yst_dfm

Hello Ried,

Below you may find the requested logs. Please let me know if you need me to translate anything. Also note that I ran ComboFix without prior installation of the recovery console at that time.

Thank you for your time!!!

ComboFix log:
ComboFix 08-10-30.13 - User 2008-11-01 4:29:33.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1253.1.1032.18.1763 [GMT 2:00]
Running from: C:\Documents and Settings\User\Επιφάνεια εργασίας\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\acfiPqss.ini
C:\WINDOWS\system32\acfiPqss.ini2
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\winhelp.ini
D:\Autorun.inf
I:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-10-01 to 2008-11-01 )))))))))))))))))))))))))))))))
.

2008-11-01 03:58 . 2008-11-01 03:58 3,360 --a------ C:\WINDOWS\system32\tmp.reg
2008-11-01 01:05 . 2008-11-01 04:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-11-01 00:56 . 2008-11-01 00:56 <DIR> d-------- C:\Documents and Settings\User\Application Data\Uniblue
2008-11-01 00:31 . 2008-11-01 00:31 <DIR> d-------- C:\VundoFix Backups
2008-10-31 23:55 . 2008-11-01 04:07 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-31 23:55 . 2008-11-01 04:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-31 23:41 . 2008-10-31 23:41 <DIR> d-------- C:\rsit
2008-10-31 18:08 . 2008-11-01 04:07 <DIR> d-------- C:\Documents and Settings\User\Application Data\Simply Super Software
2008-10-31 18:08 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-10-31 18:08 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-10-31 18:08 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-10-31 18:08 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-10-31 15:42 . 2008-10-31 15:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-31 12:41 . 2008-10-31 12:41 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-31 12:41 . 2008-10-31 12:41 <DIR> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-10-31 12:41 . 2008-10-31 12:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-31 12:41 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-31 12:41 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-31 12:25 . 2008-11-01 04:07 <DIR> d-------- C:\Program Files\XoftSpySE
2008-10-31 02:43 . 2008-10-31 02:43 0 --a------ C:\1420136176
2008-10-31 02:42 . 2008-10-31 02:42 108,336 --a------ C:\WINDOWS\system32\mswinsck.ocx
2008-10-28 23:28 . 2008-10-28 23:28 <DIR> d-------- C:\Documents and Settings\User\Application Data\Elaborate Bytes
2008-10-27 23:34 . 2008-10-27 23:34 <DIR> d-------- C:\Program Files\uTorrent
2008-10-27 23:34 . 2008-10-31 02:49 <DIR> d-------- C:\Documents and Settings\User\Application Data\uTorrent
2008-10-26 16:53 . 2008-10-26 16:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-10-26 16:53 . 2008-10-26 16:52 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-10-26 16:50 . 2008-10-26 16:53 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-10-26 16:45 . 2008-08-25 12:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-26 16:45 . 2008-08-25 12:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-26 16:45 . 2008-08-25 12:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-26 16:45 . 2008-06-02 16:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-10-26 16:44 . 2008-11-01 02:44 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-10-26 16:44 . 2008-10-26 16:44 <DIR> d-------- C:\Documents and Settings\User\Application Data\PC Tools
2008-10-24 13:09 . 2008-10-15 18:35 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-20 11:14 . 2008-10-20 11:13 35,888 -ra------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-10-20 11:13 . 2008-10-20 11:13 <DIR> d-------- C:\WINDOWS\system32\drivers\NIS
2008-10-20 11:13 . 2008-10-20 11:13 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-10-20 11:13 . 2008-10-20 11:13 <DIR> d-------- C:\Program Files\Symantec
2008-10-20 11:13 . 2008-10-20 11:13 <DIR> d-------- C:\Program Files\NortonInstaller
