Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis log - nervous


  • This topic is locked This topic is locked
13 replies to this topic

#1 hitpro

hitpro

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 13 October 2008 - 12:24 PM

hello all. after more than a month with my pc unable to boot[BSOD], i finally "fixed" the problem. i put my hard drive in an external case, hooked it up to my laptop and scanned it with f-secure and avira. they both found trojans(TR\Monder.men.1 and TR\Vundo.SSO are the ones i remember). I quarantined them. F-secure also found a couple of "0ll" files that I disinfected.

i put my hard drive back in the pc and to my surprise, it booted.
i did have a couple of error messages when it finished booting. they were:
-error loading c:\Windows\System32\lelsjwov.dll the specific module could not be found
-error loading c:\Windows\System32\qwkkldqx.dll the specific module could not be found

so, after all the scanning (avira, f-secure, spybot, ad-aware) and tests(memtest, western digital, and dell diagnostics), the pc seems to be back on track. only thing, i'm nervous about doing anything now for fear of a problem re-ocurring. that includes shutting the pc down.

with that said, i ran hijackthis and here is my log. i'm hoping all is clear, and if not, i can get my pc up to snuff so i can breath easier. below is the log. thanks in advance.







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:19 PM, on 10/13/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WDBtnMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\ATI Multimedia\main\LaunchPd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SlySoft\AnyDVD6459\AnyDVDtray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\cleanmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: {5577c487-22fc-340b-8c84-3935ced03962} - {26930dec-5393-48c8-b043-cf22784c7755} - C:\WINDOWS\System32\qdqrdj.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RepliGoIEHelperCtl Class - {91DE4477-9CDC-4806-9BCB-28A963988E94} - C:\Program Files\Cerience\RepliGo\RepliGoIEHelper.dll
O2 - BHO: (no name) - {97AB5B86-CF1D-4D4F-BEAA-2FBFB56C5269} - C:\WINDOWS\System32\ssqNDtTl.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BB6C9487-AAD6-47EE-A3FA-5432126062F2} - C:\WINDOWS\System32\opnnonKC.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RepliGo - {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - C:\Program Files\Cerience\RepliGo\RepliGoIEBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {11359F4A-B191-42D7-905A-594F8CF0387B} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [lphc515j0e34p] C:\WINDOWS\System32\lphc515j0e34p.exe
O4 - HKLM\..\Run: [BM7302fb30] Rundll32.exe "C:\WINDOWS\System32\lelsjwov.dll",s
O4 - HKLM\..\Run: [7031c8ac] rundll32.exe "C:\WINDOWS\System32\qwkkldqx.dll",b
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD6459\AnyDVDtray.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://cehomenet.coned.com/InternalSite/WhlCompMgr.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://encarta.msn.com/encnet/external/MSSurVid.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O20 - AppInit_DLLs: qvwgal.dll
O20 - Winlogon Notify: opnnonKC - opnnonKC.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - C:\Program Files\SlimServer\server\slim.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 9060 bytes

Edited by hitpro, 13 October 2008 - 12:58 PM.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 18 October 2008 - 05:13 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Download and Run RSIT
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both
    log.txt (<<will be maximized)
    info.txt (<<will be minimized)
The RSIT logs can also be found in the folder, C:\RSIT

Run Kaspersky Online Scanner
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

In your next reply please include the following:
  • RSIT logs
  • Kaspersky's Log


Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

Thanks :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 hitpro

hitpro
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 19 October 2008 - 07:01 PM

hi EB.

thanks for taking my case. i ran RSIT and Kaspersky. i had to install the latest Java to run Kaspersky, and it recommended windows XP sp2(have sp1). if you need any additional info, like what happened before and after infection, let me know. with that said, here are the three logs:





Logfile of random's system information tool 1.04 (written by random/random)
Run by big tiny at 2008-10-19 14:29:07
Microsoft Windows XP Home Edition Service Pack 1
System drive C: has 11 GB (9%) free of 114 GB
Total RAM: 511 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:30:01 PM, on 10/19/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WDBtnMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\ATI Multimedia\main\LaunchPd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD6459\AnyDVDtray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\big tiny\Desktop\RSIT.exe
C:\Program Files\Hijackthis\big tiny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: {5577c487-22fc-340b-8c84-3935ced03962} - {26930dec-5393-48c8-b043-cf22784c7755} - C:\WINDOWS\System32\qdqrdj.dll (file missing)
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\System32\BhoCitUS.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RepliGoIEHelperCtl Class - {91DE4477-9CDC-4806-9BCB-28A963988E94} - C:\Program Files\Cerience\RepliGo\RepliGoIEHelper.dll
O2 - BHO: (no name) - {97AB5B86-CF1D-4D4F-BEAA-2FBFB56C5269} - C:\WINDOWS\System32\ssqNDtTl.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BB6C9487-AAD6-47EE-A3FA-5432126062F2} - C:\WINDOWS\System32\opnnonKC.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RepliGo - {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - C:\Program Files\Cerience\RepliGo\RepliGoIEBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {11359F4A-B191-42D7-905A-594F8CF0387B} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [lphc515j0e34p] C:\WINDOWS\System32\lphc515j0e34p.exe
O4 - HKLM\..\Run: [BM7302fb30] Rundll32.exe "C:\WINDOWS\System32\lelsjwov.dll",s
O4 - HKLM\..\Run: [7031c8ac] rundll32.exe "C:\WINDOWS\System32\qwkkldqx.dll",b
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD6459\AnyDVDtray.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://cehomenet.coned.com/InternalSite/WhlCompMgr.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://encarta.msn.com/encnet/external/MSSurVid.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O20 - AppInit_DLLs: qvwgal.dll
O20 - Winlogon Notify: opnnonKC - opnnonKC.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - C:\Program Files\SlimServer\server\slim.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 9118 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\WebReg Photosmart C7200 series.job
C:\WINDOWS\tasks\{2A6C105A-89D3-4216-92BC-5BBEE3B264A3}_NEWPC_big tiny.job
C:\WINDOWS\tasks\{44C9490B-BA5C-434A-8717-6417FD8432FA}_NEWPC_big tiny.job
C:\WINDOWS\tasks\{7598EA0B-F73D-4A1C-9645-84FDD06200E1}_NEWPC_big tiny.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26930dec-5393-48c8-b043-cf22784c7755}]
C:\WINDOWS\System32\qdqrdj.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{387EDF53-1CF2-4523-BC2F-13462651BE8C}]
CitiUSBrowserHelper Class - C:\WINDOWS\System32\BhoCitUS.dll [2004-08-05 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91DE4477-9CDC-4806-9BCB-28A963988E94}]
RepliGoIEHelperCtl Class - C:\Program Files\Cerience\RepliGo\RepliGoIEHelper.dll [2004-03-19 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97AB5B86-CF1D-4D4F-BEAA-2FBFB56C5269}]
C:\WINDOWS\System32\ssqNDtTl.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-12-28 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB6C9487-AAD6-47EE-A3FA-5432126062F2}]
C:\WINDOWS\System32\opnnonKC.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2003-09-17 844048]
{81F4066B-F330-4872-8094-3E9FBCCEC8C1} - &RepliGo - C:\Program Files\Cerience\RepliGo\RepliGoIEBar.dll [2004-03-19 176128]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-04 343112]
{11359F4A-B191-42D7-905A-594F8CF0387B}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-12-28 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WD Button Manager"=C:\WINDOWS\system32\WDBtnMgr.exe [2004-10-11 143360]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [2008-04-19 579584]
"SetIcon"=\Program Files\WDC\SetIcon.exe [2004-04-28 42496]
"QuickTime Task"=C:\Program Files\QuickTime\QuickTime\qttask.exe [2007-06-29 286720]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-03-13 919016]
"lphc515j0e34p"=C:\WINDOWS\System32\lphc515j0e34p.exe []
"BM7302fb30"=C:\WINDOWS\System32\lelsjwov.dll []
"7031c8ac"=C:\WINDOWS\System32\qwkkldqx.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2003-04-22 413775]
"ATI Launchpad"=C:\Program Files\ATI Multimedia\main\LaunchPd.exe [2003-01-20 106574]
"ctfmon.exe"=C:\WINDOWS\System32\ctfmon.exe [2002-08-29 13312]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-11-15 1670144]
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD6459\AnyDVDtray.exe [2008-08-01 2161600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
C:\Program Files\ATI Multimedia\main\LaunchPd.exe [2003-01-20 106574]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Scheduler]
C:\Program Files\ATI Multimedia\main\ATISched.EXE [2003-01-20 36942]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-01-21 315392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CitiVAN]
C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe [2004-08-12 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [2002-04-03 135264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
C:\Program Files\dvd43\dvd43_tray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-11-15 1670144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2003-02-20 2185800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2004-09-21 204845]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RepliGo Assistant]
C:\Program Files\Cerience\RepliGo\RepliGoMon.exe [2004-03-19 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2007-12-28 171448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-09-21 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_7 -reboot 1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe [2004-11-12 106557]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\program files\mcafee.com\vso\mcvsshld.exe /disabled []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
C:\PROGRA~1\AOLCOM~1\COMPAN~1.EXE /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SlimServer Tray Tool.lnk]
C:\PROGRA~1\SLIMSE~1\SlimTray.exe [2006-09-20 1183813]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^big tiny^Start Menu^Programs^Startup^ListProAlarms.lnk.disabled]
C:\Documents and Settings\big tiny\Start Menu\Programs\Startup\ListProAlarms.lnk.disabled []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^big tiny^Start Menu^Programs^Startup^RAR Password Cracker.lnk]
C:\PROGRA~1\RARPAS~1\rpc.exe /c C:\DOCUME~1\BIGTIN~1\Desktop\TEMPPP~1\NOOOOO~1.RPC []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="qvwgal.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnnonKC]
opnnonKC.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BB6C9487-AAD6-47EE-A3FA-5432126062F2}"=C:\WINDOWS\System32\opnnonKC.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\\WINDOWS\\System32\\ssqNDtTl

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2008-10-19 14:29:07 ----D---- C:\rsit
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP51c9.tmp
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP50bf.tmp
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP50a0.tmp
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP4cf7.tmp
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP4c99.tmp
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP4b9f.tmp
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP26b2.tmp
2008-09-09 21:14:32 ----A---- C:\WINDOWS\DUMP51aa.tmp
2008-09-09 21:14:32 ----A---- C:\WINDOWS\DUMP50cf.tmp
2008-09-07 17:32:06 ----A---- C:\WINDOWS\DUMP4854.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP45a4.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP4248.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP2942.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP2932.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP2693.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP2673.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP24cd.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP2450.tmp
2008-08-30 07:44:14 ----A---- C:\WINDOWS\cookies.ini
2008-08-30 07:35:47 ----SH---- C:\WINDOWS\System32\xqdlkkwq.ini
2008-08-25 22:42:31 ----A---- C:\WINDOWS\pskt.ini
2008-08-25 22:42:31 ----A---- C:\WINDOWS\BM7302fb30.txt
2008-08-24 17:02:33 ----A---- C:\WINDOWS\System32\7b120cd2-.txt
2008-08-24 17:01:48 ----ASH---- C:\WINDOWS\System32\lTtDNqss.ini2
2008-08-24 17:01:47 ----ASH---- C:\WINDOWS\System32\lTtDNqss.ini
2008-08-11 21:30:20 ----D---- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-08-11 21:08:31 ----D---- C:\Documents and Settings\big tiny\Application Data\Vso
2008-08-10 18:27:38 ----D---- C:\Program Files\DVDFab 5075

======List of files/folders modified in the last 3 months======

2008-10-19 14:29:28 ----D---- C:\WINDOWS\Prefetch
2008-10-19 14:29:20 ----D---- C:\Program Files\Hijackthis
2008-10-19 13:35:11 ----D---- C:\WINDOWS\Internet Logs
2008-10-19 11:31:06 ----D---- C:\WINDOWS\Temp
2008-10-14 13:57:38 ----D---- C:\WINDOWS
2008-10-14 09:26:47 ----D---- C:\Temp
2008-10-13 09:52:46 ----D---- C:\WINDOWS\Minidump
2008-10-12 17:58:56 ----D---- C:\WINDOWS\SYSTEM32
2008-10-12 13:54:12 ----RHD---- C:\$VAULT$.AVG
2008-10-02 05:09:38 ----SHD---- C:\RECYCLER
2008-10-02 05:06:48 ----SHD---- C:\System Volume Information
2008-09-23 22:43:46 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-06 14:30:23 ----A---- C:\WINDOWS\DUMP4853.tmp
2008-09-06 14:27:48 ----A---- C:\WINDOWS\DUMP2422.tmp
2008-09-06 13:01:22 ----A---- C:\WINDOWS\DUMP29de.tmp
2008-09-06 12:55:27 ----A---- C:\WINDOWS\DUMP492e.tmp
2008-09-06 12:52:40 ----A---- C:\WINDOWS\DUMP467e.tmp
2008-09-06 12:45:33 ----A---- C:\WINDOWS\DUMP2579.tmp
2008-09-06 10:34:58 ----A---- C:\WINDOWS\DUMP2376.tmp
2008-09-05 04:23:11 ----A---- C:\WINDOWS\DUMP2829.tmp
2008-09-05 04:20:00 ----A---- C:\WINDOWS\DUMP4c3b.tmp
2008-09-04 23:32:30 ----A---- C:\WINDOWS\DUMP4352.tmp
2008-09-04 22:34:55 ----A---- C:\WINDOWS\DUMP43bf.tmp
2008-09-04 22:28:52 ----A---- C:\WINDOWS\DUMP2981.tmp
2008-09-04 22:23:06 ----A---- C:\WINDOWS\DUMP2971.tmp
2008-09-03 22:41:57 ----A---- C:\WINDOWS\DUMP43a0.tmp
2008-09-02 22:37:07 ----A---- C:\WINDOWS\DUMP25f6.tmp
2008-09-02 22:29:26 ----A---- C:\WINDOWS\DUMP250c.tmp
2008-09-02 22:27:03 ----A---- C:\WINDOWS\DUMP4a38.tmp
2008-09-02 21:12:23 ----A---- C:\WINDOWS\DUMP46fb.tmp
2008-09-01 13:36:05 ----A---- C:\WINDOWS\DUMP248f.tmp
2008-08-31 07:36:26 ----A---- C:\WINDOWS\DUMP2654.tmp
2008-08-31 07:33:11 ----A---- C:\WINDOWS\DUMP271f.tmp
2008-08-31 07:23:33 ----A---- C:\WINDOWS\DUMP46bd.tmp
2008-08-30 14:40:56 ----A---- C:\WINDOWS\DUMP2441.tmp
2008-08-30 13:01:31 ----A---- C:\WINDOWS\DUMP4ad4.tmp
2008-08-30 12:58:29 ----A---- C:\WINDOWS\DUMP4390.tmp
2008-08-30 11:59:35 ----A---- C:\WINDOWS\DUMP2952.tmp
2008-08-30 11:42:11 ----A---- C:\WINDOWS\DUMP5b10.tmp
2008-08-30 11:41:54 ----D---- C:\WINDOWS\System32\DRIVERS
2008-08-30 11:41:53 ----RSHD---- C:\WINDOWS\System32\DLLCACHE
2008-08-30 11:41:53 ----HD---- C:\WINDOWS\INF
2008-08-30 11:38:46 ----A---- C:\WINDOWS\DUMP2ccc.tmp
2008-08-30 11:37:08 ----A---- C:\WINDOWS\DUMP4834.tmp
2008-08-30 11:31:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-08-26 21:25:10 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
2008-08-26 04:13:40 ----A---- C:\WINDOWS\NeroDigital.ini
2008-08-25 23:33:49 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-25 23:33:07 ----D---- C:\Documents and Settings\big tiny\Application Data\RipIt4Me
2008-08-25 23:10:41 ----D---- C:\WINDOWS\System32\Restore
2008-08-18 04:55:45 ----D---- C:\Documents and Settings\All Users\Application Data\Retrospect
2008-08-11 23:27:20 ----RD---- C:\Program Files
2008-08-11 22:17:32 ----D---- C:\Program Files\SlySoft
2008-08-06 23:18:35 ----D---- C:\WINDOWS\Registration
2008-08-05 14:11:01 ----A---- C:\WINDOWS\System32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Asapi;Asapi; C:\WINDOWS\System32\drivers\Asapi.sys [2000-01-08 10240]
R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-11-04 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-02-26 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-02-27 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-22 10760]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\System32\drivers\Cdr4_xp.sys [2007-03-07 9336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\System32\drivers\Cdralw2k.sys [2007-03-07 9464]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\System32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-07-19 17153]
R1 pwd_2k;pwd_2k; C:\WINDOWS\System32\drivers\pwd_2k.sys [2003-04-23 143834]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [2006-08-16 205120]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\System32\drivers\UdfReadr_xp.sys [2003-04-23 206464]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-03-13 394952]
R2 ATITUNEP;ATI WDM TV Tuner; C:\WINDOWS\System32\DRIVERS\atintuxx.sys [2003-01-21 37888]
R2 ATIXSAudio;ATI WDM TV Audio Crossbar; C:\WINDOWS\System32\DRIVERS\atinxsxx.sys [2003-01-21 61440]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2007-02-26 4960]
R2 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [2003-01-21 13824]
R2 PCDCODEC;ATI WDM Specialized PCD Codec; C:\WINDOWS\System32\DRIVERS\atinpdxx.sys [2003-01-21 13312]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R2 psi_kbd_filter_2k;psi_kbd_filter_2k; \??\C:\WINDOWS\System32\psikbdfiltdrv.sys []
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-08-01 99648]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2002-08-29 57344]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-01-21 546560]
R3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [2003-01-21 102400]
R3 ativraxx;ATI WDM Rage Theater Audio; C:\WINDOWS\System32\DRIVERS\atinraxx.sys [2003-01-21 50176]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2002-08-29 68864]
R3 dvd_2K;dvd_2K; C:\WINDOWS\System32\drivers\dvd_2K.sys [2003-04-23 25898]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-01-20 140288]
R3 MxlW2k;MxlW2k; C:\WINDOWS\System32\drivers\MxlW2k.sys [2003-04-23 28164]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2002-08-29 57984]
R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2002-08-30 1293440]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-11-11 9856]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\System32\DRIVERS\tunmp.sys [2006-08-16 11776]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-08-29 19328]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2002-08-29 37504]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2002-08-29 68864]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\System32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2002-12-04 16384]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2001-08-17 138240]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2001-08-17 12672]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2001-08-17 12288]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2001-08-17 12032]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2001-08-17 12160]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2001-08-17 18688]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2001-08-17 29440]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2001-08-17 19456]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys [2001-08-17 44928]
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2001-08-17 31104]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2001-08-17 23680]
S3 mmc_2K;mmc_2K; C:\WINDOWS\System32\drivers\mmc_2K.sys [2003-04-23 30630]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2002-12-04 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2002-12-07 10112]
S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\System32\drivers\NMSCFG.SYS []
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-08-29 891711]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2002-12-04 10880]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2002-12-04 14976]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 UKS11LDR;M-Audio USB Keystation Loader; C:\WINDOWS\system32\drivers\uks11ldr.sys [2004-09-24 13504]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160]
S3 USBKT1X1;M-Audio USB Keystation; C:\WINDOWS\system32\drivers\usbkt1x1.sys [2004-09-24 22304]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 usbser;USB Modem Driver; C:\WINDOWS\System32\DRIVERS\usbser.sys [2001-08-17 24192]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [2003-02-22 31273]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2002-12-04 18688]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2001-08-17 29056]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2001-08-17 27648]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2001-08-17 27648]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2001-08-17 26112]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2001-08-17 27392]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\System32\svchost.exe [2002-08-29 12800]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-01-21 147456]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [2007-11-04 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [2007-02-26 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [2007-12-22 406528]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2002-08-29 12800]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2002-08-29 12800]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2002-08-29 12800]
R2 RetroLauncher;Retrospect Launcher; C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe [2003-11-12 49152]
R2 RetroWDSvc;Retrospect WD Service; C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe [2003-12-12 46592]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-10-11 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe [2008-03-13 75304]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2002-08-29 12800]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-28 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NMSSvc;Intel® NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-10-10 1118208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 slimsvc;SlimServer; C:\Program Files\SlimServer\server\slim.exe [2006-09-20 6352963]

