Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

complicated mess


  • This topic is locked This topic is locked
37 replies to this topic

#1 nomoretitanic

nomoretitanic

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 29 October 2008 - 06:39 AM

I stupidly opened a file that gave me a few viruses, I have managed to clean them out using malware bytes' anti-malware. I had trojan. fakealert, rootkit agent, heuristics.reserved.world.exploit, trojan.fakealert, malware.trace, fake.beep.sys., trojan.agent, trojan.bho, and a few of them repeatedly. I think I have finally purged them from my computer, but I am not entirely sure.
Since then, I have no been able to log into my computer under normal mode. When my computer was first infected with the virus, my task manager was disabled, and my userinit was modified. I followed some instructions that I found while googling the problem. Now when I try to log on in normal mode, a screen prompts me to type in my username and password (which has never happened before; I was always able to simply log right in), and when I enter my username (the default name is administrator), I am logged off immeidately.

my hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:36:18, on 10/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\lee\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
O4 - HKCU\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download the file(s) in D.S.Code - C:\Documents and Settings\lee\My Documents\DSLite2.07.45\DSLite2.07.45\DSLite2\dl_text.html
O8 - Extra context menu item: &Download the file(s) in D.S.Code-File - C:\Documents and Settings\lee\My Documents\DSLite2.07.45\DSLite2.07.45\DSLite2\dl_url.html
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\lee\My Documents\DSLite2.07.45\DSLite2.07.45\DSLite2\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\lee\My Documents\DSLite2.07.45\DSLite2.07.45\DSLite2\DSLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax4123.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JFHUBL - Unknown owner - C:\DOCUME~1\lee\LOCALS~1\Temp\JFHUBL.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8725 bytes

I have been sitting here for two days, trying to figure things out, and probably only making things worse. I tried updating everything to sp3 earlier this afternoon, which led to a disaster - booting in normal mode took an hour (no exaggeration) and I still got logged off immediately. I'd just uninstalled sp3. I am reluctant to re-format because I have lost quite a few original copies of my softwares when I moved. I am in safe mode with networking right now.

BC AdBot (Login to Remove)

 


#2 nomoretitanic

nomoretitanic
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 29 October 2008 - 05:56 PM

can someone at least point me the right direction, or explain to me why windows would log on then log off immediately under the normal mode, and if there's a way of examining all the drivers that are loading during the process to maybe pinpoint the faulty ones?

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:33 PM

Posted 29 October 2008 - 06:41 PM

Hi nomoretitanic,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

    Note 1:The logs will be created in this folder: C:\rsit

    Note 2:The tool takes not more than one minute to scan the system.
Tell me:
  • You pointed out corrupted userinit and you did something to repair it. What did you do?
  • When you boot to Safe Mode do you log in with the same account as when you try to log in to normal mode?
  • If you have changed anything since previous post.
  • If this is the only computer or you have another computer we can eventually use in case is needed.
  • If you have a Windows installation CD. Not that we need it now, just in case.


#4 nomoretitanic

nomoretitanic
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 29 October 2008 - 08:48 PM

log.txt:

Logfile of random's system information tool 1.04 (written by random/random)
Run by lee at 2008-10-29 18:39:17
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 2 GB (6%) free of 35 GB
Total RAM: 1022 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:39:35, on 10/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\lee\Desktop\RSIT.exe
C:\Documents and Settings\lee\Desktop\lee.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
O4 - HKCU\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download the file(s) in D.S.Code - C:\Documents and Settings\lee\My Documents\DSLite2.07.45\DSLite2.07.45\DSLite2\dl_text.html
O8 - Extra context menu item: &Download the file(s) in D.S.Code-File - C:\Documents and Settings\lee\My Documents\DSLite2.07.45\DSLite2.07.45\DSLite2\dl_url.html
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\lee\My Documents\DSLite2.07.45\DSLite2.07.45\DSLite2\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\lee\My Documents\DSLite2.07.45\DSLite2.07.45\DSLite2\DSLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax4123.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JFHUBL - Unknown owner - C:\DOCUME~1\lee\LOCALS~1\Temp\JFHUBL.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8766 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\$~$Sys0$.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-03-17 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DeadAIM"=C:\Program Files\AIM\\DeadAIM.ocm [2005-09-19 144896]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-03-22 352256]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [2008-10-16 599552]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-03-17 185896]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2006-04-06 61440]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3751936]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 425984]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-22 1273488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2006-11-30 4662776]
"AIM"=C:\Program Files\AIM\aim.exe [2005-08-05 67160]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 24064]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"=cmd.exe /C cscript C:\WINDOWS\Installer\TSClientMsiTrans\tscuinst.vbs []
"TSClientAXDisabler"=cmd.exe /C C:\WINDOWS\Installer\TSClientMsiTrans\tscdsbl.bat []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe [2008-10-18 289088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-22 1273488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1702912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-05-27 425984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-03-17 185896]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe
TotalMedia Backup Monitor.lnk - C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"_NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Edonkey Lite 1.4.3.2\edonkey2000.exe"="C:\Program Files\Edonkey Lite 1.4.3.2\edonkey2000.exe:*:Enabled:edonkey2000"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Disabled:Ares"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG Free\avgemc.exe"="C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\Program Files\Kuro\Kuro.exe"="C:\Program Files\Kuro\Kuro.exe:*:Enabled:Kuro"
"C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:*:Enabled:VoipBuster"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Documents and Settings\lee\My Documents\zsnesw142\zsnesw.exe"="C:\Documents and Settings\lee\My Documents\zsnesw142\zsnesw.exe:*:Enabled:zsnesw"
"C:\Program Files\mldonkey\mlnet.exe"="C:\Program Files\mldonkey\mlnet.exe:*:Enabled:MLdonkey - multiuser P2P daemon"
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Documents and Settings\lee\Desktop\mlnet.exe"="C:\Documents and Settings\lee\Desktop\mlnet.exe:*:Disabled:MLdonkey - multiuser P2P daemon"
"C:\Program Files\mldonkey\mldonkeywatch.exe"="C:\Program Files\mldonkey\mldonkeywatch.exe:*:Disabled:mldonkeywatch"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\SmartFTP\SmartFTP.exe"="C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP Client"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Documents and Settings\lee\Local Settings\Temp\Nero Web\SetupXu.exe"="C:\Documents and Settings\lee\Local Settings\Temp\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup"
"C:\Documents and Settings\lee\My Documents\Grim Launcher.exe"="C:\Documents and Settings\lee\My Documents\Grim Launcher.exe:*:Enabled:Grim Fandango Launcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2407cb9-fad9-11dc-b87b-00146c3473e6}]
shell\AutoRun\command - I:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-10-29 18:39:17 ----D---- C:\rsit
2008-10-29 03:39:44 ----D---- C:\Avenger
2008-10-29 03:24:47 ----A---- C:\WINDOWS\system32\7.tmp
2008-10-29 03:24:44 ----A---- C:\WINDOWS\system32\4.tmp
2008-10-29 02:29:44 ----SHD---- C:\RECYCLER
2008-10-29 01:53:10 ----D---- C:\WINDOWS\temp
2008-10-29 01:53:07 ----A---- C:\ComboFix.txt
2008-10-28 22:14:35 ----SH---- C:\WINDOWS\S0AC8909C.tmp
2008-10-28 22:11:16 ----A---- C:\Boot.bak
2008-10-28 22:11:02 ----RASHD---- C:\cmdcons
2008-10-28 22:09:50 ----A---- C:\WINDOWS\zip.exe
2008-10-28 22:09:50 ----A---- C:\WINDOWS\VFIND.exe
2008-10-28 22:09:50 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-28 22:09:50 ----A---- C:\WINDOWS\SWSC.exe
2008-10-28 22:09:50 ----A---- C:\WINDOWS\SWREG.exe
2008-10-28 22:09:50 ----A---- C:\WINDOWS\sed.exe
2008-10-28 22:09:50 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-28 22:09:50 ----A---- C:\WINDOWS\grep.exe
2008-10-28 22:09:50 ----A---- C:\WINDOWS\fdsv.exe
2008-10-28 22:09:46 ----D---- C:\WINDOWS\ERDNT
2008-10-28 22:09:46 ----D---- C:\Qoobox
2008-10-28 19:53:24 ----D---- C:\WINDOWS\system32\scripting
2008-10-28 19:53:23 ----D---- C:\WINDOWS\l2schemas
2008-10-28 19:53:22 ----D---- C:\WINDOWS\system32\en