2008-10-20 11:13 . 2008-10-20 11:13 124,464 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-20 11:13 . 2008-10-20 11:13 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-20 11:13 . 2008-10-20 11:13 10,635 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-20 11:13 . 2008-10-20 11:13 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-20 11:10 . 2008-10-20 11:10 <DIR> d-------- C:\Program Files\Freecorder Toolbar
2008-10-19 16:01 . 2008-10-19 16:01 <DIR> d-------- C:\Documents and Settings\User\Application Data\EDrawings
2008-10-19 15:59 . 2008-10-19 15:59 <DIR> d-------- C:\Program Files\Common Files\SolidWorks Shared
2008-10-19 15:59 . 2008-10-19 15:59 <DIR> d-------- C:\Program Files\Common Files\eDrawings2009
2008-10-19 15:59 . 2008-10-19 15:59 0 --a------ C:\WINDOWS\eDrawingOfficeAutomator.INI
2008-10-19 13:24 . 2008-10-19 13:24 <DIR> d-------- C:\WINDOWS\Freecorder Toolbar
2008-10-19 13:24 . 2008-10-19 13:24 <DIR> d-------- C:\Program Files\Freecorder
2008-10-19 13:24 . 2008-10-19 13:24 <DIR> d-------- C:\Program Files\Conduit
2008-10-15 16:08 . 2008-08-14 15:23 2,196,224 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 16:08 . 2008-08-14 15:23 2,152,448 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 16:08 . 2008-08-14 15:23 2,073,088 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 16:08 . 2008-08-14 15:23 2,031,104 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 15:01 . 2008-09-15 17:25 1,846,656 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 14:57 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-01 01:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-31 22:38 --------- d-----w C:\Program Files\BearShare
2008-10-31 15:52 --------- d-----w C:\Documents and Settings\User\Application Data\Skype
2008-10-31 14:07 --------- d-----w C:\Documents and Settings\User\Application Data\skypePM
2008-10-30 15:29 --------- d-----w C:\Documents and Settings\User\Application Data\FrostWire
2008-10-20 15:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-20 09:13 --------- d-----w C:\Program Files\Norton Internet Security
2008-10-20 09:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Norton
2008-10-20 06:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-20 06:35 --------- d-----w C:\Program Files\Sony
2008-09-29 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-29 19:09 --------- d-----w C:\Documents and Settings\User\Application Data\Symantec
2008-09-29 19:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\PCSettings
2008-09-29 17:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-09-20 12:53 --------- d-----w C:\Program Files\FrostWire
2008-09-20 12:52 --------- d-----w C:\Documents and Settings\User\Application Data\LimeWire
2008-09-15 15:25 1,846,656 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-06 19:12 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-09-06 18:00 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-09-06 12:24 --------- d-----w C:\Program Files\LimeWire
2008-09-06 01:20 --------- d-----w C:\Program Files\Java
2008-09-05 22:02 172 ----a-w C:\Documents and Settings\User\Application Data\wklnhst.dat
2008-09-05 19:45 --------- d-----w C:\Program Files\FlashGet
2008-09-02 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-09-02 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2008-08-26 08:11 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-25 00:32 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-14 13:23 2,196,224 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:23 2,073,088 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-02 16:29 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-02-10 11:06 45,796 ----a-w C:\Program Files\setuplog.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2008-10-19 13:25 1569304 --a------ C:\Program Files\Freecorder\tbFre1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "C:\Program Files\Freecorder\tbFre1.dll" [2008-10-19 1569304]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "C:\Program Files\Freecorder\tbFre1.dll" [2008-10-19 1569304]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB8959"="command" [X]
"SpybotDeletingD4760"="del" [X]
"SpybotDeletingB9188"="command" [X]