-----------------EOF-----------------





info.txt logfile of random's system information tool 1.04 2008-10-19 14:30:08

======Uninstall list======

-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /R
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55BC7EFA-D832-4EE3-9DEA-49B0C07539D9}\setup.exe" -l0x9 -L0x9anything
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCDC8E79-4600-4C02-9824-CD3BB8971D4E}\Setup.exe" -l0x9 -L0x9anything
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AnswerWorks Runtime-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD6459\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD6459"
Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
ASAPI Update-->C:\PROGRA~1\VOB\ASAPIU~1\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI DVD Decoder 2.1.16.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{349BB121-EDE7-4E86-9698-182FC14B84B6} /l1033
ATI Multimedia Center 8.1.16.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{77792D6B-6505-4B64-842D-58864D2FA797} /l1033
AutoCAD Express Tools - Mechanical Desktop 6-->"C:\WINDOWS\etUnInst.exe" "-fC:\Program Files\Autodesk\MDT6\DeIsL1.isu" "C:\Program Files\Autodesk\MDT6\Express\acetmain.ini"
AutoCAD Mechanical 6 Migration Assistance-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Autodesk\MDT6\acadm\migration\DeIsL1.isu"
AVG Free Edition-->C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
AVIcodec (remove only)-->"C:\Program Files\AVIcodec\uninst.exe"
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
BitPim 0.9.05-->"C:\Program Files\BitPim\unins000.exe"
Brother P-touch Quick Editor 2.0-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{AD50DAD0-7669-4AAE-99E6-914B0A9D1188}
Citi Virtual Account Numbers-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\CitiVAN.INF, DefaultUninstall.ntx86
DAO-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{438D221C-5B5B-4E4B-B7BD-A86512E5B6C1}
DAO-->MsiExec.exe /I{64116298-93C5-401D-B06C-39D8E3338508}
DAVA for Windows CE-->C:\Program Files\Microsoft ActiveSync\DAVA for Windows CE\Uninstall.exe DAVA for Windows CE
DAVA2003 for POCKETPC 2003-->C:\Program Files\Microsoft ActiveSync\DAVA2003 for POCKETPC 2003\Uninstall.exe DAVA2003 for POCKETPC 2003
dBpowerAMP Mp4 & AAC Decode Codec-->"C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Mp4 & AAC Decode Codec.dat
dBpowerAMP Music Converter-->"C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
dBpowerAMP WMA V9.1 Codec-->"C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat
Dell Picture Studio - Dell Image Expert-->MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support 5.0.0 (766)-->rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
Developer One Agenda Fusion-->C:\PROGRA~1\DEVELO~1\AGENDA~1\UNWISE.EXE C:\PROGRA~1\DEVELO~1\AGENDA~1\INSTALL.LOG
DigiSoft Multimedia Server-->"C:\Program Files\DigiSoft\Multimedia Server\unins000.exe"
DirectX 9 Hotfix - KB839643-->C:\WINDOWS\$NtUninstallKB839643-DirectX9$\spuninst\spuninst.exe
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.7.5-->"C:\Program Files\DVDFab 5075\unins000.exe"
DVDFab Decrypter 3.0.4.0-->"C:\Program Files\DVDFab Decrypter 3\unins000.exe"
DVDFab HD Decrypter 4.0.1.2-->"C:\Program Files\DVDFab HD Decrypter 4\unins000.exe"
dvdSanta 4.00-->"C:\Program Files\dvdSanta\unins000.exe"
DVDSentry-->MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
Earthlink Installer - uninstall 'Earthlink 5.0' entry first if present-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9D98F245-3010-43C6-B3B0-67A464DA298E}
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
EphPod-->C:\PROGRA~1\EphPod\UNWISE.EXE C:\PROGRA~1\EphPod\INSTALL.LOG
eWallet 4.1 Professional Edition (Pocket PC)-->"C:\Program Files\Ilium Software\eWallet\unins000.exe"
FLV Player 1.3.3-->"C:\Program Files\YouTube bleep\FLVPlayer\uninstall.exe"
getPlus®_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
GIGARANGE USB Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{49F2D083-E646-47E2-9EA4-C7F8FDA8CECD}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GUIDE PLUS+™ for Windows® System - ATI-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99D34763-7E45-4FE5-8424-28DBC3A5F0BF}\setup.exe"
Hijackthis 1.99.1-->"C:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Hijackthis\HijackThis.exe" /uninstall
Hotfix for MDAC 2.80 (KB911562)-->"C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\spuninst\spuninst.exe"
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{D64BC2CF-0F12-47d7-B412-B4F3FD684253}\setup\hpzscr01.exe -datfile hposcr21.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Intel® PRO Ethernet Adapter and Software-->Prounstl.exe
Intel® PROSet II-->MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}
iPod for Windows User Guide 2.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4ABE9A24-9914-46EB-8253-7963A78595DF} /l1033
iPod Software Updater-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3C4B3DB2-69BB-402E-9B6E-61B4F519E9D0} /l1033
IsoBuster 1.8-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
Live 3.0.2-->C:\PROGRA~1\Ableton\LIVE30~1.2\Install\UNWISE.EXE C:\PROGRA~1\Ableton\LIVE30~1.2\Install\INSTALL.LOG
Mastersoft Mobile Solutions MastersoftMoneyARM-->"C:\WINDOWS\epsuninst.exe" "C:\Program Files\MastersoftMoneyARM\uninst.dat"
Mastersoft Mobile Solutions MSMSMoneyV5-->"C:\WINDOWS\epsuninst.exe" "C:\Program Files\MSMSMoneyV5\uninst.dat"
Mechanical Desktop 6 Migration Assistance-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Autodesk\MDT6\migration\DeIsL1.isu"
Mechanical Desktop 6-->MsiExec.exe /I{5783F2D7-0103-0409-0000-0060B0CE6BBA}
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft ActiveSync 3.7-->"C:\WINDOWS\ISUNINST.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSN Messenger 5.0-->MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314B00544}
MUSICMATCH Jukebox-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
MyDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\setup.exe" -l0x9 -L0x9 /SMAINT
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
OpenSource Flash Video Splitter (remove only)-->"C:\Program Files\YouTube bleep\OpenSource Flash Video Splitter\uninstall.exe"
Paint Shop Pro 7-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
PictPocket Movie Converter 1.0-->"C:\Program Files\DigiSoft\PictPocket Movie Converter\unins000.exe"
Pocket Earth ARM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7130830-88BA-4760-B437-AADC8E995699}\Setup.exe"
Pocket Informant Pro 5.6-->C:\Program Files\Pocket Informant\uninst.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PureVoice-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57BBB1AD-A239-4B05-86F5-3D138A0CFEE8}\Setup.exe" -l0x9
QuickTime Alternative 1.47-->"C:\Documents and Settings\big tiny\My Documents\dvdstuph\WinAVI\QuickTime Alternative\unins000.exe"
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Reason-->MsiExec.exe /X{AB9FC2F9-7FC7-11D7-9D82-00065BABCB42}
RepliGo Desktop (remove only)-->"C:\Program Files\Cerience\RepliGo\uninst.exe"
RepliGo Viewer (remove only)-->"C:\Program Files\Cerience\RepliGo Viewer\uninst.exe"
Retrospect 6.5-->MsiExec.exe /I{73B69C5C-87D6-471E-B695-0BD736C4B644}
Roxio VideoWave Movie Creator-->MsiExec.exe /I{BB46245B-CECA-406F-8790-3ABA0D01012F}
SAM xp-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Course Technology\SAM xp\Uninst.isu"
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896426)-->"C:\WINDOWS\$NtUninstallKB896426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905495)-->"C:\WINDOWS\$NtUninstallKB905495$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
SlimServer 6.5.0-->"C:\Program Files\SlimServer\unins000.exe"
Sound Blaster Live!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}\setup.exe" -l0x9
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steinberg WaveLab v4.00c-->C:\PROGRA~1\MUSICP~1\STEINB~1\Wavelab\UNWISE.EXE C:\PROGRA~1\MUSICP~1\STEINB~1\Wavelab\INSTALL.LOG
Symantec Network Driver Update-->MsiExec.exe /X{6AF90EF6-F7F9-466C-99F4-1774826FBB40}
TMPGEnc DVD Author 1.6-->C:\DOCUMENTS AND SETTINGS\BIG TINY\MY DOCUMENTS\DVDSTUPH\TMPGENC\TMPGENC.DVD.AUTHOR 1.6 + SOUND.PLUG-IN.AC-3\Uninstal.exe
TMPGEnc Plus 2.5-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2A1E27FF-BE53-45B4-950F-060236E98E3D}
Ultra AutoCAD Tool-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Autodesk\MDT6\ST6UNST.LOG"
Update for Windows XP (KB835409)-->"C:\WINDOWS\$NtUninstallKB835409$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
USB Keyboard Device 1.0.1.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\M-Audio USB Keyboard Device\irunin.ini"
VideoLAN VLC media player 0.8.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WD Media Center Driver-->MsiExec.exe /X{3F70FB44-FD00-4ED2-9154-661AA9DB0B28}
Whale Communications' Client Components v3.1.3-->rundll32.exe C:\WINDOWS\DOWNLO~1\WhlMgr.dll,UnInstall 3.1.0 63 0 1 3.1.3
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
WinAVIVideoConverter-->"C:\Program Files\WinAVIVideoConverter\unins000.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 9 Hotfix [See KB885492 for more information]-->C:\WINDOWS\$NtUninstallKB885492$\spuninst\spuninst.exe
Windows Media Player Hotfix [See wm828026 for more information]-->C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe
Windows XP Hotfix - KB810217-->C:\WINDOWS\$NtUninstallKB810217$\spuninst\spuninst.exe
Windows XP Hotfix - KB821557-->C:\WINDOWS\$NtUninstallKB821557$\spuninst\spuninst.exe
Windows XP Hotfix - KB822603-->C:\WINDOWS\$NtUninstallKB822603$\spuninst\spuninst.exe
Windows XP Hotfix - KB823182-->C:\WINDOWS\$NtUninstallKB823182$\spuninst\spuninst.exe
Windows XP Hotfix - KB823559-->C:\WINDOWS\$NtUninstallKB823559$\spuninst\spuninst.exe
Windows XP Hotfix - KB823980-->C:\WINDOWS\$NtUninstallKB823980$\spuninst\spuninst.exe
Windows XP Hotfix - KB824105-->C:\WINDOWS\$NtUninstallKB824105$\spuninst\spuninst.exe
Windows XP Hotfix - KB824141-->C:\WINDOWS\$NtUninstallKB824141$\spuninst\spuninst.exe
Windows XP Hotfix - KB824146-->C:\WINDOWS\$NtUninstallKB824146$\spuninst\spuninst.exe
Windows XP Hotfix - KB825119-->C:\WINDOWS\$NtUninstallKB825119$\spuninst\spuninst.exe
Windows XP Hotfix - KB828028-->C:\WINDOWS\$NtUninstallKB828028$\spuninst\spuninst.exe
Windows XP Hotfix - KB828035-->C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe
Windows XP Hotfix - KB828741-->C:\WINDOWS\$NtUninstallKB828741$\spuninst\spuninst.exe
Windows XP Hotfix - KB833407-->C:\WINDOWS\$NtUninstallKB833407$\spuninst\spuninst.exe
Windows XP Hotfix - KB833987-->C:\WINDOWS\$NtUninstallKB833987$\spuninst\spuninst.exe
Windows XP Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707-IE6SP1-20040929.091901$\spuninst\spuninst.exe
Windows XP Hotfix - KB835732-->C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe
Windows XP Hotfix - KB837001-->C:\WINDOWS\$NtUninstallKB837001$\spuninst\spuninst.exe
Windows XP Hotfix - KB839645-->C:\WINDOWS\$NtUninstallKB839645$\spuninst\spuninst.exe
Windows XP Hotfix - KB840315-->C:\WINDOWS\$NtUninstallKB840315$\spuninst\spuninst.exe
Windows XP Hotfix - KB840374-->C:\WINDOWS\$NtUninstallKB840374$\spuninst\spuninst.exe
Windows XP Hotfix - KB840987-->C:\WINDOWS\$NtUninstallKB840987$\spuninst\spuninst.exe
Windows XP Hotfix - KB841356-->C:\WINDOWS\$NtUninstallKB841356$\spuninst\spuninst.exe
Windows XP Hotfix - KB841533-->C:\WINDOWS\$NtUninstallKB841533$\spuninst\spuninst.exe
Windows XP Hotfix - KB841873-->C:\WINDOWS\$NtUninstallKB841873$\spuninst\spuninst.exe
Windows XP Hotfix - KB842773-->C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282-IE6SP1-20050127.163319$\spuninst\spuninst.exe
Windows XP Hotfix - KB871250-->C:\WINDOWS\$NtUninstallKB871250$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB873376-->C:\WINDOWS\$NtUninstallKB873376$\spuninst\spuninst.exe
Windows XP Hotfix - KB883939-->"C:\WINDOWS\$NtUninstallKB883939-IE6SP1-20050428.125228$\spuninst\spuninst.exe"
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB889293-->C:\WINDOWS\$NtUninstallKB889293-IE6SP1-20041111.235619$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923-IE6SP1-20050225.103456$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891711-->C:\WINDOWS\$NtUninstallKB891711$\spuninst\spuninst.exe
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Hotfix - KB896688-->"C:\WINDOWS\$NtUninstallKB896688-IE6SP1-20051004.130236$\spuninst\spuninst.exe"
Windows XP Hotfix - KB896727-->"C:\WINDOWS\$NtUninstallKB896727-IE6SP1-20050719.165959$\spuninst\spuninst.exe"
Windows XP Hotfix - KB897715-->"C:\WINDOWS\$NtUninstallKB897715-OE6SP1-20050503.210336$\spuninst\spuninst.exe"
Windows XP Hotfix - KB905915-->"C:\WINDOWS\$NtUninstallKB905915-IE6SP1-20051122.175908$\spuninst\spuninst.exe"
Windows XP Hotfix - KB911567-->"C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\spuninst\spuninst.exe"
Windows XP Hotfix - KB912812-->"C:\WINDOWS\$NtUninstallKB912812-IE6SP1-20060322.182418$\spuninst\spuninst.exe"
Windows XP Hotfix - KB916281-->"C:\WINDOWS\$NtUninstallKB916281-IE6SP1-20060526.162249$\spuninst\spuninst.exe"
Windows XP Hotfix - KB918439-->"C:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$\spuninst\spuninst.exe"
Windows XP Hotfix - KB918899-->"C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\spuninst\spuninst.exe"
Windows XP Hotfix - KB925486-->"C:\WINDOWS\$NtUninstallKB925486-IE6SP1-20060918.120000$\spuninst\spuninst.exe"
Windows XP Hotfix (SP2) [See Q329834 for more information]-->C:\WINDOWS\$NtUninstallQ329834$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q328310-->C:\WINDOWS\$NtUninstallQ328310$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q329170-->C:\WINDOWS\$NtUninstallQ329170$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q329441-->C:\WINDOWS\$NtUninstallQ329441$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q331953-->C:\WINDOWS\$NtUninstallQ331953$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q810565-->C:\WINDOWS\$NtUninstallQ810565$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q810577-->C:\WINDOWS\$NtUninstallQ810577$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q810833-->C:\WINDOWS\$NtUninstallQ810833$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q811493-->C:\WINDOWS\$NtUninstallQ811493$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q814033-->C:\WINDOWS\$NtUninstallQ814033$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q815021-->C:\WINDOWS\$NtUninstallQ815021$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q817287-->C:\WINDOWS\$NtUninstallQ817287$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q817606-->C:\WINDOWS\$NtUninstallQ817606$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 2002-->C:\WINDOWS\Corel\uninst32.exe
WordPerfect Office 2002-->C:\WINDOWS\Corel\Uninst32.exe
Yahoo! Anti-Spy-->C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