2008-10-28 19:53:21 ----D---- C:\WINDOWS\system32\bits
2008-10-28 18:42:21 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-10-28 18:42:20 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2008-10-28 18:40:37 ----A---- C:\WINDOWS\system32\ntprint.dll
2008-10-28 18:40:37 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2008-10-28 18:40:37 ----A---- C:\WINDOWS\system32\ntdll.dll
2008-10-28 18:40:37 ----A---- C:\WINDOWS\system32\nslookup.exe
2008-10-28 18:40:37 ----A---- C:\WINDOWS\system32\msv1_0.dll
2008-10-28 18:40:37 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-10-28 18:40:37 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2008-10-28 18:40:37 ----A---- C:\WINDOWS\system32\lsasrv.dll
2008-10-28 18:40:37 ----A---- C:\WINDOWS\system32\locator.exe
2008-10-28 18:40:37 ----A---- C:\WINDOWS\system32\localspl.dll
2008-10-28 18:40:37 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2008-10-28 18:40:37 ----A---- C:\WINDOWS\system32\kernel32.dll
2008-10-28 18:40:37 ----A---- C:\WINDOWS\system32\imagehlp.dll
2008-10-28 18:40:37 ----A---- C:\WINDOWS\system32\ftp.exe
2008-10-28 18:40:37 ----A---- C:\WINDOWS\system32\format.com
2008-10-28 18:40:37 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2008-10-28 18:40:37 ----A---- C:\WINDOWS\system32\csrsrv.dll
2008-10-28 18:40:37 ----A---- C:\WINDOWS\system32\comdlg32.dll
2008-10-28 18:40:37 ----A---- C:\WINDOWS\system32\comctl32.dll
2008-10-28 18:40:37 ----A---- C:\WINDOWS\system32\cmd.exe
2008-10-28 18:40:37 ----A---- C:\WINDOWS\system32\cacls.exe
2008-10-28 18:40:37 ----A---- C:\WINDOWS\system32\autoconv.exe
2008-10-28 18:40:37 ----A---- C:\WINDOWS\system32\autochk.exe
2008-10-28 18:40:37 ----A---- C:\WINDOWS\system32\advapi32.dll
2008-10-28 18:40:36 ----A---- C:\WINDOWS\system32\perfctrs.dll
2008-10-28 18:40:36 ----A---- C:\WINDOWS\system32\olecnv32.dll
2008-10-28 18:40:36 ----A---- C:\WINDOWS\system32\oleaut32.dll
2008-10-28 18:40:36 ----A---- C:\WINDOWS\system32\nwprovau.dll
2008-10-28 18:40:36 ----A---- C:\WINDOWS\system32\ntvdm.exe
2008-10-28 18:40:35 ----A---- C:\WINDOWS\system32\userinit.exe
2008-10-28 18:40:35 ----A---- C:\WINDOWS\system32\untfs.dll
2008-10-28 18:40:35 ----A---- C:\WINDOWS\system32\ulib.dll
2008-10-28 18:40:35 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2008-10-28 18:40:35 ----A---- C:\WINDOWS\system32\syssetup.dll
2008-10-28 18:40:35 ----A---- C:\WINDOWS\system32\srvsvc.dll
2008-10-28 18:40:35 ----A---- C:\WINDOWS\system32\smss.exe
2008-10-28 18:40:35 ----A---- C:\WINDOWS\system32\setupapi.dll
2008-10-28 18:40:35 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-10-28 18:40:35 ----A---- C:\WINDOWS\system32\services.exe
2008-10-28 18:40:35 ----A---- C:\WINDOWS\system32\schannel.dll
2008-10-28 18:40:35 ----A---- C:\WINDOWS\system32\scardsvr.exe
2008-10-28 18:40:35 ----A---- C:\WINDOWS\system32\savedump.exe
2008-10-28 18:40:35 ----A---- C:\WINDOWS\system32\samsrv.dll
2008-10-28 18:40:35 ----A---- C:\WINDOWS\system32\samlib.dll
2008-10-28 18:40:35 ----A---- C:\WINDOWS\system32\rshx32.dll
2008-10-28 18:40:35 ----A---- C:\WINDOWS\system32\rastapi.dll
2008-10-28 18:40:35 ----A---- C:\WINDOWS\system32\rasman.dll
2008-10-28 18:40:35 ----A---- C:\WINDOWS\system32\rasdlg.dll
2008-10-28 18:40:35 ----A---- C:\WINDOWS\system32\rasauto.dll
2008-10-28 18:40:35 ----A---- C:\WINDOWS\system32\rasapi32.dll
2008-10-28 18:40:35 ----A---- C:\WINDOWS\system32\printui.dll
2008-10-28 18:40:34 ----A---- C:\WINDOWS\system32\wkssvc.dll
2008-10-28 18:40:34 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-10-28 18:40:31 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-10-28 18:40:31 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-10-28 18:40:31 ----A---- C:\WINDOWS\system32\hal.dll
2008-10-28 18:40:31 ----A---- C:\WINDOWS\system32\asfsipc.dll
2008-10-28 18:39:57 ----D---- C:\WINDOWS\EHome
2008-10-28 18:09:12 ----D---- C:\~ErdUserProfile.$$$
2008-10-28 17:01:07 ----D---- C:\Program Files\CCleaner
2008-10-28 02:13:54 ----D---- C:\pebuilder3110a
2008-10-27 20:06:21 ----A---- C:\WINDOWS\system32\tmp.txt
2008-10-27 20:06:10 ----A---- C:\rapport.txt
2008-10-27 20:05:57 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-10-27 20:05:57 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-10-27 20:05:57 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-10-27 20:05:57 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-10-27 20:05:57 ----A---- C:\WINDOWS\system32\Process.exe
2008-10-27 20:05:57 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-10-27 20:05:57 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-10-27 20:05:57 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-10-27 20:05:57 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-10-27 20:05:57 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-27 20:05:57 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-10-27 11:50:22 ----A---- C:\WINDOWS\system32\hgapt32.dll
2008-10-27 11:37:17 ----D---- C:\Documents and Settings\lee\Application Data\Malwarebytes
2008-10-27 10:26:26 ----A---- C:\avenger.txt
2008-10-27 10:17:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-27 10:17:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-23 20:31:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-18 10:40:02 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-18 10:40:02 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-18 10:40:02 ----A---- C:\WINDOWS\system32\java.exe
2008-10-18 10:35:27 ----D---- C:\Program Files\DNA
2008-10-18 10:35:22 ----D---- C:\Documents and Settings\lee\Application Data\DNA
2008-10-14 17:17:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-14 17:17:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-14 17:17:11 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-14 17:15:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-14 17:14:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