"SpybotDeletingD8271"="del" [X]
"SpybotDeletingB673"="command" [X]
"SpybotDeletingD942"="del" [X]
"SpybotDeletingB6054"="command" [X]
"SpybotDeletingD8203"="del" [X]
"SpybotDeletingB9406"="command" [X]
"SpybotDeletingD6127"="del" [X]
"SpybotDeletingB3961"="command" [X]
"SpybotDeletingD7496"="del" [X]
"SpybotDeletingB3251"="command" [X]
"SpybotDeletingD9613"="del" [X]
"SpybotDeletingB7511"="command" [X]
"SpybotDeletingD8108"="del" [X]
"SpybotDeletingB7715"="command" [X]
"SpybotDeletingD9528"="del" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-09-27 81920]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-19 184320]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-12 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-29 114688]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-09 6746112]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-29 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-29 77824]
"basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 45056]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 114688]
"VAIO Update 4"="C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-08-24 870240]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 C:\WINDOWS\RTHDCPL.EXE]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 C:\WINDOWS\system32\ico.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 17:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Προγράμματα^Εκκίνηση^Picture Motion Browser Media Check Tool.lnk]
path=C:\Documents and Settings\User\Start Menu\Προγράμματα\Εκκίνηση\Picture Motion Browser Media Check Tool.lnk
backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 18:54 623992 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-09-06 21:19 4608 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]
-ra------ 2005-05-30 14:20 278528 C:\Program Files\CONEXANT\AccessRunner ADSL USB\CnxDslTb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 18:30 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-30 12:01 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Sony\\VAIO Media 5.0\\Vc.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMEFA.SYS [2008-10-20 309296]
R3 USBSTOR;Πρόγραμμα οδήγησης μαζικής αποθήκευσης USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Πρόγραμμα οδήγησης Miniport ενιαίου κεντρικού ελεγκτή Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 BHDrvx86;Symantec Heuristics Driver;C:\WINDOWS\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [2008-10-20 254512]
S1 ccHP;Symantec Hash Provider;C:\WINDOWS\system32\drivers\NIS\1000000.07D\ccHPx86.sys [2008-10-20 362544]
S1 IDSxpx86;IDSxpx86;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081031.001\IDSxpx86.sys [2008-10-03 274808]
S1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-10-26 160792]
S2 Basics Service;Basics Service;C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe [2007-10-09 124280]
S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 7520337]
S2 Norton Internet Security;Norton Internet Security;C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\diMaster.dll [ ]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-30 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-30 618112]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNP.sys [2005-05-30 61952]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 32768]
S3 pmxscan;USB ScanModule V5.0 Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 311872]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\Launch.exe /run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{449f9ca1-434c-11dc-bda2-00166f651be2}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47ef56aa-6010-11dd-bf5c-d22a445c9a20}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com i:
\Shell\Open\command - I:\resycled\boot.com i:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a67c38a0-e51e-11db-bd39-94b187069962}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebbc4ec1-d087-11da-b82d-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com d:
\Shell\Open\command - D:\resycled\boot.com d:

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-27 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - User.job
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2008-10-31 C:\WINDOWS\Tasks\Temp.job
- C:\WINDOWS\Temp [2008-11-01 04:35]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jehef957.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 04:35:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
Completion time: 2008-11-01 4:39:08
ComboFix-quarantined-files.txt 2008-11-01 02:38:03

Pre-Run: 17 Κατάλογοι 16,342,454,272 διαθέσιμα byte


SDFix: Version 1.238
Run by User on ‘˜™ 01/11/2008 at 05:23

Microsoft Windows XP [λ΅›¦©ž 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 05:37:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\x2018\3“\3�\3\xb3\3—\3‘\3�\3\xbd\3�\3’\3 ?�\3‘\3�\3“\3\xb1\3‘\3Œ\3�\3\xb3\3\xad\3\xb1\3’\3 ?R?A?S?"=str(7):"1\0"
"\xa0\3\xb1\3Š\3\xad\3”\3�\3 ?—\3‘\3�\3\xbd\3�\3\x384\3‰\3\xb1\3\xb3\3‘\3\xac\3Œ\3Œ\3\xb1\3”\3�\3’\3 ?M?i?n?i?p?o?r?t?"=str(7):"1\0002\0003\0"
"\x2018\3�\3µ\3•\3ˆ\3µ\3\x2015\3\xb1\3’\3 ?�\3\xb1\3‘\3\xac\3\xbb\3\xbb\3\xb7\3\xbb\3\xb7\3"=str(7):"1\0"
"\xa0\3‘\3�\3“\3\xb1\3‘\3Œ\3�\3\xb3\3\xad\3\xb1\3’\3 ?\x384\3‰\3Š\3”\3�\3�\3•\3 ?1?3?9?4?"=str(7):"1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:6323484a
"s2"=dword:b9f37d6b
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:45,12,e1,44,23,3f,93,c7,0a,49,da,ba,0d,01,ee,3c,19,98,a5,0b,ad,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:cb,76,12,93,d5,63,c5,80,89,7d,be,03,57,11,93,e8,fd,db,66,9e,02,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\x2018\3“\3�\3\xb3\3—\3‘\3�\3\xbd\3�\3’\3 ?�\3‘\3�\3“\3\xb1\3‘\3Œ\3�\3\xb3\3\xad\3\xb1\3’\3 ?R?A?S?"=str(7):"1\0"
"\xa0\3\xb1\3Š\3\xad\3”\3�\3 ?—\3‘\3�\3\xbd\3�\3\x384\3‰\3\xb1\3\xb3\3‘\3\xac\3Œ\3Œ\3\xb1\3”\3�\3’\3 ?M?i?n?i?p?o?r?t?"=str(7):"1\0002\0003\0"
"\x2018\3�\3µ\3•\3ˆ\3µ\3\x2015\3\xb1\3’\3 ?�\3\xb1\3‘\3\xac\3\xbb\3\xbb\3\xb7\3\xbb\3\xb7\3"=str(7):"1\0"
"\xa0\3‘\3�\3“\3\xb1\3‘\3Œ\3�\3\xb3\3\xad\3\xb1\3’\3 ?\x384\3‰\3Š\3”\3�\3�\3•\3 ?1?3?9?4?"=str(7):"1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:45,12,e1,44,23,3f,93,c7,0a,49,da,ba,0d,01,ee,3c,19,98,a5,0b,ad,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\xa0\3‘\3�\3µ\3�\3‰\3\xbb\3µ\3\xb3\3Œ\3\xad\3\xbd\3\xb1\3 ?W?i?n?d?o?w?s?"="",,,,,,,,,,,,,""
"\x9a\3‰\3\xbd\3�\3�\3Œ\3µ\3\xbd\3\xb1\3 ?W?i?n?d?o?w?s?"=""C:\WINDOWS\Cursors\rainbow.ani,,C:\WINDOWS\Cursors\appstart.ani,C:\WINDOWS\Cursors\hourglas.ani,C:\WINDOWS\Cursors\cross.cur,,,,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,,""
"\x2020\3“\3�\3‘\3�\3 ?3?\x201d\3"=""C:\WINDOWS\Cursors\3dwarro.cur,,C:\WINDOWS\Cursors\appstar3.ani,C:\WINDOWS\Cursors\hourgla3.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dwno.cur,C:\WINDOWS\Cursors\3dwns.cur,C:\WINDOWS\Cursors\3dwwe.cur,C:\WINDOWS\Cursors\3dwnwse.cur,C:\WINDOWS\Cursors\3dwnesw.cur,C:\WINDOWS\Cursors\3dwmove.cur,""
"\xa7\3\xad\3‘\3‰\3\xb1\3 ?1?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\hand.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\hnodrop.cur,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,""
"\xa7\3\xad\3‘\3‰\3\xb1\3 ?2?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\handwait.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\handno.ani,C:\WINDOWS\Cursors\handns.ani,C:\WINDOWS\Cursors\handwe.ani,C:\WINDOWS\Cursors\handnwse.ani,C:\WINDOWS\Cursors\handnesw.ani,C:\WINDOWS\Cursors\hmove.cur,""
"\x201d\3µ\3‰\3\xbd\3œ\3“\3\xb1\3•\3‘\3�\3’\3"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\dinosaur.ani,C:\WINDOWS\Cursors\dinosau2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\banana.ani,C:\WINDOWS\Cursors\3dsns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dsnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dsmove.cur,""
"\xa0\3‘\3�\3\xb7\3\xb3\3�\3�\3Œ\3µ\3\xbd\3�\3 ?Œ\3�\3\xbd\3”\3\xad\3\xbb\3�\3"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\horse.ani,C:\WINDOWS\Cursors\barber.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\coin.ani,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,""