=====HijackThis Backups=====

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...74/mcinsctl.cab
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vil.mcafee.com/mast/viruses_by_cont...amp;period_id=1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...350/mcfscan.cab
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://cehomenet.coned.com/InternalSite/WhlCompMgr.cab

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Sonic\MyDVD;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\QuickTime\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QuickTime\QTSystem\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------







--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, October 19, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 1 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, October 19, 2008 18:00:55
Records in database: 1323572
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\

Scan statistics:
Files scanned: 174788
Threat name: 5
Infected objects: 7
Suspicious objects: 0
Duration of the scan: 04:08:39


File name / Threat name / Threats count
C:\Documents and Settings\big tiny\Local Settings\Temporary Internet Files\Content.IE5\2DY1GPOR\KB767887[1].0 Infected: Trojan.Win32.Monder.men 1
C:\Documents and Settings\big tiny\My Documents\dvdstuph\pgcedit\bin\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k 1
C:\Documents and Settings\big tiny\My Documents\dvdstuph\pgcedit_winexe.zip Infected: not-a-virus:RiskTool.Win32.PsKill.k 1
C:\System Volume Information\_restore{953C5C1F-9D46-4882-AC3F-FF632E03E7AF}\RP743\A0023239.0BS Infected: Backdoor.Win32.Frauder.eo 1
C:\System Volume Information\_restore{953C5C1F-9D46-4882-AC3F-FF632E03E7AF}\RP751\A0023356.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cza 1
C:\System Volume Information\_restore{953C5C1F-9D46-4882-AC3F-FF632E03E7AF}\RP752\A0023370.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cza 1
C:\WINDOWS\NDNuninstall5_48.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1

The selected area was scanned.

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 19 October 2008 - 08:12 PM

Hi hitpro.

Just to let you know, as I am still in training my posts need to be checked by a coach.
Therefore, there may be a delay in response.I will get back to you by tomorrow.

Thanks for understanding :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 20 October 2008 - 06:59 AM

Hi hitpro and welcome to BC :thumbsup:

You have a heavily infected. Lets get to work righ away.

Before we sart theres something I need your attention which is Crack related sites and programs.

Posted ImageCracks and Key Generators Warning

I see that you have used cracks or key generators.

Some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, these sites are infested with a sm?rg?sbord of malware. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling Windows.

Merely visiting such sites without downloading ANYTHING is one of the worst things a user can do online. The crack program I see is RAR Password Cracker, perhaps you uninstalled it and there is some leftovers as I don't see it in the uninstall list. Please be warned though.

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.
Link 1,Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It
is a simple procedure that will only take a few moments of your time.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  • At the next prompt, click NO to skip the ComboFix scan for now.
    Posted Image
  • Save all document or windows that are open because when running combofix you won't have internet connection and everything will be closed.
  • Click on your Start Menu, then Run, In the run box type:
    "%userprofile%\desktop\combofix.exe" /killall
  • Combofix will now run
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Please post back with:
-Combofix log
-Fresh RSIT logs


Thanks :)

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 hitpro

hitpro
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 20 October 2008 - 10:41 PM

hi BC,

i downloaded and ran the programs. i didn't get the "what next?" window, but i ran the program anyway and every other step went well. below are the logs you asked for:

ComboFix 08-10-19.04 - big tiny 2008-10-20 23:09:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.286 [GMT -4:00]
Running from: C:\Documents and Settings\big tiny\desktop\combofix.exe
Command switches used :: /killall
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\INSTALL.LOG
C:\WINDOWS\BM7302fb30.txt
C:\WINDOWS\BM7302fb30.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\NDNuninstall5_48.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\SYSTEM32\lTtDNqss.ini
C:\WINDOWS\SYSTEM32\lTtDNqss.ini2
C:\WINDOWS\system32\phc515j0e34p.bmp
C:\WINDOWS\system32\xqdlkkwq.ini

.
((((((((((((((((((((((((( Files Created from 2008-09-21 to 2008-10-21 )))))))))))))))))))))))))))))))
.

2008-10-19 14:38 . 2008-10-19 14:38 <DIR> d-------- C:\WINDOWS\Sun
2008-10-19 14:37 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-10-19 14:36 . 2008-10-19 14:37 <DIR> d-------- C:\Program Files\Java
2008-10-19 14:36 . 2008-10-19 14:36 <DIR> d-------- C:\Program Files\Common Files\Java
2008-10-19 14:29 . 2008-10-19 14:30 <DIR> d-------- C:\rsit
2008-10-12 17:47 . 2008-10-12 17:47 3,072 --ahs---- C:\WINDOWS\SYSTEM32\Thumbs.db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 02:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-10-19 13:22 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-10-14 17:56 46,859 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_10_14_12_42_26_small.dmp.zip
2008-10-14 17:56 45,029 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_10_14_12_41_09_small.dmp.zip
2008-10-01 08:41 65,536 ----a-w C:\WINDOWS\DUMP50bf.tmp
2008-09-24 02:43 65,536 ----a-w C:\WINDOWS\DUMP26b2.tmp
2008-09-18 21:17 65,536 ----a-w C:\WINDOWS\DUMP50a0.tmp
2008-09-18 02:26 65,536 ----a-w C:\WINDOWS\DUMP51c9.tmp
2008-09-18 02:08 65,536 ----a-w C:\WINDOWS\DUMP4b9f.tmp
2008-09-16 02:23 65,536 ----a-w C:\WINDOWS\DUMP4cf7.tmp
2008-09-16 02:06 65,536 ----a-w C:\WINDOWS\DUMP4c99.tmp
2008-09-12 03:38 65,536 ----a-w C:\WINDOWS\DUMP51aa.tmp
2008-09-11 01:18 65,536 ----a-w C:\WINDOWS\DUMP50cf.tmp
2008-09-09 12:47 1,799,552 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-09-08 03:25 65,536 ----a-w C:\WINDOWS\DUMP4854.tmp
2008-09-07 11:04 65,536 ----a-w C:\WINDOWS\DUMP2450.tmp
2008-09-07 10:56 65,536 ----a-w C:\WINDOWS\DUMP2932.tmp
2008-09-07 10:42 65,536 ----a-w C:\WINDOWS\DUMP2673.tmp
2008-09-07 03:10 65,536 ----a-w C:\WINDOWS\DUMP4248.tmp
2008-09-07 03:08 65,536 ----a-w C:\WINDOWS\DUMP24cd.tmp
2008-09-07 03:07 65,536 ----a-w C:\WINDOWS\DUMP2942.tmp
2008-09-07 03:06 65,536 ----a-w C:\WINDOWS\DUMP45a4.tmp
2008-09-06 20:49 65,536 ----a-w C:\WINDOWS\DUMP2693.tmp
2008-09-06 18:30 65,536 ----a-w C:\WINDOWS\DUMP4853.tmp
2008-09-06 18:27 65,536 ----a-w C:\WINDOWS\DUMP2422.tmp
2008-09-06 17:01 65,536 ----a-w C:\WINDOWS\DUMP29de.tmp
2008-09-06 16:55 65,536 ----a-w C:\WINDOWS\DUMP492e.tmp
2008-09-06 16:52 65,536 ----a-w C:\WINDOWS\DUMP467e.tmp
2008-09-06 16:45 65,536 ----a-w C:\WINDOWS\DUMP2579.tmp
2008-09-06 14:34 65,536 ----a-w C:\WINDOWS\DUMP2376.tmp
2008-09-05 08:23 65,536 ----a-w C:\WINDOWS\DUMP2829.tmp
2008-09-05 08:20 65,536 ----a-w C:\WINDOWS\DUMP4c3b.tmp
2008-09-05 03:32 65,536 ----a-w C:\WINDOWS\DUMP4352.tmp
2008-09-05 02:34 65,536 ----a-w C:\WINDOWS\DUMP43bf.tmp
2008-09-05 02:28 65,536 ----a-w C:\WINDOWS\DUMP2981.tmp
2008-09-05 02:23 65,536 ----a-w C:\WINDOWS\DUMP2971.tmp
2008-09-04 02:41 65,536 ----a-w C:\WINDOWS\DUMP43a0.tmp
2008-09-03 02:37 65,536 ----a-w C:\WINDOWS\DUMP25f6.tmp
2008-09-03 02:29 65,536 ----a-w C:\WINDOWS\DUMP250c.tmp
2008-09-03 02:27 65,536 ----a-w C:\WINDOWS\DUMP4a38.tmp
2008-09-03 01:12 65,536 ----a-w C:\WINDOWS\DUMP46fb.tmp
2008-09-01 17:36 65,536 ----a-w C:\WINDOWS\DUMP248f.tmp
2008-08-31 11:36 65,536 ----a-w C:\WINDOWS\DUMP2654.tmp
2008-08-31 11:33 65,536 ----a-w C:\WINDOWS\DUMP271f.tmp
2008-08-31 11:23 65,536 ----a-w C:\WINDOWS\DUMP46bd.tmp
2008-08-30 18:40 65,536 ----a-w C:\WINDOWS\DUMP2441.tmp
2008-08-30 17:01 65,536 ----a-w C:\WINDOWS\DUMP4ad4.tmp
2008-08-30 16:58 65,536 ----a-w C:\WINDOWS\DUMP4390.tmp
2008-08-30 15:59 65,536 ----a-w C:\WINDOWS\DUMP2952.tmp
2008-08-30 15:42 65,536 ----a-w C:\WINDOWS\DUMP5b10.tmp
2008-08-30 15:38 65,536 ----a-w C:\WINDOWS\DUMP2ccc.tmp
2008-08-30 15:37 65,536 ----a-w C:\WINDOWS\DUMP4834.tmp
2008-08-26 03:33 --------- d-----w C:\Documents and Settings\big tiny\Application Data\RipIt4Me
2008-08-26 03:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-24 01:44 22,996,328 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-08-12 02:29 45,752 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_08_11_21_05_54_small.dmp.zip
2008-08-12 02:29 45,019 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_08_11_21_05_35_small.dmp.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-22 413775]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\LaunchPd.exe" [2003-01-20 106574]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 1670144]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD6459\AnyDVDtray.exe" [2008-08-01 2161600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-10-20 590848]
"SetIcon"="\Program Files\WDC\SetIcon.exe" [2004-04-28 42496]
"QuickTime Task"="C:\Program Files\QuickTime\QuickTime\qttask.exe" [2007-06-29 286720]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 919016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WD Button Manager"="WDBtnMgr.exe" [2004-10-11 C:\WINDOWS\SYSTEM32\WDBtnMgr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-04 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" [2005-03-21 78848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=qvwgal.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.UYVY"= C:\WINDOWS\System32\msyuv.dll
"VIDC.YUY2"= ATIVYUY.DLL
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"VIDC.YU12"= ATIYUV12.DLL
"MSACM.CEGSM"= mobilev.acm
"midi1"= usbkt1x1.dll
"midi2"= usbkt1x1.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SlimServer Tray Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SlimServer Tray Tool.lnk
backup=C:\WINDOWS\pss\SlimServer Tray Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^big tiny^Start Menu^Programs^Startup^ListProAlarms.lnk.disabled]
path=C:\Documents and Settings\big tiny\Start Menu\Programs\Startup\ListProAlarms.lnk.disabled
backup=C:\WINDOWS\pss\ListProAlarms.lnk.disabledStartup

[HKLM\~\startupfolder\C:^Documents and Settings^big tiny^Start Menu^Programs^Startup^RAR Password Cracker.lnk]
path=C:\Documents and Settings\big tiny\Start Menu\Programs\Startup\RAR Password Cracker.lnk
backup=C:\WINDOWS\pss\RAR Password Cracker.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2002-12-17 13:28 684032 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
--a------ 2003-01-20 23:57 106574 C:\Program Files\ATI Multimedia\main\LaunchPd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Scheduler]
--a------ 2003-01-20 23:53 36942 C:\Program Files\ATI Multimedia\main\AtiSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2003-01-21 22:00 315392 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CitiVAN]
--a------ 2004-08-12 14:51 192512 C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
--a------ 2002-04-03 02:01 135264 C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 22:34 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-11-15 16:18 1670144 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2003-02-20 00:49 2185800 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2004-09-21 10:57 204845 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RepliGo Assistant]
--a------ 2004-03-19 17:02 167936 C:\Program Files\Cerience\RepliGo\RepliGoMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-12-28 11:27 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-09-21 10:57 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 02:00 90112 C:\WINDOWS\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
--a------ 2004-11-12 13:24 106557 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2001-09-04 17:24 28672 C:\WINDOWS\SYSTEM32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DVDSentry"=C:\WINDOWS\System32\DSentry.exe
"QuickTime Task"="C:\Program Files\QuickTime\QuickTime\qttask.exe" -atboottime
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9000:TCP"= 9000:TCP:SlimServer 9000 tcp
"3483:UDP"= 3483:UDP:SlimServer 3483 udp
"3483:TCP"= 3483:TCP:SlimServer 3483 tcp

R1 Asapi;Asapi;C:\WINDOWS\System32\drivers\Asapi.sys [2000-01-08 10240]
R2 psi_kbd_filter_2k;psi_kbd_filter_2k;C:\WINDOWS\System32\psikbdfiltdrv.sys [2001-12-10 46312]
S3 UKS11LDR;M-Audio USB Keystation Loader;C:\WINDOWS\System32\drivers\uks11ldr.sys [2004-09-24 13504]
S3 USBKT1X1;M-Audio USB Keystation;C:\WINDOWS\System32\drivers\usbkt1x1.sys [2004-09-24 22304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
Contents of the 'Scheduled Tasks' folder

2003-05-27 C:\WINDOWS\Tasks\ISP signup reminder 1.job
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE [2002-08-29 06:00]

2008-10-20 C:\WINDOWS\Tasks\WebReg Photosmart C7200 series.job
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 22:27]

2008-10-17 C:\WINDOWS\Tasks\{2A6C105A-89D3-4216-92BC-5BBEE3B264A3}_NEWPC_big tiny.job
- C:\WINDOWS\system32\MOBSYNC.EXE [2002-08-29 06:00]

2008-10-17 C:\WINDOWS\Tasks\{44C9490B-BA5C-434A-8717-6417FD8432FA}_NEWPC_big tiny.job
- C:\WINDOWS\system32\MOBSYNC.EXE [2002-08-29 06:00]

