 13:26 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-17 13:26 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-16 21:20 . 2008-08-16 21:20 <DIR> d-------- C:\Program Files\Panda Security 2008-08-16 21:20 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys 2008-08-16 20:20 . 2008-08-16 20:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue 2008-08-13 17:30 . 2008-05-01 10:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-11 00:41 . 2008-08-20 20:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-11 00:41 . 2008-08-11 00:41 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-24 14:15 . 2008-07-24 14:15 <DIR> d-------- C:\Cakewalk Projects . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-21 00:44 137,472 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-19 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-08-17 23:35 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-17 00:53 --------- d-----w C:\Program Files\Virtools Web Player 3.0 2008-08-16 21:24 --------- d-----w C:\Program Files\QuickTime 2008-07-08 19:48 --------- d-----w C:\Documents and Settings\LocalService\Application Data\agi 2008-07-08 19:48 --------- d-----w C:\Documents and Settings\damageplan.BEYOND\Application Data\agi . ((((((((((((((((((((((((((((( snapshot@2008-08-19_11.41.41.01 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-20 23:20:00 10,134 ----a-r C:\WINDOWS\Installer\{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}\ARPPRODUCTICON.exe + 2008-08-20 23:20:44 15,086 ----a-r C:\WINDOWS\Installer\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\ARPPRODUCTICON.exe + 2008-08-20 23:19:42 3,262 ----a-r C:\WINDOWS\Installer\{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}\ARPPRODUCTICON.exe + 2007-03-30 03:00:40 203,264 ----a-r C:\WINDOWS\system32\CddbCdda.dll - 2007-07-30 23:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll + 2008-07-19 02:10:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll + 2008-08-21 02:06:50 262,144 ----a-w C:\WINDOWS\system32\config\Before Compact\NTUSER.DAT + 2008-08-21 02:06:50 262,144 ----a-w C:\WINDOWS\system32\config\Original\NTUSER.DAT + 2008-08-21 02:06:50 262,144 ----a-w C:\WINDOWS\system32\config\RCCBakup\NTUSER.DAT + 2008-08-21 02:06:50 262,144 ----a-w C:\WINDOWS\system32\config\SM Registry Backup\NTUSER.DAT - 2007-07-30 23:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll + 2008-07-19 02:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll + 2004-08-04 06:08:42 25,600 -c--a-w C:\WINDOWS\system32\dllcache\usbser.sys - 2007-07-30 23:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll + 2008-07-19 02:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll - 2007-07-30 23:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe + 2008-07-19 02:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe - 2007-07-30 23:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll + 2008-07-19 02:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll - 2007-07-30 23:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll + 2008-07-19 02:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll - 2007-07-30 23:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll + 2008-07-19 02:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll - 2007-07-30 23:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll + 2008-07-19 02:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll + 2008-05-20 14:37:00 525,824 ----a-w C:\WINDOWS\system32\drivers\UMDF\PCCSWpdDriver.dll + 2004-08-04 06:08:42 25,600 ----a-w C:\WINDOWS\system32\drivers\usbser.sys + 2008-05-07 11:38:36 8,064 ----a-w C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys + 2006-11-02 11:22:54 492,000 ------w C:\WINDOWS\system32\drivers\wdf01000.sys + 2006-11-02 11:22:52 32,224 ------w C:\WINDOWS\system32\drivers\wdfldr.sys - 2006-09-28 23:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys + 2006-09-16 02:29:52 76,544 ------w C:\WINDOWS\system32\drivers\WudfPf.sys - 2006-09-29 00:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys + 2006-09-16 02:30:10 82,688 ------w C:\WINDOWS\system32\drivers\WudfRd.sys + 2008-05-07 11:38:20 17,536 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\ccdcmb.sys + 2008-05-07 11:38:24 90,624 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\nmwcdcls.dll + 2008-05-07 11:38:34 659,968 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\nmwcdcocls.dll + 2008-05-07 11:39:22 1,419,232 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\wdfcoinstaller01005.dll + 2008-05-07 11:38:36 8,064 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbcj_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\usbser_lowerfltj.sys + 2008-06-06 13:24:44 8,064 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbm_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\usbser_lowerflt.sys + 2008-05-07 11:38:20 20,864 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbo_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\ccdcmbo.sys + 2007-09-17 19:53:26 21,632 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.sys + 2008-05-20 14:37:00 525,824 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccswpddri_66268C3E0C6968D7F539EAEAD801C68E0DB54FE9\PCCSWpdDriver.dll + 2008-05-20 14:32:30 831,048 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccswpddri_66268C3E0C6968D7F539EAEAD801C68E0DB54FE9\WudfUpdate_01005.dll - 2008-08-18 01:08:21 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe + 2008-08-21 00:44:19 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe + 2008-07-19 02:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll + 2008-07-19 02:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll - 2006-09-25 22:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe + 2006-10-09 01:51:14 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe - 2007-07-30 23:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll + 2008-07-19 02:09:44 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll - 2007-07-30 23:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe + 2008-07-19 02:10:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe - 2007-07-30 23:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll + 2008-07-19 02:09:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll - 2007-07-30 23:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll + 2008-07-19 02:09:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll - 2006-09-29 01:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll + 2006-09-16 03:30:16 87,040 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll - 2006-09-28 23:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe + 2006-09-16 03:30:06 142,848 ------w C:\WINDOWS\system32\WudfHost.exe - 2006-09-28 23:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll + 2006-09-16 02:29:54 163,840 ------w C:\WINDOWS\system32\WudfPlatform.dll - 2006-09-28 23:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll + 2006-09-16 03:30:16 55,296 ------w C:\WINDOWS\system32\WudfSvc.dll + 2008-05-20 14:32:30 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll - 2006-09-28 23:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll + 2006-09-16 03:30:16 308,224 ------w C:\WINDOWS\system32\WUDFx.dll - 2007-07-30 23:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll + 2008-07-19 02:10:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll - 2007-07-30 23:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll + 2008-07-19 02:10:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll - 2007-07-30 23:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll + 2008-07-19 02:09:44 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll + 2006-12-02 02:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll + 2006-12-02 02:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2006-12-02 02:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll + 2006-12-02 02:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll + 2006-12-02 04:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll + 2006-12-02 04:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll + 2006-12-02 04:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll + 2006-12-02 04:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Itfy"="C:\WINDOWS\system32\??rvices.exe" [?] "SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" [2006-12-20 18:47 557056] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 08:31 1124352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 15:16 5058560] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2003-10-06 15:16 49152] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 02:49 155648] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 02:49 155648] "nwiz"="nwiz.exe" [2003-10-06 15:16 741376 C:\WINDOWS\system32\nwiz.exe] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoInstrumentation"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^damageplan^Start Menu^Programs^Startup^Deer Hunter 2005 Registration.lnk] backup=C:\WINDOWS\pss\Deer Hunter 2005 Registration.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\anwx HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ap9h4qmo HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gah95on6 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Preview AdService HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdStatus [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ERSvc"=2 (0x2) "SAVScan"=3 (0x3) "ISSVC"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Outlook Express\\msimn.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "D:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"= "D:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "D:\\Program Files\\Wolfenstein - Enemy Territory\\ETDED.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24] R2 BCDCNDIS;Belkin Direct Connect Network Adapter;C:\WINDOWS\system32\DRIVERS\BCDCNDIS.SYS [2000-08-08 14:37] R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2003-04-30 14:24] R3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys [2007-01-29 21:22] S3 BCDCLINK;Belkin USB Direct Connect;C:\WINDOWS\system32\DRIVERS\BCDCLINK.SYS [2000-08-08 14:37] S3 L6PODLV;PODxt Live Service;C:\WINDOWS\system32\Drivers\L6PODLV.sys [2007-01-29 21:17] S3 SGUARD;SGUARD;C:\WINDOWS\system32\drivers\SGuard.sys [2005-01-21 08:17] S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 02:01] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf89c438-758d-11db-b4be-0050fcc1144c}] \Shell\AutoRun\command - F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5da4cbc-757a-11db-b4b3-0050fcc1144c}] \Shell\AutoRun\command - G:\autorun.exe . Contents of the 'Scheduled Tasks' folder 2008-08-12 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job - D:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-05-23 15:03] 2007-11-06 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - D:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-05-23 15:03] 2008-08-17 C:\WINDOWS\Tasks\Uniblue SpyEraser.job - D:\Program Files\SpyEraser\SpyEraser.exe [2007-05-23 15:33] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-20 22:20:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\rundll32.exe C:\Program Files\ESET\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe . ************************************************************************** . Completion time: 2008-08-20 22:29:15 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-21 02:29:11 ComboFix2.txt 2008-08-19 15:42:24 Pre-Run: 7,888,089,088 bytes free Post-Run: 7,912,120,320 bytes free 428 --- E O F --- 2008-08-20 22:16:07 HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:32:35 PM, on 8/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\ESET\bak\nod32kui.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [itfy] C:\WINDOWS\system32\??rvices.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O16 - DPF: {23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4} (DHCPConfiguration Class) - http://eserv.sympatico.ca/netassistant/con...adaPortalAX.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 4421 bytes