"\xa3\3�\3\xbd\3ˆ\3µ\3“\3\xb7\3"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\drum.ani,C:\WINDOWS\Cursors\metronom.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\piano.ani,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,""
"\x9c\3µ\3\xb3\3\xad\3ˆ\3•\3\xbd\3“\3\xb7\3"=""C:\WINDOWS\Cursors\larrow.cur,,C:\WINDOWS\Cursors\lappstrt.cur,C:\WINDOWS\Cursors\lwait.cur,C:\WINDOWS\Cursors\lcross.cur,C:\WINDOWS\Cursors\libeam.cur,,C:\WINDOWS\Cursors\lnodrop.cur,C:\WINDOWS\Cursors\lns.cur,C:\WINDOWS\Cursors\lwe.cur,C:\WINDOWS\Cursors\lnwse.cur,C:\WINDOWS\Cursors\lnesw.cur,C:\WINDOWS\Cursors\lmove.cur,""
"\xa0\3\xb1\3‘\3\xb1\3\xbb\3\xbb\3\xb1\3\xb3\3\xad\3’\3"=""C:\WINDOWS\Cursors\fillitup.ani,,C:\WINDOWS\Cursors\raindrop.ani,C:\WINDOWS\Cursors\counter.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\wagtail.ani,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,""
"\x9c\3�\3‘\3�\3�\3”\3\xb6\3‰\3\xbd\3�\3 ?3?\x201d\3"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\appstar2.ani,C:\WINDOWS\Cursors\hourgla2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dgno.cur,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,""
"\x9c\3\xb1\3�\3‘\3\xb1\3 ?W?i?n?d?o?w?s? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\x9c\3\xb1\3�\3‘\3\xb1\3 ?W?i?n?d?o?w?s? ?(?Œ\3µ\3\xb3\3\xac\3\xbb\3\xb1\3)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\x9c\3\xb1\3�\3‘\3\xb1\3 ?W?i?n?d?o?w?s? ?(?�\3�\3\xbb\3�\3 ?Œ\3µ\3\xb3\3\xac\3\xbb\3\xb1\3)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
"\x2018\3\xbd\3”\3µ\3“\3”\3‘\3\xb1\3Œ\3Œ\3\xad\3\xbd\3\xb1\3 ?W?i?n?d?o?w?s?"="C:\WINDOWS\cursors\arrow_i.cur,C:\WINDOWS\cursors\help_i.cur,C:\WINDOWS\cursors\wait_i.cur,C:\WINDOWS\cursors\busy_i.cur,C:\WINDOWS\cursors\cross_i.cur,C:\WINDOWS\cursors\beam_i.cur,C:\WINDOWS\cursors\pen_i.cur,C:\WINDOWS\cursors\no_i.cur,C:\WINDOWS\cursors\size4_i.cur,C:\WINDOWS\cursors\size3_i.cur,C:\WINDOWS\cursors\size2_i.cur,C:\WINDOWS\cursors\size1_i.cur,C:\WINDOWS\cursors\move_i.cur,C:\WINDOWS\cursors\up_i.cur"
"\x2018\3\xbd\3”\3µ\3“\3”\3‘\3\xb1\3Œ\3Œ\3\xad\3\xbd\3\xb1\3 ?W?i?n?d?o?w?s? ?(?Œ\3µ\3\xb3\3\xac\3\xbb\3\xb1\3)?"="C:\WINDOWS\cursors\arrow_im.cur,C:\WINDOWS\cursors\help_im.cur,C:\WINDOWS\cursors\wait_im.cur,C:\WINDOWS\cursors\busy_im.cur,C:\WINDOWS\cursors\cross_im.cur,C:\WINDOWS\cursors\beam_im.cur,C:\WINDOWS\cursors\pen_im.cur,C:\WINDOWS\cursors\no_im.cur,C:\WINDOWS\cursors\size4_im.cur,C:\WINDOWS\cursors\size3_im.cur,C:\WINDOWS\cursors\size2_im.cur,C:\WINDOWS\cursors\size1_im.cur,C:\WINDOWS\cursors\move_im.cur,C:\WINDOWS\cursors\up_im.cur"
"\x2018\3\xbd\3”\3µ\3“\3”\3‘\3\xb1\3Œ\3Œ\3\xad\3\xbd\3\xb1\3 ?W?i?n?d?o?w?s? ?(?�\3�\3\xbb\3�\3 ?Œ\3µ\3\xb3\3\xac\3\xbb\3\xb1\3)?"="C:\WINDOWS\cursors\arrow_il.cur,C:\WINDOWS\cursors\help_il.cur,C:\WINDOWS\cursors\wait_il.cur,C:\WINDOWS\cursors\busy_il.cur,C:\WINDOWS\cursors\cross_il.cur,C:\WINDOWS\cursors\beam_il.cur,C:\WINDOWS\cursors\pen_il.cur,C:\WINDOWS\cursors\no_il.cur,C:\WINDOWS\cursors\size4_il.cur,C:\WINDOWS\cursors\size3_il.cur,C:\WINDOWS\cursors\size2_il.cur,C:\WINDOWS\cursors\size1_il.cur,C:\WINDOWS\cursors\move_il.cur,C:\WINDOWS\cursors\up_il.cur"
"\xa4\3•\3�\3‰\3Š\3\xac\3 ?W?i?n?d?o?w?s? ?(?Œ\3µ\3\xb3\3\xac\3\xbb\3\xb1\3)?"="C:\WINDOWS\cursors\arrow_m.cur,C:\WINDOWS\cursors\help_m.cur,C:\WINDOWS\cursors\wait_m.cur,C:\WINDOWS\cursors\busy_m.cur,C:\WINDOWS\cursors\cross_m.cur,C:\WINDOWS\cursors\beam_m.cur,C:\WINDOWS\cursors\pen_m.cur,C:\WINDOWS\cursors\no_m.cur,C:\WINDOWS\cursors\size4_m.cur,C:\WINDOWS\cursors\size3_m.cur,C:\WINDOWS\cursors\size2_m.cur,C:\WINDOWS\cursors\size1_m.cur,C:\WINDOWS\cursors\move_m.cur,C:\WINDOWS\cursors\up_m.cur"
"\xa4\3•\3�\3‰\3Š\3\xac\3 ?W?i?n?d?o?w?s? ?(?�\3�\3\xbb\3�\3 ?Œ\3µ\3\xb3\3\xac\3\xbb\3\xb1\3)?"="C:\WINDOWS\cursors\arrow_l.cur,C:\WINDOWS\cursors\help_l.cur,C:\WINDOWS\cursors\wait_l.cur,C:\WINDOWS\cursors\busy_l.cur,C:\WINDOWS\cursors\cross_l.cur,C:\WINDOWS\cursors\beam_l.cur,C:\WINDOWS\cursors\pen_l.cur,C:\WINDOWS\cursors\no_l.cur,C:\WINDOWS\cursors\size4_l.cur,C:\WINDOWS\cursors\size3_l.cur,C:\WINDOWS\cursors\size2_l.cur,C:\WINDOWS\cursors\size1_l.cur,C:\WINDOWS\cursors\move_l.cur,C:\WINDOWS\cursors\up_l.cur"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\GrpConv\MapGroups]