2008-10-17 C:\WINDOWS\Tasks\{7598EA0B-F73D-4A1C-9645-84FDD06200E1}_NEWPC_big tiny.job
- C:\WINDOWS\system32\MOBSYNC.EXE [2002-08-29 06:00]
.
- - - - ORPHANS REMOVED - - - -

BHO-{26930dec-5393-48c8-b043-cf22784c7755} - C:\WINDOWS\System32\qdqrdj.dll
BHO-{97AB5B86-CF1D-4D4F-BEAA-2FBFB56C5269} - C:\WINDOWS\System32\ssqNDtTl.dll
HKLM-Run-lphc515j0e34p - C:\WINDOWS\System32\lphc515j0e34p.exe
HKLM-Run-BM7302fb30 - C:\WINDOWS\System32\lelsjwov.dll
HKLM-Run-7031c8ac - C:\WINDOWS\System32\qwkkldqx.dll
Notify-opnnonKC - opnnonKC.dll
MSConfigStartUp-dvd43 - C:\Program Files\dvd43\dvd43_tray.exe
MSConfigStartUp-MCAgentExe - c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MSConfigStartUp-MCUpdateExe - C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
MSConfigStartUp-SSC_UserPrompt - C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
MSConfigStartUp-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-VirusScan Online - c:\program files\mcafee.com\vso\mcvsshld.exe


.
------- Supplementary Scan -------
.
R0 -: HKLM-Main,Start Page = hxxp://www.dellnet.com
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 -: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 -: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O18 -: WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - %~$path:i
O18 -: WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - %~$path:i
O18 -: WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - %~$path:i
O18 -: WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - %~$path:i
O18 -: WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - %~$path:i
O18 -: WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - %~$path:i

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-20 23:18:31
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\SYSTEM32\wdfmgr.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\Program Files\WDC\SetIcon.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2008-10-20 23:29:47 - machine was rebooted [big tiny]
ComboFix-quarantined-files.txt 2008-10-21 03:29:43

Pre-Run: 11,318,288,384 bytes free
Post-Run: 12,159,643,648 bytes free

282 --- E O F --- 2008-08-23 03:12:33










Logfile of random's system information tool 1.04 (written by random/random)
Run by big tiny at 2008-10-20 23:30:45
Microsoft Windows XP Home Edition Service Pack 1
System drive C: has 12 GB (10%) free of 114 GB
Total RAM: 511 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:46 PM, on 10/20/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\WDBtnMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\ATI Multimedia\main\LaunchPd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SlySoft\AnyDVD6459\AnyDVDtray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\big tiny\Desktop\RSIT.exe
C:\Program Files\Hijackthis\big tiny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\System32\BhoCitUS.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: RepliGoIEHelperCtl Class - {91DE4477-9CDC-4806-9BCB-28A963988E94} - C:\Program Files\Cerience\RepliGo\RepliGoIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RepliGo - {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - C:\Program Files\Cerience\RepliGo\RepliGoIEBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {11359F4A-B191-42D7-905A-594F8CF0387B} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD6459\AnyDVDtray.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://cehomenet.coned.com/InternalSite/WhlCompMgr.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://encarta.msn.com/encnet/external/MSSurVid.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O20 - AppInit_DLLs: qvwgal.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - C:\Program Files\SlimServer\server\slim.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 9265 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\WebReg Photosmart C7200 series.job
C:\WINDOWS\tasks\{2A6C105A-89D3-4216-92BC-5BBEE3B264A3}_NEWPC_big tiny.job
C:\WINDOWS\tasks\{44C9490B-BA5C-434A-8717-6417FD8432FA}_NEWPC_big tiny.job
C:\WINDOWS\tasks\{7598EA0B-F73D-4A1C-9645-84FDD06200E1}_NEWPC_big tiny.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{387EDF53-1CF2-4523-BC2F-13462651BE8C}]
CitiUSBrowserHelper Class - C:\WINDOWS\System32\BhoCitUS.dll [2004-08-05 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91DE4477-9CDC-4806-9BCB-28A963988E94}]
RepliGoIEHelperCtl Class - C:\Program Files\Cerience\RepliGo\RepliGoIEHelper.dll [2004-03-19 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-12-28 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2003-09-17 844048]
{81F4066B-F330-4872-8094-3E9FBCCEC8C1} - &RepliGo - C:\Program Files\Cerience\RepliGo\RepliGoIEBar.dll [2004-03-19 176128]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-04 343112]
{11359F4A-B191-42D7-905A-594F8CF0387B}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-12-28 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WD Button Manager"=C:\WINDOWS\system32\WDBtnMgr.exe [2004-10-11 143360]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [2008-10-20 590848]
"SetIcon"=\Program Files\WDC\SetIcon.exe [2004-04-28 42496]
"QuickTime Task"=C:\Program Files\QuickTime\QuickTime\qttask.exe [2007-06-29 286720]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-03-13 919016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2003-04-22 413775]
"ATI Launchpad"=C:\Program Files\ATI Multimedia\main\LaunchPd.exe [2003-01-20 106574]
"ctfmon.exe"=C:\WINDOWS\System32\ctfmon.exe [2002-08-29 13312]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-11-15 1670144]
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD6459\AnyDVDtray.exe [2008-08-01 2161600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
C:\Program Files\ATI Multimedia\main\LaunchPd.exe [2003-01-20 106574]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Scheduler]
C:\Program Files\ATI Multimedia\main\ATISched.EXE [2003-01-20 36942]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-01-21 315392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CitiVAN]
C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe [2004-08-12 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [2002-04-03 135264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-11-15 1670144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2003-02-20 2185800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2004-09-21 204845]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RepliGo Assistant]
C:\Program Files\Cerience\RepliGo\RepliGoMon.exe [2004-03-19 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2007-12-28 171448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-09-21 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe [2004-11-12 106557]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
C:\PROGRA~1\AOLCOM~1\COMPAN~1.EXE /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SlimServer Tray Tool.lnk]
C:\PROGRA~1\SLIMSE~1\SlimTray.exe [2006-09-20 1183813]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^big tiny^Start Menu^Programs^Startup^ListProAlarms.lnk.disabled]
C:\Documents and Settings\big tiny\Start Menu\Programs\Startup\ListProAlarms.lnk.disabled []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^big tiny^Start Menu^Programs^Startup^RAR Password Cracker.lnk]
C:\PROGRA~1\RARPAS~1\rpc.exe /c C:\DOCUME~1\BIGTIN~1\Desktop\TEMPPP~1\NOOOOO~1.RPC []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="qvwgal.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2008-10-20 23:29:49 ----A---- C:\ComboFix.txt
2008-10-20 23:12:12 ----D---- C:\WINDOWS\temp
2008-10-20 23:02:59 ----A---- C:\Boot.bak
2008-10-20 23:02:47 ----D---- C:\cmdcons
2008-10-20 23:00:49 ----A---- C:\WINDOWS\zip.exe
2008-10-20 23:00:49 ----A---- C:\WINDOWS\VFIND.exe
2008-10-20 23:00:49 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-20 23:00:49 ----A---- C:\WINDOWS\SWSC.exe
2008-10-20 23:00:49 ----A---- C:\WINDOWS\SWREG.exe
2008-10-20 23:00:49 ----A---- C:\WINDOWS\sed.exe
2008-10-20 23:00:49 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-20 23:00:49 ----A---- C:\WINDOWS\grep.exe
2008-10-20 23:00:49 ----A---- C:\WINDOWS\fdsv.exe
2008-10-20 23:00:44 ----D---- C:\WINDOWS\ERDNT
2008-10-20 23:00:43 ----D---- C:\Qoobox
2008-10-19 14:38:43 ----D---- C:\WINDOWS\Sun
2008-10-19 14:38:43 ----D---- C:\Documents and Settings\big tiny\Application Data\Sun
2008-10-19 14:37:35 ----A---- C:\WINDOWS\System32\javaws.exe
2008-10-19 14:37:35 ----A---- C:\WINDOWS\System32\javaw.exe
2008-10-19 14:37:35 ----A---- C:\WINDOWS\System32\java.exe
2008-10-19 14:36:43 ----D---- C:\Program Files\Java
2008-10-19 14:36:26 ----D---- C:\Program Files\Common Files\Java
2008-10-19 14:29:07 ----D---- C:\rsit
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP51c9.tmp
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP50bf.tmp
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP50a0.tmp
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP4cf7.tmp
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP4c99.tmp
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP4b9f.tmp
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP26b2.tmp
2008-09-09 21:14:32 ----A---- C:\WINDOWS\DUMP51aa.tmp
2008-09-09 21:14:32 ----A---- C:\WINDOWS\DUMP50cf.tmp
2008-09-07 17:32:06 ----A---- C:\WINDOWS\DUMP4854.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP45a4.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP4248.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP2942.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP2932.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP2693.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP2673.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP24cd.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP2450.tmp
2008-08-24 17:02:33 ----A---- C:\WINDOWS\System32\7b120cd2-.txt
2008-08-11 21:30:20 ----D---- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-08-11 21:08:31 ----D---- C:\Documents and Settings\big tiny\Application Data\Vso
2008-08-10 18:27:38 ----D---- C:\Program Files\DVDFab 5075

======List of files/folders modified in the last 3 months======

2008-10-20 23:30:46 ----D---- C:\Program Files\Hijackthis
2008-10-20 23:29:58 ----D---- C:\WINDOWS\SYSTEM32
2008-10-20 23:29:56 ----D---- C:\WINDOWS\System32\DRIVERS
2008-10-20 23:29:53 ----D---- C:\WINDOWS
2008-10-20 23:28:59 ----D---- C:\WINDOWS\System32\CatRoot2
2008-10-20 23:22:17 ----D---- C:\WINDOWS\Internet Logs
2008-10-20 23:21:13 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI
2008-10-20 23:18:18 ----A---- C:\WINDOWS\system.ini
2008-10-20 23:16:19 ----D---- C:\WINDOWS\System32\CONFIG
2008-10-20 23:11:31 ----D---- C:\WINDOWS\AppPatch
2008-10-20 23:11:31 ----D---- C:\Program Files\Common Files
2008-10-20 23:10:00 ----RD---- C:\Program Files
2008-10-20 23:02:59 ----RASH---- C:\BOOT.INI
2008-10-20 23:01:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-20 23:01:37 ----D---- C:\WINDOWS\Prefetch
2008-10-20 22:51:11 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
2008-10-19 14:38:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-19 14:37:38 ----SHD---- C:\WINDOWS\Installer
2008-10-14 09:26:47 ----D---- C:\Temp
2008-10-13 09:52:46 ----D---- C:\WINDOWS\Minidump
2008-10-12 13:54:12 ----RHD---- C:\$VAULT$.AVG
2008-10-02 05:06:48 ----SHD---- C:\System Volume Information
2008-09-23 22:43:46 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-06 14:30:23 ----A---- C:\WINDOWS\DUMP4853.tmp
2008-09-06 14:27:48 ----A---- C:\WINDOWS\DUMP2422.tmp
2008-09-06 13:01:22 ----A---- C:\WINDOWS\DUMP29de.tmp
2008-09-06 12:55:27 ----A---- C:\WINDOWS\DUMP492e.tmp
2008-09-06 12:52:40 ----A---- C:\WINDOWS\DUMP467e.tmp
2008-09-06 12:45:33 ----A---- C:\WINDOWS\DUMP2579.tmp
2008-09-06 10:34:58 ----A---- C:\WINDOWS\DUMP2376.tmp
2008-09-05 04:23:11 ----A---- C:\WINDOWS\DUMP2829.tmp
2008-09-05 04:20:00 ----A---- C:\WINDOWS\DUMP4c3b.tmp
2008-09-04 23:32:30 ----A---- C:\WINDOWS\DUMP4352.tmp
2008-09-04 22:34:55 ----A---- C:\WINDOWS\DUMP43bf.tmp
2008-09-04 22:28:52 ----A---- C:\WINDOWS\DUMP2981.tmp
2008-09-04 22:23:06 ----A---- C:\WINDOWS\DUMP2971.tmp
2008-09-03 22:41:57 ----A---- C:\WINDOWS\DUMP43a0.tmp
2008-09-02 22:37:07 ----A---- C:\WINDOWS\DUMP25f6.tmp
2008-09-02 22:29:26 ----A---- C:\WINDOWS\DUMP250c.tmp
2008-09-02 22:27:03 ----A---- C:\WINDOWS\DUMP4a38.tmp
2008-09-02 21:12:23 ----A---- C:\WINDOWS\DUMP46fb.tmp
2008-09-01 13:36:05 ----A---- C:\WINDOWS\DUMP248f.tmp
2008-08-31 07:36:26 ----A---- C:\WINDOWS\DUMP2654.tmp
2008-08-31 07:33:11 ----A---- C:\WINDOWS\DUMP271f.tmp
2008-08-31 07:23:33 ----A---- C:\WINDOWS\DUMP46bd.tmp
2008-08-30 14:40:56 ----A---- C:\WINDOWS\DUMP2441.tmp
2008-08-30 13:01:31 ----A---- C:\WINDOWS\DUMP4ad4.tmp
2008-08-30 12:58:29 ----A---- C:\WINDOWS\DUMP4390.tmp
2008-08-30 11:59:35 ----A---- C:\WINDOWS\DUMP2952.tmp
2008-08-30 11:42:11 ----A---- C:\WINDOWS\DUMP5b10.tmp
2008-08-30 11:41:53 ----RSHD---- C:\WINDOWS\System32\DLLCACHE
2008-08-30 11:41:53 ----HD---- C:\WINDOWS\INF
2008-08-30 11:38:46 ----A---- C:\WINDOWS\DUMP2ccc.tmp
2008-08-30 11:37:08 ----A---- C:\WINDOWS\DUMP4834.tmp
2008-08-26 04:13:40 ----A---- C:\WINDOWS\NeroDigital.ini
2008-08-25 23:33:49 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-25 23:33:07 ----D---- C:\Documents and Settings\big tiny\Application Data\RipIt4Me
2008-08-25 23:10:41 ----D---- C:\WINDOWS\System32\Restore
2008-08-18 04:55:45 ----D---- C:\Documents and Settings\All Users\Application Data\Retrospect
2008-08-11 22:17:32 ----D---- C:\Program Files\SlySoft
2008-08-06 23:18:35 ----D---- C:\WINDOWS\Registration
2008-08-05 14:11:01 ----A---- C:\WINDOWS\System32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Asapi;Asapi; C:\WINDOWS\System32\drivers\Asapi.sys [2000-01-08 10240]
R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-11-04 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-02-26 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-02-27 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-22 10760]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\System32\drivers\Cdr4_xp.sys [2007-03-07 9336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\System32\drivers\Cdralw2k.sys [2007-03-07 9464]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\System32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-07-19 17153]
R1 pwd_2k;pwd_2k; C:\WINDOWS\System32\drivers\pwd_2k.sys [2003-04-23 143834]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [2006-08-16 205120]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\System32\drivers\UdfReadr_xp.sys [2003-04-23 206464]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-03-13 394952]
R2 ATITUNEP;ATI WDM TV Tuner; C:\WINDOWS\System32\DRIVERS\atintuxx.sys [2003-01-21 37888]
R2 ATIXSAudio;ATI WDM TV Audio Crossbar; C:\WINDOWS\System32\DRIVERS\atinxsxx.sys [2003-01-21 61440]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2007-02-26 4960]
R2 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [2003-01-21 13824]
R2 PCDCODEC;ATI WDM Specialized PCD Codec; C:\WINDOWS\System32\DRIVERS\atinpdxx.sys [2003-01-21 13312]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R2 psi_kbd_filter_2k;psi_kbd_filter_2k; \??\C:\WINDOWS\System32\psikbdfiltdrv.sys []
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-08-01 99648]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2002-08-29 57344]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-01-21 546560]
R3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [2003-01-21 102400]
R3 ativraxx;ATI WDM Rage Theater Audio; C:\WINDOWS\System32\DRIVERS\atinraxx.sys [2003-01-21 50176]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2002-08-29 68864]
R3 dvd_2K;dvd_2K; C:\WINDOWS\System32\drivers\dvd_2K.sys [2003-04-23 25898]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-01-20 140288]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2007-03-08 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2007-03-08 21568]
R3 MxlW2k;MxlW2k; C:\WINDOWS\System32\drivers\MxlW2k.sys [2003-04-23 28164]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2002-08-29 57984]
R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2002-08-30 1293440]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-11-11 9856]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\System32\DRIVERS\tunmp.sys [2006-08-16 11776]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-08-29 19328]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2002-08-29 37504]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2002-08-29 68864]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\System32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2002-12-04 16384]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2001-08-17 138240]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2001-08-17 12672]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2001-08-17 12288]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2001-08-17 12032]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2001-08-17 12160]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2001-08-17 18688]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2001-08-17 29440]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2001-08-17 19456]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys [2001-08-17 44928]
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2001-08-17 31104]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2001-08-17 23680]
S3 mmc_2K;mmc_2K; C:\WINDOWS\System32\drivers\mmc_2K.sys [2003-04-23 30630]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2002-12-04 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2002-12-07 10112]
S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\System32\drivers\NMSCFG.SYS []
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-08-29 891711]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2002-12-04 10880]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2002-12-04 14976]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 UKS11LDR;M-Audio USB Keystation Loader; C:\WINDOWS\system32\drivers\uks11ldr.sys [2004-09-24 13504]
S3 USBKT1X1;M-Audio USB Keystation; C:\WINDOWS\system32\drivers\usbkt1x1.sys [2004-09-24 22304]
S3 usbser;USB Modem Driver; C:\WINDOWS\System32\DRIVERS\usbser.sys [2001-08-17 24192]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [2003-02-22 31273]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2002-12-04 18688]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2001-08-17 29056]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2001-08-17 27648]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2001-08-17 27648]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2001-08-17 26112]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2001-08-17 27392]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\System32\svchost.exe [2002-08-29 12800]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-01-21 147456]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [2007-11-04 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [2007-02-26 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [2007-12-22 406528]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2002-08-29 12800]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2002-08-29 12800]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2002-08-29 12800]
R2 RetroLauncher;Retrospect Launcher; C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe [2003-11-12 49152]
R2 RetroWDSvc;Retrospect WD Service; C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe [2003-12-12 46592]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-10-11 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe [2008-03-13 75304]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2002-08-29 12800]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-28 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NMSSvc;Intel® NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-10-10 1118208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 slimsvc;SlimServer; C:\Program Files\SlimServer\server\slim.exe [2006-09-20 6352963]

-----------------EOF-----------------

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 21 October 2008 - 02:56 PM

Hi hipro.

How's your computer running?



Still some work left to do.

Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11359F4A-B191-42D7-905A-594F8CF0387B}"=-
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Removing outdated Anti-virus

After running Combofix I would like you to remove you old outdated AVG 7 and install a new one because it is outdated.
To remove a program:

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.

Find AVG 7 and remove it.

Additional instructions can be found here if needed.

Install Antivirus

An anti-virus is essential in keeping your computer safe while surfing the Internet. Please install a free anti-virus program:Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Please post back:
-Combofix log
-Kaspersky online scan log
-Fresh RSIT logs
-how is your computer running?


Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 hitpro

hitpro
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 22 October 2008 - 03:44 AM

hi EB. my pc is running ok. it's just a tad slow. by the way, when i tried to install the new anntivirus (avira), i got a BSOD... strange. i forgot to read what it said, so i don't know if it was said the same thing as the earlier BSOD i had been getting. so i had to reboot the pc. unlike before, this time the pc booted up fine. below are the logs:


ComboFix 08-10-19.04 - big tiny 2008-10-21 21:34:32.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.272 [GMT -4:00]
Running from: C:\Documents and Settings\big tiny\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\big tiny\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-09-22 to 2008-10-22 )))))))))))))))))))))))))))))))
.

2008-10-19 14:38 . 2008-10-19 14:38 <DIR> d-------- C:\WINDOWS\Sun
2008-10-19 14:37 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-10-19 14:36 . 2008-10-19 14:37 <DIR> d-------- C:\Program Files\Java
2008-10-19 14:36 . 2008-10-19 14:36 <DIR> d-------- C:\Program Files\Common Files\Java
2008-10-19 14:29 . 2008-10-19 14:30 <DIR> d-------- C:\rsit
2008-10-12 17:47 . 2008-10-12 17:47 3,072 --ahs---- C:\WINDOWS\SYSTEM32\Thumbs.db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 12:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-10-21 02:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-10-14 17:56 46,859 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_10_14_12_42_26_small.dmp.zip
2008-10-14 17:56 45,029 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_10_14_12_41_09_small.dmp.zip
2008-10-01 08:41 65,536 ----a-w C:\WINDOWS\DUMP50bf.tmp
2008-09-24 02:43 65,536 ----a-w C:\WINDOWS\DUMP26b2.tmp
2008-09-18 21:17 65,536 ----a-w C:\WINDOWS\DUMP50a0.tmp
2008-09-18 02:26 65,536 ----a-w C:\WINDOWS\DUMP51c9.tmp
2008-09-18 02:08 65,536 ----a-w C:\WINDOWS\DUMP4b9f.tmp
2008-09-16 02:23 65,536 ----a-w C:\WINDOWS\DUMP4cf7.tmp
2008-09-16 02:06 65,536 ----a-w C:\WINDOWS\DUMP4c99.tmp
2008-09-12 03:38 65,536 ----a-w C:\WINDOWS\DUMP51aa.tmp
2008-09-11 01:18 65,536 ----a-w C:\WINDOWS\DUMP50cf.tmp
2008-09-09 12:47 1,799,552 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-09-08 03:25 65,536 ----a-w C:\WINDOWS\DUMP4854.tmp
2008-09-07 11:04 65,536 ----a-w C:\WINDOWS\DUMP2450.tmp
2008-09-07 10:56 65,536 ----a-w C:\WINDOWS\DUMP2932.tmp
2008-09-07 10:42 65,536 ----a-w C:\WINDOWS\DUMP2673.tmp
2008-09-07 03:10 65,536 ----a-w C:\WINDOWS\DUMP4248.tmp
2008-09-07 03:08 65,536 ----a-w C:\WINDOWS\DUMP24cd.tmp
2008-09-07 03:07 65,536 ----a-w C:\WINDOWS\DUMP2942.tmp
2008-09-07 03:06 65,536 ----a-w C:\WINDOWS\DUMP45a4.tmp
2008-09-06 20:49 65,536 ----a-w C:\WINDOWS\DUMP2693.tmp
2008-09-06 18:30 65,536 ----a-w C:\WINDOWS\DUMP4853.tmp
2008-09-06 18:27 65,536 ----a-w C:\WINDOWS\DUMP2422.tmp
2008-09-06 17:01 65,536 ----a-w C:\WINDOWS\DUMP29de.tmp
2008-09-06 16:55 65,536 ----a-w C:\WINDOWS\DUMP492e.tmp
2008-09-06 16:52 65,536 ----a-w C:\WINDOWS\DUMP467e.tmp
2008-09-06 16:45 65,536 ----a-w C:\WINDOWS\DUMP2579.tmp
2008-09-06 14:34 65,536 ----a-w C:\WINDOWS\DUMP2376.tmp
2008-09-05 08:23 65,536 ----a-w C:\WINDOWS\DUMP2829.tmp
2008-09-05 08:20 65,536 ----a-w C:\WINDOWS\DUMP4c3b.tmp
2008-09-05 03:32 65,536 ----a-w C:\WINDOWS\DUMP4352.tmp
2008-09-05 02:34 65,536 ----a-w C:\WINDOWS\DUMP43bf.tmp
2008-09-05 02:28 65,536 ----a-w C:\WINDOWS\DUMP2981.tmp
2008-09-05 02:23 65,536 ----a-w C:\WINDOWS\DUMP2971.tmp
2008-09-04 02:41 65,536 ----a-w C:\WINDOWS\DUMP43a0.tmp
2008-09-03 02:37 65,536 ----a-w C:\WINDOWS\DUMP25f6.tmp
2008-09-03 02:29 65,536 ----a-w C:\WINDOWS\DUMP250c.tmp
2008-09-03 02:27 65,536 ----a-w C:\WINDOWS\DUMP4a38.tmp
2008-09-03 01:12 65,536 ----a-w C:\WINDOWS\DUMP46fb.tmp
2008-09-01 17:36 65,536 ----a-w C:\WINDOWS\DUMP248f.tmp
2008-08-31 11:36 65,536 ----a-w C:\WINDOWS\DUMP2654.tmp
2008-08-31 11:33 65,536 ----a-w C:\WINDOWS\DUMP271f.tmp
2008-08-31 11:23 65,536 ----a-w C:\WINDOWS\DUMP46bd.tmp
2008-08-30 18:40 65,536 ----a-w C:\WINDOWS\DUMP2441.tmp
2008-08-30 17:01 65,536 ----a-w C:\WINDOWS\DUMP4ad4.tmp
2008-08-30 16:58 65,536 ----a-w C:\WINDOWS\DUMP4390.tmp
2008-08-30 15:59 65,536 ----a-w C:\WINDOWS\DUMP2952.tmp
2008-08-30 15:42 65,536 ----a-w C:\WINDOWS\DUMP5b10.tmp
2008-08-30 15:38 65,536 ----a-w C:\WINDOWS\DUMP2ccc.tmp
2008-08-30 15:37 65,536 ----a-w C:\WINDOWS\DUMP4834.tmp
2008-08-26 03:33 --------- d-----w C:\Documents and Settings\big tiny\Application Data\RipIt4Me
2008-08-26 03:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-24 01:44 22,996,328 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-08-12 02:29 45,752 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_08_11_21_05_54_small.dmp.zip
2008-08-12 02:29 45,019 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_08_11_21_05_35_small.dmp.zip
.

((((((((((((((((((((((((((((( snapshot@2008-10-20_23.29.10.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-21 01:26:30 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2008-10-21 03:17:50 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2008-10-21 01:26:30 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2008-10-21 03:17:50 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2008-10-21 01:26:30 114,688 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
+ 2008-10-22 01:28:55 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-06 19:39:26 53,608 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
+ 2008-10-21 03:21:16 53,608 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
- 2008-04-06 19:39:26 383,254 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2008-10-21 03:21:17 383,254 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-22 413775]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\LaunchPd.exe" [2003-01-20 106574]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 1670144]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD6459\AnyDVDtray.exe" [2008-08-01 2161600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-10-20 590848]
"SetIcon"="\Program Files\WDC\SetIcon.exe" [2004-04-28 42496]
"QuickTime Task"="C:\Program Files\QuickTime\QuickTime\qttask.exe" [2007-06-29 286720]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 919016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WD Button Manager"="WDBtnMgr.exe" [2004-10-11 C:\WINDOWS\SYSTEM32\WDBtnMgr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-04 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" [2005-03-21 78848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.UYVY"= C:\WINDOWS\System32\msyuv.dll
"VIDC.YUY2"= ATIVYUY.DLL
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"VIDC.YU12"= ATIYUV12.DLL
"MSACM.CEGSM"= mobilev.acm
"midi1"= usbkt1x1.dll
"midi2"= usbkt1x1.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SlimServer Tray Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SlimServer Tray Tool.lnk
backup=C:\WINDOWS\pss\SlimServer Tray Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^big tiny^Start Menu^Programs^Startup^ListProAlarms.lnk.disabled]
path=C:\Documents and Settings\big tiny\Start Menu\Programs\Startup\ListProAlarms.lnk.disabled
backup=C:\WINDOWS\pss\ListProAlarms.lnk.disabledStartup

[HKLM\~\startupfolder\C:^Documents and Settings^big tiny^Start Menu^Programs^Startup^RAR Password Cracker.lnk]
path=C:\Documents and Settings\big tiny\Start Menu\Programs\Startup\RAR Password Cracker.lnk
backup=C:\WINDOWS\pss\RAR Password Cracker.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2002-12-17 13:28 684032 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
--a------ 2003-01-20 23:57 106574 C:\Program Files\ATI Multimedia\main\LaunchPd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Scheduler]
--a------ 2003-01-20 23:53 36942 C:\Program Files\ATI Multimedia\main\AtiSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2003-01-21 22:00 315392 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CitiVAN]
--a------ 2004-08-12 14:51 192512 C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
--a------ 2002-04-03 02:01 135264 C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 22:34 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-11-15 16:18 1670144 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2003-02-20 00:49 2185800 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2004-09-21 10:57 204845 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RepliGo Assistant]
--a------ 2004-03-19 17:02 167936 C:\Program Files\Cerience\RepliGo\RepliGoMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-12-28 11:27 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-09-21 10:57 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 02:00 90112 C:\WINDOWS\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
--a------ 2004-11-12 13:24 106557 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2001-09-04 17:24 28672 C:\WINDOWS\SYSTEM32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DVDSentry"=C:\WINDOWS\System32\DSentry.exe
"QuickTime Task"="C:\Program Files\QuickTime\QuickTime\qttask.exe" -atboottime
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9000:TCP"= 9000:TCP:SlimServer 9000 tcp
"3483:UDP"= 3483:UDP:SlimServer 3483 udp
"3483:TCP"= 3483:TCP:SlimServer 3483 tcp

R1 Asapi;Asapi;C:\WINDOWS\System32\drivers\Asapi.sys [2000-01-08 10240]
R2 psi_kbd_filter_2k;psi_kbd_filter_2k;C:\WINDOWS\System32\psikbdfiltdrv.sys [2001-12-10 46312]
S3 UKS11LDR;M-Audio USB Keystation Loader;C:\WINDOWS\System32\drivers\uks11ldr.sys [2004-09-24 13504]
S3 USBKT1X1;M-Audio USB Keystation;C:\WINDOWS\System32\drivers\usbkt1x1.sys [2004-09-24 22304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
Contents of the 'Scheduled Tasks' folder

2003-05-27 C:\WINDOWS\Tasks\ISP signup reminder 1.job
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE [2002-08-29 06:00]

2008-10-21 C:\WINDOWS\Tasks\WebReg Photosmart C7200 series.job
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 22:27]

2008-10-21 C:\WINDOWS\Tasks\{2A6C105A-89D3-4216-92BC-5BBEE3B264A3}_NEWPC_big tiny.job
- C:\WINDOWS\system32\MOBSYNC.EXE [2002-08-29 06:00]

2008-10-17 C:\WINDOWS\Tasks\{44C9490B-BA5C-434A-8717-6417FD8432FA}_NEWPC_big tiny.job
- C:\WINDOWS\system32\MOBSYNC.EXE [2002-08-29 06:00]

2008-10-21 C:\WINDOWS\Tasks\{7598EA0B-F73D-4A1C-9645-84FDD06200E1}_NEWPC_big tiny.job
- C:\WINDOWS\system32\MOBSYNC.EXE [2002-08-29 06:00]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 21:39:38
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-21 21:48:03
ComboFix-quarantined-files.txt 2008-10-22 01:48:00
ComboFix2.txt 2008-10-21 03:29:49

Pre-Run: 12,152,553,472 bytes free
Post-Run: 12,151,050,240 bytes free

231 --- E O F --- 2008-08-23 03:12:33






--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, October 22, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 1 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, October 22, 2008 03:13:27
Records in database: 1333705
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\

Scan statistics:
Files scanned: 164571
Threat name: 4
Infected objects: 7
Suspicious objects: 0
Duration of the scan: 03:32:37


File name / Threat name / Threats count
C:\Documents and Settings\big tiny\My Documents\dvdstuph\pgcedit\bin\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k 1
C:\Documents and Settings\big tiny\My Documents\dvdstuph\pgcedit_winexe.zip Infected: not-a-virus:RiskTool.Win32.PsKill.k 1
C:\Qoobox\Quarantine\C\WINDOWS\NDNuninstall5_48.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\System Volume Information\_restore{953C5C1F-9D46-4882-AC3F-FF632E03E7AF}\RP743\A0023239.0BS Infected: Backdoor.Win32.Frauder.eo 1
C:\System Volume Information\_restore{953C5C1F-9D46-4882-AC3F-FF632E03E7AF}\RP751\A0023356.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cza 1
C:\System Volume Information\_restore{953C5C1F-9D46-4882-AC3F-FF632E03E7AF}\RP752\A0023370.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cza 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0062214.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1

The selected area was scanned.