"\xa0\3\xb1\3‰\3—\3\xbd\3\x2015\3\x384\3‰\3\xb1\3"="’Ώ·Έ®Ό±Δ±\*±ΉΗ½―΄Ή±"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:?Torrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Sony\\VAIO Media 5.0\\Vc.exe"="C:\\Program Files\\Sony\\VAIO Media 5.0\\Vc.exe:*:Disabled:[VAIO Media] VAIO Media"
"C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:FrostWire"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :



Files with Hidden Attributes :

Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Tue 31 Jul 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 22 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Mon 2 Apr 2007 27,648 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Templates\~WRL2115.tmp"
Sat 2 Feb 2008 312,320 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0127.tmp"
Wed 5 Mar 2008 647,168 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0184.tmp"
Mon 5 Nov 2007 15,360 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0236.tmp"
Wed 5 Mar 2008 627,712 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0251.tmp"
Wed 5 Mar 2008 597,504 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0252.tmp"
Mon 2 Apr 2007 313,856 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0254.tmp"
Tue 6 Nov 2007 15,872 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0272.tmp"
Wed 5 Mar 2008 594,944 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0296.tmp"
Wed 5 Mar 2008 404,480 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0315.tmp"
Sun 3 Feb 2008 356,352 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0338.tmp"
Wed 5 Mar 2008 455,168 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0344.tmp"
Wed 5 Mar 2008 595,456 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0375.tmp"
Mon 14 May 2007 18,532,352 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0383.tmp"
Wed 5 Mar 2008 593,920 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0411.tmp"
Wed 5 Mar 2008 594,432 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0420.tmp"
Wed 5 Mar 2008 595,968 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0483.tmp"
Thu 6 Mar 2008 601,088 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0485.tmp"
Mon 14 May 2007 18,532,864 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0541.tmp"
Wed 5 Mar 2008 592,384 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0564.tmp"
Sun 13 May 2007 20,248,064 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0631.tmp"
Wed 5 Mar 2008 462,848 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0651.tmp"
Wed 5 Mar 2008 598,528 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0710.tmp"
Tue 6 Nov 2007 19,456 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0750.tmp"
Wed 5 Mar 2008 464,384 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0759.tmp"
Wed 5 Mar 2008 593,920 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0772.tmp"
Wed 5 Mar 2008 595,968 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0788.tmp"
Wed 5 Mar 2008 600,064 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0793.tmp"
Wed 5 Mar 2008 593,920 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0796.tmp"
Mon 14 May 2007 18,532,864 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0828.tmp"
Wed 5 Mar 2008 593,920 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0861.tmp"
Sat 2 Feb 2008 297,472 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0875.tmp"
Wed 5 Mar 2008 633,856 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0884.tmp"
Wed 5 Mar 2008 592,896 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0926.tmp"
Wed 5 Mar 2008 594,432 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0968.tmp"
Wed 5 Mar 2008 592,896 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0988.tmp"
Wed 5 Mar 2008 473,600 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1009.tmp"
Wed 5 Mar 2008 456,192 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1060.tmp"
Wed 5 Mar 2008 599,552 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1068.tmp"