Logfile of random's system information tool 1.04 (written by random/random)
Run by big tiny at 2008-10-22 04:36:02
Microsoft Windows XP Home Edition Service Pack 1
System drive C: has 12 GB (10%) free of 114 GB
Total RAM: 511 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:36:13 AM, on 10/22/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WDBtnMgr.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\ATI Multimedia\main\LaunchPd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SlySoft\AnyDVD6459\AnyDVDtray.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\big tiny\Desktop\RSIT.exe
C:\Program Files\Hijackthis\big tiny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\System32\BhoCitUS.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: RepliGoIEHelperCtl Class - {91DE4477-9CDC-4806-9BCB-28A963988E94} - C:\Program Files\Cerience\RepliGo\RepliGoIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RepliGo - {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - C:\Program Files\Cerience\RepliGo\RepliGoIEBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD6459\AnyDVDtray.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://cehomenet.coned.com/InternalSite/WhlCompMgr.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://encarta.msn.com/encnet/external/MSSurVid.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - C:\Program Files\SlimServer\server\slim.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 8566 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\WebReg Photosmart C7200 series.job
C:\WINDOWS\tasks\{2A6C105A-89D3-4216-92BC-5BBEE3B264A3}_NEWPC_big tiny.job
C:\WINDOWS\tasks\{44C9490B-BA5C-434A-8717-6417FD8432FA}_NEWPC_big tiny.job
C:\WINDOWS\tasks\{7598EA0B-F73D-4A1C-9645-84FDD06200E1}_NEWPC_big tiny.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{387EDF53-1CF2-4523-BC2F-13462651BE8C}]
CitiUSBrowserHelper Class - C:\WINDOWS\System32\BhoCitUS.dll [2004-08-05 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91DE4477-9CDC-4806-9BCB-28A963988E94}]
RepliGoIEHelperCtl Class - C:\Program Files\Cerience\RepliGo\RepliGoIEHelper.dll [2004-03-19 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-12-28 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2003-09-17 844048]
{81F4066B-F330-4872-8094-3E9FBCCEC8C1} - &RepliGo - C:\Program Files\Cerience\RepliGo\RepliGoIEBar.dll [2004-03-19 176128]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-04 343112]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-12-28 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WD Button Manager"=C:\WINDOWS\system32\WDBtnMgr.exe [2004-10-11 143360]
"SetIcon"=\Program Files\WDC\SetIcon.exe [2004-04-28 42496]
"QuickTime Task"=C:\Program Files\QuickTime\QuickTime\qttask.exe [2007-06-29 286720]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-03-13 919016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2003-04-22 413775]
"ATI Launchpad"=C:\Program Files\ATI Multimedia\main\LaunchPd.exe [2003-01-20 106574]
"ctfmon.exe"=C:\WINDOWS\System32\ctfmon.exe [2002-08-29 13312]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-11-15 1670144]
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD6459\AnyDVDtray.exe [2008-08-01 2161600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
C:\Program Files\ATI Multimedia\main\LaunchPd.exe [2003-01-20 106574]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Scheduler]
C:\Program Files\ATI Multimedia\main\ATISched.EXE [2003-01-20 36942]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-01-21 315392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CitiVAN]
C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe [2004-08-12 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [2002-04-03 135264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-11-15 1670144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2003-02-20 2185800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2004-09-21 204845]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RepliGo Assistant]
C:\Program Files\Cerience\RepliGo\RepliGoMon.exe [2004-03-19 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2007-12-28 171448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-09-21 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe [2004-11-12 106557]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
C:\PROGRA~1\AOLCOM~1\COMPAN~1.EXE /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SlimServer Tray Tool.lnk]
C:\PROGRA~1\SLIMSE~1\SlimTray.exe [2006-09-20 1183813]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^big tiny^Start Menu^Programs^Startup^ListProAlarms.lnk.disabled]
C:\Documents and Settings\big tiny\Start Menu\Programs\Startup\ListProAlarms.lnk.disabled []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^big tiny^Start Menu^Programs^Startup^RAR Password Cracker.lnk]
C:\PROGRA~1\RARPAS~1\rpc.exe /c C:\DOCUME~1\BIGTIN~1\Desktop\TEMPPP~1\NOOOOO~1.RPC []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2008-10-21 22:02:08 ----D---- C:\Program Files\Avira
2008-10-21 22:02:08 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-21 21:48:06 ----D---- C:\WINDOWS\temp
2008-10-21 21:48:04 ----A---- C:\ComboFix.txt
2008-10-20 23:02:59 ----A---- C:\Boot.bak
2008-10-20 23:02:47 ----D---- C:\cmdcons
2008-10-20 23:00:49 ----A---- C:\WINDOWS\zip.exe
2008-10-20 23:00:49 ----A---- C:\WINDOWS\VFIND.exe
2008-10-20 23:00:49 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-20 23:00:49 ----A---- C:\WINDOWS\SWSC.exe
2008-10-20 23:00:49 ----A---- C:\WINDOWS\SWREG.exe
2008-10-20 23:00:49 ----A---- C:\WINDOWS\sed.exe
2008-10-20 23:00:49 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-20 23:00:49 ----A---- C:\WINDOWS\grep.exe
2008-10-20 23:00:49 ----A---- C:\WINDOWS\fdsv.exe
2008-10-20 23:00:44 ----D---- C:\WINDOWS\ERDNT
2008-10-20 23:00:43 ----D---- C:\Qoobox
2008-10-19 14:38:43 ----D---- C:\WINDOWS\Sun
2008-10-19 14:38:43 ----D---- C:\Documents and Settings\big tiny\Application Data\Sun
2008-10-19 14:37:35 ----A---- C:\WINDOWS\System32\javaws.exe
2008-10-19 14:37:35 ----A---- C:\WINDOWS\System32\javaw.exe
2008-10-19 14:37:35 ----A---- C:\WINDOWS\System32\java.exe
2008-10-19 14:36:43 ----D---- C:\Program Files\Java
2008-10-19 14:36:26 ----D---- C:\Program Files\Common Files\Java
2008-10-19 14:29:07 ----D---- C:\rsit
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP51c9.tmp
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP50bf.tmp
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP50a0.tmp
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP4cf7.tmp
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP4c99.tmp
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP4b9f.tmp
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP26b2.tmp
2008-09-09 21:14:32 ----A---- C:\WINDOWS\DUMP51aa.tmp
2008-09-09 21:14:32 ----A---- C:\WINDOWS\DUMP50cf.tmp
2008-09-07 17:32:06 ----A---- C:\WINDOWS\DUMP4854.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP45a4.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP4248.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP2942.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP2932.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP2693.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP2673.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP24cd.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP2450.tmp
2008-08-24 17:02:33 ----A---- C:\WINDOWS\System32\7b120cd2-.txt
2008-08-11 21:30:20 ----D---- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-08-11 21:08:31 ----D---- C:\Documents and Settings\big tiny\Application Data\Vso
2008-08-10 18:27:38 ----D---- C:\Program Files\DVDFab 5075

======List of files/folders modified in the last 3 months======

2008-10-22 04:36:14 ----D---- C:\WINDOWS\Prefetch
2008-10-22 04:36:09 ----D---- C:\Program Files\Hijackthis
2008-10-21 22:09:14 ----D---- C:\WINDOWS\Internet Logs
2008-10-21 22:05:41 ----D---- C:\WINDOWS\Minidump
2008-10-21 22:05:41 ----D---- C:\WINDOWS
2008-10-21 22:02:13 ----D---- C:\WINDOWS\System32\DRIVERS
2008-10-21 22:02:08 ----RD---- C:\Program Files
2008-10-21 21:52:54 ----D---- C:\Program Files\Grisoft
2008-10-21 21:50:57 ----D---- C:\WINDOWS\SYSTEM32
2008-10-21 21:50:56 ----D---- C:\WINDOWS\SYSTEM
2008-10-21 21:49:35 ----D---- C:\WINDOWS\System32\CatRoot2
2008-10-21 21:39:33 ----A---- C:\WINDOWS\system.ini
2008-10-21 21:37:21 ----D---- C:\WINDOWS\AppPatch
2008-10-21 21:37:21 ----D---- C:\Program Files\Common Files
2008-10-21 21:34:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-20 23:21:13 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI
2008-10-20 23:16:19 ----D---- C:\WINDOWS\System32\CONFIG
2008-10-20 23:02:59 ----RASH---- C:\BOOT.INI
2008-10-19 14:38:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-19 14:37:38 ----SHD---- C:\WINDOWS\Installer
2008-10-14 09:26:47 ----D---- C:\Temp
2008-10-02 05:06:48 ----SHD---- C:\System Volume Information
2008-09-23 22:43:46 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-06 14:30:23 ----A---- C:\WINDOWS\DUMP4853.tmp
2008-09-06 14:27:48 ----A---- C:\WINDOWS\DUMP2422.tmp
2008-09-06 13:01:22 ----A---- C:\WINDOWS\DUMP29de.tmp
2008-09-06 12:55:27 ----A---- C:\WINDOWS\DUMP492e.tmp
2008-09-06 12:52:40 ----A---- C:\WINDOWS\DUMP467e.tmp
2008-09-06 12:45:33 ----A---- C:\WINDOWS\DUMP2579.tmp
2008-09-06 10:34:58 ----A---- C:\WINDOWS\DUMP2376.tmp
2008-09-05 04:23:11 ----A---- C:\WINDOWS\DUMP2829.tmp
2008-09-05 04:20:00 ----A---- C:\WINDOWS\DUMP4c3b.tmp
2008-09-04 23:32:30 ----A---- C:\WINDOWS\DUMP4352.tmp
2008-09-04 22:34:55 ----A---- C:\WINDOWS\DUMP43bf.tmp
2008-09-04 22:28:52 ----A---- C:\WINDOWS\DUMP2981.tmp
2008-09-04 22:23:06 ----A---- C:\WINDOWS\DUMP2971.tmp
2008-09-03 22:41:57 ----A---- C:\WINDOWS\DUMP43a0.tmp
2008-09-02 22:37:07 ----A---- C:\WINDOWS\DUMP25f6.tmp
2008-09-02 22:29:26 ----A---- C:\WINDOWS\DUMP250c.tmp
2008-09-02 22:27:03 ----A---- C:\WINDOWS\DUMP4a38.tmp
2008-09-02 21:12:23 ----A---- C:\WINDOWS\DUMP46fb.tmp
2008-09-01 13:36:05 ----A---- C:\WINDOWS\DUMP248f.tmp
2008-08-31 07:36:26 ----A---- C:\WINDOWS\DUMP2654.tmp
2008-08-31 07:33:11 ----A---- C:\WINDOWS\DUMP271f.tmp
2008-08-31 07:23:33 ----A---- C:\WINDOWS\DUMP46bd.tmp
2008-08-30 14:40:56 ----A---- C:\WINDOWS\DUMP2441.tmp
2008-08-30 13:01:31 ----A---- C:\WINDOWS\DUMP4ad4.tmp
2008-08-30 12:58:29 ----A---- C:\WINDOWS\DUMP4390.tmp
2008-08-30 11:59:35 ----A---- C:\WINDOWS\DUMP2952.tmp
2008-08-30 11:42:11 ----A---- C:\WINDOWS\DUMP5b10.tmp
2008-08-30 11:41:53 ----RSHD---- C:\WINDOWS\System32\DLLCACHE
2008-08-30 11:41:53 ----HD---- C:\WINDOWS\INF
2008-08-30 11:38:46 ----A---- C:\WINDOWS\DUMP2ccc.tmp
2008-08-30 11:37:08 ----A---- C:\WINDOWS\DUMP4834.tmp
2008-08-26 04:13:40 ----A---- C:\WINDOWS\NeroDigital.ini
2008-08-25 23:33:49 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-25 23:33:07 ----D---- C:\Documents and Settings\big tiny\Application Data\RipIt4Me
2008-08-25 23:10:41 ----D---- C:\WINDOWS\System32\Restore
2008-08-18 04:55:45 ----D---- C:\Documents and Settings\All Users\Application Data\Retrospect
2008-08-11 22:17:32 ----D---- C:\Program Files\SlySoft
2008-08-06 23:18:35 ----D---- C:\WINDOWS\Registration
2008-08-05 14:11:01 ----A---- C:\WINDOWS\System32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Asapi;Asapi; C:\WINDOWS\System32\drivers\Asapi.sys [2000-01-08 10240]
R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2008-05-09 45376]
R1 avipbb;avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\System32\drivers\Cdr4_xp.sys [2007-03-07 9336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\System32\drivers\Cdralw2k.sys [2007-03-07 9464]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\System32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-07-19 17153]
R1 pwd_2k;pwd_2k; C:\WINDOWS\System32\drivers\pwd_2k.sys [2003-04-23 143834]
R1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [2006-08-16 205120]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\System32\drivers\UdfReadr_xp.sys [2003-04-23 206464]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-03-13 394952]
R2 ATITUNEP;ATI WDM TV Tuner; C:\WINDOWS\System32\DRIVERS\atintuxx.sys [2003-01-21 37888]
R2 ATIXSAudio;ATI WDM TV Audio Crossbar; C:\WINDOWS\System32\DRIVERS\atinxsxx.sys [2003-01-21 61440]
R2 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [2003-01-21 13824]
R2 PCDCODEC;ATI WDM Specialized PCD Codec; C:\WINDOWS\System32\DRIVERS\atinpdxx.sys [2003-01-21 13312]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R2 psi_kbd_filter_2k;psi_kbd_filter_2k; \??\C:\WINDOWS\System32\psikbdfiltdrv.sys []
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-08-01 99648]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2002-08-29 57344]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-01-21 546560]
R3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [2003-01-21 102400]
R3 ativraxx;ATI WDM Rage Theater Audio; C:\WINDOWS\System32\DRIVERS\atinraxx.sys [2003-01-21 50176]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2002-08-29 68864]
R3 dvd_2K;dvd_2K; C:\WINDOWS\System32\drivers\dvd_2K.sys [2003-04-23 25898]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-01-20 140288]
R3 MxlW2k;MxlW2k; C:\WINDOWS\System32\drivers\MxlW2k.sys [2003-04-23 28164]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2002-08-29 57984]
R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2002-08-30 1293440]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-11-11 9856]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\System32\DRIVERS\tunmp.sys [2006-08-16 11776]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-08-29 19328]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2002-08-29 37504]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2002-08-29 68864]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\System32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2002-12-04 16384]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2001-08-17 138240]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2001-08-17 12672]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2001-08-17 12288]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2001-08-17 12032]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2001-08-17 12160]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2001-08-17 18688]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2001-08-17 29440]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2001-08-17 19456]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys [2001-08-17 44928]
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2001-08-17 31104]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2001-08-17 23680]
S3 mmc_2K;mmc_2K; C:\WINDOWS\System32\drivers\mmc_2K.sys [2003-04-23 30630]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2002-12-04 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2002-12-07 10112]
S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\System32\drivers\NMSCFG.SYS []
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-08-29 891711]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2002-12-04 10880]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2002-12-04 14976]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 UKS11LDR;M-Audio USB Keystation Loader; C:\WINDOWS\system32\drivers\uks11ldr.sys [2004-09-24 13504]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160]
S3 USBKT1X1;M-Audio USB Keystation; C:\WINDOWS\system32\drivers\usbkt1x1.sys [2004-09-24 22304]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 usbser;USB Modem Driver; C:\WINDOWS\System32\DRIVERS\usbser.sys [2001-08-17 24192]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [2003-02-22 31273]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2002-12-04 18688]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2001-08-17 29056]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2001-08-17 27648]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2001-08-17 27648]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2001-08-17 26112]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2001-08-17 27392]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\System32\svchost.exe [2002-08-29 12800]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-01-21 147456]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2002-08-29 12800]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2002-08-29 12800]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2002-08-29 12800]
R2 RetroLauncher;Retrospect Launcher; C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe [2003-11-12 49152]
R2 RetroWDSvc;Retrospect WD Service; C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe [2003-12-12 46592]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-10-11 38912]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2002-08-29 12800]
S2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]
S2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-07 149761]
S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe [2008-03-13 75304]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-28 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NMSSvc;Intel® NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-10-10 1118208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 slimsvc;SlimServer; C:\Program Files\SlimServer\server\slim.exe [2006-09-20 6352963]

-----------------EOF-----------------

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 22 October 2008 - 02:56 PM

Hi.

hi EB. my pc is running ok. it's just a tad slow. by the way, when i tried to install the new anntivirus (avira), i got a BSOD... strange. i forgot to read what it said, so i don't know if it was said the same thing as the earlier BSOD i had been getting. so i had to reboot the pc. unlike before, this time the pc booted up fine. below are the logs:

I see the Avira was successfully installed, so I wouldn't worry too much but I if you want me to have a look at it I can.

Please read this tutorial: http://www.bleepingcomputer.com/forums/top...tml#entry409491
And see if you can post back with the error message in event viewer.


Still some work left to do.

Download and Run DAFT

Download Deckard's Association File Tool DAFT from Here and save it to your desktop.
  • Double click on it and clickRun.
  • Click on the Scan button.
  • If it finds faulty file associations, they will appear in red beside a checkbox
  • Click Save Log and save daft.txt
  • Then place a checkmark (tick) in the boxes in question.
  • Click the Fix button.
  • Copy and paste the content of daft.txt to your reply.
After running DAFT please run Combofix again:

Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    File::
    C:\WINDOWS\System32\7b120cd2-.txt
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Please post back with:
-Daft.txt
-Combofix log
-Fresh RSIT log


Thanks :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 hitpro

hitpro
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 22 October 2008 - 09:15 PM

hi. i ran DAFT. it found 1 faulty association, an AutoCAD script file. i mistakingly fixed it before i saved the log. so i don't have a DAFT log to show. :thumbsup:
i do have the other logs, tho.



ComboFix 08-10-19.04 - big tiny 2008-10-22 21:34:48.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.269 [GMT -4:00]
Running from: C:\Documents and Settings\big tiny\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\big tiny\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\System32\7b120cd2-.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\System32\7b120cd2-.txt

.
((((((((((((((((((((((((( Files Created from 2008-09-23 to 2008-10-23 )))))))))))))))))))))))))))))))
.

2008-10-21 22:02 . 2008-10-21 22:02 <DIR> d-------- C:\Program Files\Avira
2008-10-21 22:02 . 2008-10-21 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-19 14:38 . 2008-10-19 14:38 <DIR> d-------- C:\WINDOWS\Sun
2008-10-19 14:37 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-10-19 14:36 . 2008-10-19 14:37 <DIR> d-------- C:\Program Files\Java
2008-10-19 14:36 . 2008-10-19 14:36 <DIR> d-------- C:\Program Files\Common Files\Java
2008-10-19 14:29 . 2008-10-19 14:30 <DIR> d-------- C:\rsit
2008-10-12 17:47 . 2008-10-12 17:47 3,072 --ahs---- C:\WINDOWS\SYSTEM32\Thumbs.db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 17:56 46,859 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_10_14_12_42_26_small.dmp.zip
2008-10-14 17:56 45,029 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_10_14_12_41_09_small.dmp.zip
2008-10-01 08:41 65,536 ----a-w C:\WINDOWS\DUMP50bf.tmp
2008-09-24 02:43 65,536 ----a-w C:\WINDOWS\DUMP26b2.tmp
2008-09-18 21:17 65,536 ----a-w C:\WINDOWS\DUMP50a0.tmp
2008-09-18 02:26 65,536 ----a-w C:\WINDOWS\DUMP51c9.tmp
2008-09-18 02:08 65,536 ----a-w C:\WINDOWS\DUMP4b9f.tmp
2008-09-16 02:23 65,536 ----a-w C:\WINDOWS\DUMP4cf7.tmp
2008-09-16 02:06 65,536 ----a-w C:\WINDOWS\DUMP4c99.tmp
2008-09-12 03:38 65,536 ----a-w C:\WINDOWS\DUMP51aa.tmp
2008-09-11 01:18 65,536 ----a-w C:\WINDOWS\DUMP50cf.tmp
2008-09-09 12:47 1,799,552 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-09-08 03:25 65,536 ----a-w C:\WINDOWS\DUMP4854.tmp
2008-09-07 11:04 65,536 ----a-w C:\WINDOWS\DUMP2450.tmp
2008-09-07 10:56 65,536 ----a-w C:\WINDOWS\DUMP2932.tmp
2008-09-07 10:42 65,536 ----a-w C:\WINDOWS\DUMP2673.tmp
2008-09-07 03:10 65,536 ----a-w C:\WINDOWS\DUMP4248.tmp
2008-09-07 03:08 65,536 ----a-w C:\WINDOWS\DUMP24cd.tmp
2008-09-07 03:07 65,536 ----a-w C:\WINDOWS\DUMP2942.tmp
2008-09-07 03:06 65,536 ----a-w C:\WINDOWS\DUMP45a4.tmp
2008-09-06 20:49 65,536 ----a-w C:\WINDOWS\DUMP2693.tmp
2008-09-06 18:30 65,536 ----a-w C:\WINDOWS\DUMP4853.tmp
2008-09-06 18:27 65,536 ----a-w C:\WINDOWS\DUMP2422.tmp
2008-09-06 17:01 65,536 ----a-w C:\WINDOWS\DUMP29de.tmp
2008-09-06 16:55 65,536 ----a-w C:\WINDOWS\DUMP492e.tmp
2008-09-06 16:52 65,536 ----a-w C:\WINDOWS\DUMP467e.tmp
2008-09-06 16:45 65,536 ----a-w C:\WINDOWS\DUMP2579.tmp
2008-09-06 14:34 65,536 ----a-w C:\WINDOWS\DUMP2376.tmp
2008-09-05 08:23 65,536 ----a-w C:\WINDOWS\DUMP2829.tmp
2008-09-05 08:20 65,536 ----a-w C:\WINDOWS\DUMP4c3b.tmp
2008-09-05 03:32 65,536 ----a-w C:\WINDOWS\DUMP4352.tmp
2008-09-05 02:34 65,536 ----a-w C:\WINDOWS\DUMP43bf.tmp
2008-09-05 02:28 65,536 ----a-w C:\WINDOWS\DUMP2981.tmp
2008-09-05 02:23 65,536 ----a-w C:\WINDOWS\DUMP2971.tmp
2008-09-04 02:41 65,536 ----a-w C:\WINDOWS\DUMP43a0.tmp
2008-09-03 02:37 65,536 ----a-w C:\WINDOWS\DUMP25f6.tmp
2008-09-03 02:29 65,536 ----a-w C:\WINDOWS\DUMP250c.tmp
2008-09-03 02:27 65,536 ----a-w C:\WINDOWS\DUMP4a38.tmp
2008-09-03 01:12 65,536 ----a-w C:\WINDOWS\DUMP46fb.tmp
2008-09-01 17:36 65,536 ----a-w C:\WINDOWS\DUMP248f.tmp
2008-08-31 11:36 65,536 ----a-w C:\WINDOWS\DUMP2654.tmp
2008-08-31 11:33 65,536 ----a-w C:\WINDOWS\DUMP271f.tmp
2008-08-31 11:23 65,536 ----a-w C:\WINDOWS\DUMP46bd.tmp
2008-08-30 18:40 65,536 ----a-w C:\WINDOWS\DUMP2441.tmp
2008-08-30 17:01 65,536 ----a-w C:\WINDOWS\DUMP4ad4.tmp
2008-08-30 16:58 65,536 ----a-w C:\WINDOWS\DUMP4390.tmp
2008-08-30 15:59 65,536 ----a-w C:\WINDOWS\DUMP2952.tmp
2008-08-30 15:42 65,536 ----a-w C:\WINDOWS\DUMP5b10.tmp
2008-08-30 15:38 65,536 ----a-w C:\WINDOWS\DUMP2ccc.tmp
2008-08-30 15:37 65,536 ----a-w C:\WINDOWS\DUMP4834.tmp
2008-08-26 03:33 --------- d-----w C:\Documents and Settings\big tiny\Application Data\RipIt4Me
2008-08-26 03:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-24 01:44 22,996,328 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-08-12 02:29 45,752 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_08_11_21_05_54_small.dmp.zip
2008-08-12 02:29 45,019 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_08_11_21_05_35_small.dmp.zip
.

((((((((((((((((((((((((((((( snapshot@2008-10-20_23.29.10.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-21 01:26:30 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2008-10-22 02:05:43 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2008-10-21 01:26:30 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2008-10-22 02:05:43 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2008-10-21 01:26:30 114,688 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
+ 2008-10-22 02:05:43 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-09 17:15:51 45,376 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys
+ 2008-01-21 22:11:28 22,336 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys
+ 2008-06-27 19:03:55 75,072 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys
+ 2007-03-01 14:34:22 28,352 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys
- 2008-04-06 19:39:26 53,608 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
+ 2008-10-21 03:21:16 53,608 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
- 2008-04-06 19:39:26 383,254 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2008-10-21 03:21:17 383,254 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-22 413775]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\LaunchPd.exe" [2003-01-20 106574]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 1670144]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD6459\AnyDVDtray.exe" [2008-08-01 2161600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetIcon"="\Program Files\WDC\SetIcon.exe" [2004-04-28 42496]
"QuickTime Task"="C:\Program Files\QuickTime\QuickTime\qttask.exe" [2007-06-29 286720]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 919016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WD Button Manager"="WDBtnMgr.exe" [2004-10-11 C:\WINDOWS\SYSTEM32\WDBtnMgr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" [2005-03-21 78848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.UYVY"= C:\WINDOWS\System32\msyuv.dll
"VIDC.YUY2"= ATIVYUY.DLL
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"VIDC.YU12"= ATIYUV12.DLL
"MSACM.CEGSM"= mobilev.acm
"midi1"= usbkt1x1.dll
"midi2"= usbkt1x1.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SlimServer Tray Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SlimServer Tray Tool.lnk
backup=C:\WINDOWS\pss\SlimServer Tray Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^big tiny^Start Menu^Programs^Startup^ListProAlarms.lnk.disabled]
path=C:\Documents and Settings\big tiny\Start Menu\Programs\Startup\ListProAlarms.lnk.disabled
backup=C:\WINDOWS\pss\ListProAlarms.lnk.disabledStartup

[HKLM\~\startupfolder\C:^Documents and Settings^big tiny^Start Menu^Programs^Startup^RAR Password Cracker.lnk]
path=C:\Documents and Settings\big tiny\Start Menu\Programs\Startup\RAR Password Cracker.lnk
backup=C:\WINDOWS\pss\RAR Password Cracker.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2002-12-17 13:28 684032 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
--a------ 2003-01-20 23:57 106574 C:\Program Files\ATI Multimedia\main\LaunchPd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Scheduler]
--a------ 2003-01-20 23:53 36942 C:\Program Files\ATI Multimedia\main\AtiSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2003-01-21 22:00 315392 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CitiVAN]
--a------ 2004-08-12 14:51 192512 C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
--a------ 2002-04-03 02:01 135264 C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 22:34 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-11-15 16:18 1670144 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2003-02-20 00:49 2185800 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2004-09-21 10:57 204845 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RepliGo Assistant]
--a------ 2004-03-19 17:02 167936 C:\Program Files\Cerience\RepliGo\RepliGoMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-12-28 11:27 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-09-21 10:57 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 02:00 90112 C:\WINDOWS\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
--a------ 2004-11-12 13:24 106557 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2001-09-04 17:24 28672 C:\WINDOWS\SYSTEM32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DVDSentry"=C:\WINDOWS\System32\DSentry.exe
"QuickTime Task"="C:\Program Files\QuickTime\QuickTime\qttask.exe" -atboottime
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9000:TCP"= 9000:TCP:SlimServer 9000 tcp
"3483:UDP"= 3483:UDP:SlimServer 3483 udp
"3483:TCP"= 3483:TCP:SlimServer 3483 tcp

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-01-21 22336]
R1 Asapi;Asapi;C:\WINDOWS\System32\drivers\Asapi.sys [2000-01-08 10240]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-05-09 45376]
R2 psi_kbd_filter_2k;psi_kbd_filter_2k;C:\WINDOWS\System32\psikbdfiltdrv.sys [2001-12-10 46312]
S3 UKS11LDR;M-Audio USB Keystation Loader;C:\WINDOWS\System32\drivers\uks11ldr.sys [2004-09-24 13504]
S3 USBKT1X1;M-Audio USB Keystation;C:\WINDOWS\System32\drivers\usbkt1x1.sys [2004-09-24 22304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGNTDD
*Newly Created Service* - AVGNTMGR
*Newly Created Service* - AVIPBB
*Newly Created Service* - SSMDRV
.
Contents of the 'Scheduled Tasks' folder

2003-05-27 C:\WINDOWS\Tasks\ISP signup reminder 1.job
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE [2002-08-29 06:00]

2008-10-22 C:\WINDOWS\Tasks\WebReg Photosmart C7200 series.job
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 22:27]

2008-10-22 C:\WINDOWS\Tasks\{2A6C105A-89D3-4216-92BC-5BBEE3B264A3}_NEWPC_big tiny.job
- C:\WINDOWS\system32\MOBSYNC.EXE [2002-08-29 06:00]

2008-10-17 C:\WINDOWS\Tasks\{44C9490B-BA5C-434A-8717-6417FD8432FA}_NEWPC_big tiny.job
- C:\WINDOWS\system32\MOBSYNC.EXE [2002-08-29 06:00]

2008-10-22 C:\WINDOWS\Tasks\{7598EA0B-F73D-4A1C-9645-84FDD06200E1}_NEWPC_big tiny.job
- C:\WINDOWS\system32\MOBSYNC.EXE [2002-08-29 06:00]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-22 21:39:40
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-22 21:46:57
ComboFix-quarantined-files.txt 2008-10-23 01:46:54
ComboFix2.txt 2008-10-22 01:48:04
ComboFix3.txt 2008-10-21 03:29:49

Pre-Run: 12,100,513,792 bytes free
Post-Run: 12,177,022,976 bytes free

245 --- E O F --- 2008-08-23 03:12:33









Logfile of random's system information tool 1.04 (written by random/random)
Run by big tiny at 2008-10-22 21:58:13
Microsoft Windows XP Home Edition Service Pack 1
System drive C: has 12 GB (10%) free of 114 GB
Total RAM: 511 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:16 PM, on 10/22/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\ATI Multimedia\main\LaunchPd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD6459\AnyDVDtray.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\big tiny\Desktop\RSIT.exe
C:\Program Files\Hijackthis\big tiny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\System32\BhoCitUS.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: RepliGoIEHelperCtl Class - {91DE4477-9CDC-4806-9BCB-28A963988E94} - C:\Program Files\Cerience\RepliGo\RepliGoIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RepliGo - {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - C:\Program Files\Cerience\RepliGo\RepliGoIEBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD6459\AnyDVDtray.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://cehomenet.coned.com/InternalSite/WhlCompMgr.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://encarta.msn.com/encnet/external/MSSurVid.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - C:\Program Files\SlimServer\server\slim.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 8312 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\WebReg Photosmart C7200 series.job
C:\WINDOWS\tasks\{2A6C105A-89D3-4216-92BC-5BBEE3B264A3}_NEWPC_big tiny.job
C:\WINDOWS\tasks\{44C9490B-BA5C-434A-8717-6417FD8432FA}_NEWPC_big tiny.job
C:\WINDOWS\tasks\{7598EA0B-F73D-4A1C-9645-84FDD06200E1}_NEWPC_big tiny.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{387EDF53-1CF2-4523-BC2F-13462651BE8C}]
CitiUSBrowserHelper Class - C:\WINDOWS\System32\BhoCitUS.dll [2004-08-05 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91DE4477-9CDC-4806-9BCB-28A963988E94}]
RepliGoIEHelperCtl Class - C:\Program Files\Cerience\RepliGo\RepliGoIEHelper.dll [2004-03-19 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-12-28 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2003-09-17 844048]
{81F4066B-F330-4872-8094-3E9FBCCEC8C1} - &RepliGo - C:\Program Files\Cerience\RepliGo\RepliGoIEBar.dll [2004-03-19 176128]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-04 343112]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-12-28 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WD Button Manager"=C:\WINDOWS\system32\WDBtnMgr.exe [2004-10-11 143360]
"SetIcon"=\Program Files\WDC\SetIcon.exe [2004-04-28 42496]
"QuickTime Task"=C:\Program Files\QuickTime\QuickTime\qttask.exe [2007-06-29 286720]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-03-13 919016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2003-04-22 413775]
"ATI Launchpad"=C:\Program Files\ATI Multimedia\main\LaunchPd.exe [2003-01-20 106574]
"ctfmon.exe"=C:\WINDOWS\System32\ctfmon.exe [2002-08-29 13312]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-11-15 1670144]
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD6459\AnyDVDtray.exe [2008-08-01 2161600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
C:\Program Files\ATI Multimedia\main\LaunchPd.exe [2003-01-20 106574]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Scheduler]
C:\Program Files\ATI Multimedia\main\ATISched.EXE [2003-01-20 36942]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-01-21 315392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CitiVAN]
C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe [2004-08-12 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [2002-04-03 135264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-11-15 1670144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2003-02-20 2185800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2004-09-21 204845]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RepliGo Assistant]
C:\Program Files\Cerience\RepliGo\RepliGoMon.exe [2004-03-19 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2007-12-28 171448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-09-21 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe [2004-11-12 106557]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
C:\PROGRA~1\AOLCOM~1\COMPAN~1.EXE /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SlimServer Tray Tool.lnk]
C:\PROGRA~1\SLIMSE~1\SlimTray.exe [2006-09-20 1183813]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^big tiny^Start Menu^Programs^Startup^ListProAlarms.lnk.disabled]
C:\Documents and Settings\big tiny\Start Menu\Programs\Startup\ListProAlarms.lnk.disabled []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^big tiny^Start Menu^Programs^Startup^RAR Password Cracker.lnk]
C:\PROGRA~1\RARPAS~1\rpc.exe /c C:\DOCUME~1\BIGTIN~1\Desktop\TEMPPP~1\NOOOOO~1.RPC []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2008-10-22 21:47:01 ----D---- C:\WINDOWS\temp
2008-10-22 21:46:59 ----A---- C:\ComboFix.txt
2008-10-21 22:02:08 ----D---- C:\Program Files\Avira
2008-10-21 22:02:08 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-20 23:02:59 ----A---- C:\Boot.bak
2008-10-20 23:02:47 ----D---- C:\cmdcons
2008-10-20 23:00:49 ----A---- C:\WINDOWS\zip.exe
2008-10-20 23:00:49 ----A---- C:\WINDOWS\VFIND.exe
2008-10-20 23:00:49 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-20 23:00:49 ----A---- C:\WINDOWS\SWSC.exe
2008-10-20 23:00:49 ----A---- C:\WINDOWS\SWREG.exe
2008-10-20 23:00:49 ----A---- C:\WINDOWS\sed.exe
2008-10-20 23:00:49 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-20 23:00:49 ----A---- C:\WINDOWS\grep.exe
2008-10-20 23:00:49 ----A---- C:\WINDOWS\fdsv.exe
2008-10-20 23:00:44 ----D---- C:\WINDOWS\ERDNT
2008-10-20 23:00:43 ----D---- C:\Qoobox
2008-10-19 14:38:43 ----D---- C:\WINDOWS\Sun
2008-10-19 14:38:43 ----D---- C:\Documents and Settings\big tiny\Application Data\Sun
2008-10-19 14:37:35 ----A---- C:\WINDOWS\System32\javaws.exe
2008-10-19 14:37:35 ----A---- C:\WINDOWS\System32\javaw.exe
2008-10-19 14:37:35 ----A---- C:\WINDOWS\System32\java.exe
2008-10-19 14:36:43 ----D---- C:\Program Files\Java
2008-10-19 14:36:26 ----D---- C:\Program Files\Common Files\Java
2008-10-19 14:29:07 ----D---- C:\rsit
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP51c9.tmp
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP50bf.tmp
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP50a0.tmp
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP4cf7.tmp
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP4c99.tmp
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP4b9f.tmp
2008-09-12 18:54:51 ----A---- C:\WINDOWS\DUMP26b2.tmp
2008-09-09 21:14:32 ----A---- C:\WINDOWS\DUMP51aa.tmp
2008-09-09 21:14:32 ----A---- C:\WINDOWS\DUMP50cf.tmp
2008-09-07 17:32:06 ----A---- C:\WINDOWS\DUMP4854.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP45a4.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP4248.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP2942.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP2932.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP2693.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP2673.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP24cd.tmp
2008-09-06 16:45:44 ----A---- C:\WINDOWS\DUMP2450.tmp
2008-08-11 21:30:20 ----D---- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-08-11 21:08:31 ----D---- C:\Documents and Settings\big tiny\Application Data\Vso
2008-08-10 18:27:38 ----D---- C:\Program Files\DVDFab 5075