Wed 5 Mar 2008 601,088 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1074.tmp"
Wed 5 Mar 2008 593,408 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1087.tmp"
Fri 30 Mar 2007 227,840 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1109.tmp"
Mon 14 May 2007 18,529,792 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1140.tmp"
Wed 5 Mar 2008 457,216 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1148.tmp"
Wed 5 Mar 2008 592,896 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1167.tmp"
Sun 3 Feb 2008 355,328 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1202.tmp"
Wed 5 Mar 2008 596,480 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1205.tmp"
Mon 5 Nov 2007 15,360 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1230.tmp"
Tue 6 Nov 2007 26,112 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1302.tmp"
Wed 5 Mar 2008 588,800 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1347.tmp"
Wed 5 Mar 2008 601,088 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1419.tmp"
Sat 2 Feb 2008 304,640 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1433.tmp"
Wed 5 Mar 2008 596,992 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1484.tmp"
Wed 5 Mar 2008 460,800 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1679.tmp"
Sun 3 Feb 2008 356,352 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1857.tmp"
Mon 2 Apr 2007 254,464 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1892.tmp"
Wed 5 Mar 2008 591,872 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1900.tmp"
Wed 5 Mar 2008 464,384 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1921.tmp"
Wed 5 Mar 2008 596,992 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1963.tmp"
Wed 5 Mar 2008 462,848 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1995.tmp"
Wed 5 Mar 2008 594,432 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2019.tmp"
Wed 5 Mar 2008 393,216 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2032.tmp"
Wed 5 Mar 2008 596,992 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2068.tmp"
Sat 2 Feb 2008 304,128 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2108.tmp"
Sun 3 Feb 2008 350,208 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2121.tmp"
Wed 5 Mar 2008 596,992 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2124.tmp"
Mon 14 May 2007 18,530,304 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2129.tmp"
Mon 14 May 2007 18,530,304 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2229.tmp"
Sun 3 Feb 2008 354,816 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2257.tmp"
Wed 5 Mar 2008 594,944 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2313.tmp"
Sat 2 Feb 2008 296,960 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2316.tmp"
Wed 5 Mar 2008 461,312 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2317.tmp"
Sat 2 Feb 2008 301,056 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2336.tmp"
Wed 5 Mar 2008 592,896 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2392.tmp"
Mon 14 May 2007 18,531,840 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2442.tmp"
Mon 14 May 2007 18,529,792 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2476.tmp"
Mon 14 May 2007 18,529,280 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2482.tmp"
Wed 5 Mar 2008 599,552 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2591.tmp"
Wed 5 Mar 2008 593,920 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2611.tmp"
Wed 5 Mar 2008 463,360 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2637.tmp"
Wed 5 Mar 2008 595,456 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2677.tmp"
Wed 5 Mar 2008 593,408 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2689.tmp"
Sun 3 Feb 2008 349,696 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2698.tmp"
Mon 14 May 2007 18,529,792 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2706.tmp"
Sun 3 Feb 2008 347,648 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2743.tmp"
Wed 5 Mar 2008 600,576 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2759.tmp"