======List of files/folders modified in the last 3 months======

2008-10-22 21:58:14 ----D---- C:\Program Files\Hijackthis
2008-10-22 21:47:04 ----D---- C:\WINDOWS\SYSTEM32
2008-10-22 21:47:01 ----D---- C:\WINDOWS
2008-10-22 21:46:28 ----D---- C:\WINDOWS\System32\CatRoot2
2008-10-22 21:39:35 ----A---- C:\WINDOWS\system.ini
2008-10-22 21:37:43 ----D---- C:\WINDOWS\System32\DRIVERS
2008-10-22 21:37:42 ----D---- C:\Program Files\Common Files
2008-10-22 21:37:41 ----D---- C:\WINDOWS\AppPatch
2008-10-22 21:34:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-22 21:33:47 ----D---- C:\WINDOWS\Prefetch
2008-10-21 22:09:14 ----D---- C:\WINDOWS\Internet Logs
2008-10-21 22:05:41 ----D---- C:\WINDOWS\Minidump
2008-10-21 22:02:08 ----RD---- C:\Program Files
2008-10-21 21:52:54 ----D---- C:\Program Files\Grisoft
2008-10-21 21:50:56 ----D---- C:\WINDOWS\SYSTEM
2008-10-20 23:21:13 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI
2008-10-20 23:16:19 ----D---- C:\WINDOWS\System32\CONFIG
2008-10-20 23:02:59 ----RASH---- C:\BOOT.INI
2008-10-19 14:38:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-19 14:37:38 ----SHD---- C:\WINDOWS\Installer
2008-10-14 09:26:47 ----D---- C:\Temp
2008-10-02 05:06:48 ----SHD---- C:\System Volume Information
2008-09-23 22:43:46 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-06 14:30:23 ----A---- C:\WINDOWS\DUMP4853.tmp
2008-09-06 14:27:48 ----A---- C:\WINDOWS\DUMP2422.tmp
2008-09-06 13:01:22 ----A---- C:\WINDOWS\DUMP29de.tmp
2008-09-06 12:55:27 ----A---- C:\WINDOWS\DUMP492e.tmp
2008-09-06 12:52:40 ----A---- C:\WINDOWS\DUMP467e.tmp
2008-09-06 12:45:33 ----A---- C:\WINDOWS\DUMP2579.tmp
2008-09-06 10:34:58 ----A---- C:\WINDOWS\DUMP2376.tmp
2008-09-05 04:23:11 ----A---- C:\WINDOWS\DUMP2829.tmp
2008-09-05 04:20:00 ----A---- C:\WINDOWS\DUMP4c3b.tmp
2008-09-04 23:32:30 ----A---- C:\WINDOWS\DUMP4352.tmp
2008-09-04 22:34:55 ----A---- C:\WINDOWS\DUMP43bf.tmp
2008-09-04 22:28:52 ----A---- C:\WINDOWS\DUMP2981.tmp
2008-09-04 22:23:06 ----A---- C:\WINDOWS\DUMP2971.tmp
2008-09-03 22:41:57 ----A---- C:\WINDOWS\DUMP43a0.tmp
2008-09-02 22:37:07 ----A---- C:\WINDOWS\DUMP25f6.tmp
2008-09-02 22:29:26 ----A---- C:\WINDOWS\DUMP250c.tmp
2008-09-02 22:27:03 ----A---- C:\WINDOWS\DUMP4a38.tmp
2008-09-02 21:12:23 ----A---- C:\WINDOWS\DUMP46fb.tmp
2008-09-01 13:36:05 ----A---- C:\WINDOWS\DUMP248f.tmp
2008-08-31 07:36:26 ----A---- C:\WINDOWS\DUMP2654.tmp
2008-08-31 07:33:11 ----A---- C:\WINDOWS\DUMP271f.tmp
2008-08-31 07:23:33 ----A---- C:\WINDOWS\DUMP46bd.tmp
2008-08-30 14:40:56 ----A---- C:\WINDOWS\DUMP2441.tmp
2008-08-30 13:01:31 ----A---- C:\WINDOWS\DUMP4ad4.tmp
2008-08-30 12:58:29 ----A---- C:\WINDOWS\DUMP4390.tmp
2008-08-30 11:59:35 ----A---- C:\WINDOWS\DUMP2952.tmp
2008-08-30 11:42:11 ----A---- C:\WINDOWS\DUMP5b10.tmp
2008-08-30 11:41:53 ----RSHD---- C:\WINDOWS\System32\DLLCACHE
2008-08-30 11:41:53 ----HD---- C:\WINDOWS\INF
2008-08-30 11:38:46 ----A---- C:\WINDOWS\DUMP2ccc.tmp
2008-08-30 11:37:08 ----A---- C:\WINDOWS\DUMP4834.tmp
2008-08-26 04:13:40 ----A---- C:\WINDOWS\NeroDigital.ini
2008-08-25 23:33:49 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-25 23:33:07 ----D---- C:\Documents and Settings\big tiny\Application Data\RipIt4Me
2008-08-25 23:10:41 ----D---- C:\WINDOWS\System32\Restore
2008-08-18 04:55:45 ----D---- C:\Documents and Settings\All Users\Application Data\Retrospect
2008-08-11 22:17:32 ----D---- C:\Program Files\SlySoft
2008-08-06 23:18:35 ----D---- C:\WINDOWS\Registration
2008-08-05 14:11:01 ----A---- C:\WINDOWS\System32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Asapi;Asapi; C:\WINDOWS\System32\drivers\Asapi.sys [2000-01-08 10240]
R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2008-05-09 45376]
R1 avipbb;avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\System32\drivers\Cdr4_xp.sys [2007-03-07 9336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\System32\drivers\Cdralw2k.sys [2007-03-07 9464]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\System32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-07-19 17153]
R1 pwd_2k;pwd_2k; C:\WINDOWS\System32\drivers\pwd_2k.sys [2003-04-23 143834]
R1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [2006-08-16 205120]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\System32\drivers\UdfReadr_xp.sys [2003-04-23 206464]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-03-13 394952]
R2 ATITUNEP;ATI WDM TV Tuner; C:\WINDOWS\System32\DRIVERS\atintuxx.sys [2003-01-21 37888]
R2 ATIXSAudio;ATI WDM TV Audio Crossbar; C:\WINDOWS\System32\DRIVERS\atinxsxx.sys [2003-01-21 61440]
R2 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [2003-01-21 13824]
R2 PCDCODEC;ATI WDM Specialized PCD Codec; C:\WINDOWS\System32\DRIVERS\atinpdxx.sys [2003-01-21 13312]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R2 psi_kbd_filter_2k;psi_kbd_filter_2k; \??\C:\WINDOWS\System32\psikbdfiltdrv.sys []
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-08-01 99648]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2002-08-29 57344]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-01-21 546560]
R3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [2003-01-21 102400]
R3 ativraxx;ATI WDM Rage Theater Audio; C:\WINDOWS\System32\DRIVERS\atinraxx.sys [2003-01-21 50176]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2002-08-29 68864]
R3 dvd_2K;dvd_2K; C:\WINDOWS\System32\drivers\dvd_2K.sys [2003-04-23 25898]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-01-20 140288]
R3 MxlW2k;MxlW2k; C:\WINDOWS\System32\drivers\MxlW2k.sys [2003-04-23 28164]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2002-08-29 57984]
R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2002-08-30 1293440]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-11-11 9856]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\System32\DRIVERS\tunmp.sys [2006-08-16 11776]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-08-29 19328]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2002-08-29 37504]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2002-08-29 68864]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\System32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2002-12-04 16384]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2001-08-17 138240]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2001-08-17 12672]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2001-08-17 12288]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2001-08-17 12032]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2001-08-17 12160]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2001-08-17 18688]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2001-08-17 29440]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2001-08-17 19456]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys [2001-08-17 44928]
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2001-08-17 31104]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2001-08-17 23680]
S3 mmc_2K;mmc_2K; C:\WINDOWS\System32\drivers\mmc_2K.sys [2003-04-23 30630]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2002-12-04 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2002-12-07 10112]
S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\System32\drivers\NMSCFG.SYS []
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-08-29 891711]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2002-12-04 10880]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2002-12-04 14976]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 UKS11LDR;M-Audio USB Keystation Loader; C:\WINDOWS\system32\drivers\uks11ldr.sys [2004-09-24 13504]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160]
S3 USBKT1X1;M-Audio USB Keystation; C:\WINDOWS\system32\drivers\usbkt1x1.sys [2004-09-24 22304]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 usbser;USB Modem Driver; C:\WINDOWS\System32\DRIVERS\usbser.sys [2001-08-17 24192]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [2003-02-22 31273]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2002-12-04 18688]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2001-08-17 29056]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2001-08-17 27648]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2001-08-17 27648]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2001-08-17 26112]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2001-08-17 27392]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\System32\svchost.exe [2002-08-29 12800]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-01-21 147456]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2002-08-29 12800]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2002-08-29 12800]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2002-08-29 12800]
R2 RetroLauncher;Retrospect Launcher; C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe [2003-11-12 49152]
R2 RetroWDSvc;Retrospect WD Service; C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe [2003-12-12 46592]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-10-11 38912]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2002-08-29 12800]
S2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]
S2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-07 149761]
S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe [2008-03-13 75304]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-28 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NMSSvc;Intel® NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-10-10 1118208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 slimsvc;SlimServer; C:\Program Files\SlimServer\server\slim.exe [2006-09-20 6352963]

-----------------EOF-----------------

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 23 October 2008 - 07:17 AM

Hi hitpro.

hi. i ran DAFT. it found 1 faulty association, an AutoCAD script file. i mistakingly fixed it before i saved the log. so i don't have a DAFT log to show.
i do have the other logs, tho.

Thats okay, as long as you fixed it its fine. :)

Any other Problems?

If not then...

Congratulations! You now appear clean! :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Install Service Pack 2

Please install Service Pack 2. This will further increase your computer's security. You can find instructionvs on how to do so here.

Was there any problems while doing any of the updates/installments, if there was any issues/problems please specify in your next reply.

Also how are things going on the computer any remaining promblems with your computer.

Install Firewall

Install a third-party firewall from the following selection of excellent programsThe main reason you would prefer a third-party firewall over the Windows XP Firewall is because Windows Firewall only stops incoming signals from accessing your computer. However, it will not stop Outgoing signles (possibly ones that could intrude your privacy) from sending information to the Internet or to other networks.

After you have installed one of the above firewalls, please disable your Windows Firewall, if you had it enabled.

A tutorial on firewall can be found here

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Click on your Start Menu, then Run....
  • Now type combofix /u in the runbox and click OK. Notice the space between the "x" and "/".
    Posted Image
  • When shown the disclaimer, Select "2"
This will remove files/folders assoicated with combofix and uninstall it.

System Still Slow?

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

Preventing Infections


Please also have a look at the following links, giving some advice and suggestions for preventing future infections:I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache! Posted Image
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
  • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

For a nice list of freeware programmes in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.

Some Other Recommendations are:

Below are some recommendations to lower your chances of (re)infection.
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck :thumbsup:


If you have no more questions, comments, problems or concerns please tell us so we can close off the topic.

Thanks :)

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 hitpro

hitpro
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 25 October 2008 - 10:48 AM

hi. sorry for the delay. been working my *** off lately. lol

thanks for the help. i installed SP2 and uninstalled combofix. i don't know if the pc is any faster or not yet. that's something i will check as the days go on.

a few things to note:
- it looked like avira didn't install correctly because it wasn't in my system tray. so when i opened it manually and tried to configure it OR run an update nothing happened. so i installed it again. all is well there now.
- when i downloaded SP2 it had me download a lot of other updates(i guessed they were related to SP2).

a couple of questions for you:
- what about daft and rsit? i guess i should uninstall those too?
- i got a prompt to install SP3. it looked like I downloaded it along with the other updates. should I install it? if not, how do I get rid of the reminder icon in the sytem tray?
- if you don't mind, i'd like to know why I saved those text files and dragged them into combofix? what were they? [just for my knowledge]


with all of that said, i'd like to thank you again for helping me. :thumbsup: :) i will heed your advice you gave.

Edited by hitpro, 25 October 2008 - 10:52 AM.


#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 25 October 2008 - 11:19 AM

Hi Hitpro.

No problem.

- it looked like avira didn't install correctly because it wasn't in my system tray. so when i opened it manually and tried to configure it OR run an update nothing happened. so i installed it again. all is well there now.

Glad to hear you resolved the problem yourself :)

- when i downloaded SP2 it had me download a lot of other updates(i guessed they were related to SP2).

It may not be related to Sp2 but if they wanted you to download/install it, then I suggest you do because it is probably another patch.
Also do you still the note at the top of the forum:

Important Announcement: All users MUST install their Windows Updates today. If you do not have Automatic Updates enabled, then please follow the instructions in this tutorial in order to do so. Once it is enabled, I then suggest you use Internet Explorer and visit http://www.windowsupdate.com and download the latest security and critical updates now instead of waiting for Automatic Updates to download them for you.

As of yesterday, Microsoft released a security update, outside of their normal second Tuesday of each the month schedule, due to a security vulnerability that affects Windows 2000, Windows XP, and Windows 2003. The fact that they have released an update off of their normal schedule means that this vulnerabilty has the potential to cause wide spread computer infections. Due to this, we suggest that you install the security patch immediately.

If you have any questions regarding this vulnerability or installing the patch, please ask in this forum. Information about the vulnerability can be found here.

It could have been that patch that you updated, don't worry as long as you update and vist the windows update site, I would say it is good.

a couple of questions for you:
- what about daft and rsit? i guess i should uninstall those too?
- i got a prompt to install SP3. it looked like I downloaded it along with the other updates. should I install it? if not, how do I get rid of the reminder icon in the sytem tray?
- if you don't mind, i'd like to know why I saved those text files and dragged them into combofix? what were they? [just for my knowledge]
with all of that said, i'd like to thank you again for helping me. i will heed your advice you gave.

Sorry about that, yes you can remove RSIT and DAFT.

Sp3 is an optional service pack to install I installed it because I had a problem and installing it fixed it, you don't have to install it because there aren't much difference with the security issues and not much difference you can tell.
If you wish to install by all means do it. :thumbsup:
More information on SP3 can be found here.

Those text files were just a script that needed to be executed by Combofix. They should of been gone once you dragged it onto Combofix, if not once you did the Uninstall Switch all things associated with Combofix will be removed.

No Problem Glad I was able to help you. Any other questions, Comments? If not please reply back telling me so.

Thanks :)

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:57 PM

Posted 27 October 2008 - 02:30 PM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users