Sat 2 Feb 2008 296,960 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2799.tmp"
Sat 2 Feb 2008 316,928 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2817.tmp"
Sun 3 Feb 2008 7,100,928 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2859.tmp"
Tue 6 Nov 2007 28,672 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2864.tmp"
Wed 5 Mar 2008 587,776 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2999.tmp"
Wed 5 Mar 2008 596,480 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3058.tmp"
Wed 5 Mar 2008 477,184 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3078.tmp"
Wed 5 Mar 2008 595,968 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3081.tmp"
Mon 2 Apr 2007 210,432 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3183.tmp"
Fri 30 Mar 2007 227,840 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3193.tmp"
Sun 3 Feb 2008 349,696 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3220.tmp"
Wed 5 Mar 2008 599,552 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3264.tmp"
Mon 2 Apr 2007 250,368 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3292.tmp"
Wed 5 Mar 2008 457,216 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3294.tmp"
Sun 13 May 2007 20,249,088 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3323.tmp"
Thu 6 Mar 2008 629,248 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3347.tmp"
Thu 6 Mar 2008 601,088 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3360.tmp"
Sun 3 Feb 2008 355,328 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3388.tmp"
Wed 5 Mar 2008 592,384 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3446.tmp"
Wed 5 Mar 2008 601,088 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3464.tmp"
Mon 2 Apr 2007 207,360 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3474.tmp"
Sun 3 Feb 2008 354,816 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3520.tmp"
Wed 5 Mar 2008 461,824 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3562.tmp"
Wed 5 Mar 2008 588,800 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3565.tmp"
Wed 5 Mar 2008 462,848 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3580.tmp"
Wed 5 Mar 2008 465,408 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3604.tmp"
Wed 5 Mar 2008 596,480 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3619.tmp"
Sat 2 Feb 2008 300,544 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3647.tmp"
Wed 5 Mar 2008 587,776 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3652.tmp"
Tue 6 Nov 2007 24,576 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3653.tmp"
Wed 5 Mar 2008 601,088 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3675.tmp"
Sun 3 Feb 2008 7,100,928 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3693.tmp"
Wed 5 Mar 2008 596,480 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3705.tmp"
Wed 5 Mar 2008 476,672 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3717.tmp"
Wed 5 Mar 2008 594,944 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3718.tmp"
Sun 13 May 2007 20,249,088 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3746.tmp"
Wed 5 Mar 2008 593,920 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3819.tmp"
Wed 5 Mar 2008 461,824 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3874.tmp"
Wed 5 Mar 2008 594,432 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3945.tmp"
Wed 5 Mar 2008 455,680 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3960.tmp"
Tue 6 Nov 2007 19,456 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3983.tmp"
Tue 6 Nov 2007 17,408 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3992.tmp"
Sun 3 Feb 2008 361,472 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3993.tmp"
Sat 2 Feb 2008 304,640 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL4005.tmp"
Sun 3 Feb 2008 348,160 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL4062.tmp"
Wed 5 Mar 2008 593,920 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL4082.tmp"
Tue 11 Apr 2006 2,461,696 A..H. --- "C:\Documents and Settings\User\Application Data\U3\temp\Launchpad Removal.exe"

Finished!