======List of files/folders modified in the last 1 months======

2008-10-29 18:36:58 ----D---- C:\Program Files\Mozilla Firefox
2008-10-29 18:35:43 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-29 04:11:22 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-29 03:39:44 ----RD---- C:\Program Files
2008-10-29 03:39:44 ----D---- C:\WINDOWS\system32\drivers
2008-10-29 03:38:34 ----D---- C:\WINDOWS\system32
2008-10-29 03:38:34 ----D---- C:\WINDOWS
2008-10-29 03:26:26 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-29 02:28:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-29 02:17:42 ----D---- C:\WINDOWS\system32\wbem
2008-10-29 02:17:42 ----D---- C:\WINDOWS\AppPatch
2008-10-29 02:17:41 ----D---- C:\WINDOWS\system32\Setup
2008-10-29 02:17:30 ----RSD---- C:\WINDOWS\Fonts
2008-10-29 02:14:10 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-29 02:11:00 ----D---- C:\Program Files\Messenger
2008-10-29 02:10:58 ----RD---- C:\WINDOWS\Web
2008-10-29 02:10:47 ----D---- C:\WINDOWS\system32\usmt
2008-10-29 02:10:35 ----D---- C:\WINDOWS\system32\Restore
2008-10-29 02:10:26 ----D---- C:\WINDOWS\system32\oobe
2008-10-29 02:10:23 ----D---- C:\WINDOWS\system32\npp
2008-10-29 02:10:00 ----D---- C:\WINDOWS\system32\Com
2008-10-29 02:06:28 ----D---- C:\WINDOWS\system
2008-10-29 02:06:27 ----D---- C:\WINDOWS\srchasst
2008-10-29 02:06:26 ----D---- C:\WINDOWS\PeerNet
2008-10-29 02:06:23 ----D---- C:\WINDOWS\network diagnostic
2008-10-29 02:06:18 ----D---- C:\WINDOWS\msagent
2008-10-29 02:06:16 ----HD---- C:\WINDOWS\inf
2008-10-29 02:05:54 ----D---- C:\WINDOWS\ime
2008-10-29 02:05:51 ----D---- C:\WINDOWS\Help
2008-10-29 02:05:39 ----D---- C:\Program Files\Windows NT
2008-10-29 02:05:39 ----D---- C:\Program Files\Windows Media Player
2008-10-29 02:05:37 ----D---- C:\Program Files\Outlook Express
2008-10-29 02:05:35 ----D---- C:\Program Files\NetMeeting
2008-10-29 02:05:30 ----D---- C:\Program Files\Movie Maker
2008-10-29 02:05:13 ----D---- C:\Program Files\Common Files\System
2008-10-29 01:59:50 ----SD---- C:\WINDOWS\Tasks
2008-10-29 01:32:42 ----A---- C:\WINDOWS\system.ini
2008-10-28 22:13:20 ----D---- C:\WINDOWS\system32\config
2008-10-28 22:12:17 ----D---- C:\Program Files\Common Files
2008-10-28 22:11:16 ----RASH---- C:\boot.ini
2008-10-28 20:06:40 ----D---- C:\WINDOWS\security
2008-10-28 20:05:47 ----A---- C:\WINDOWS\imsins.BAK
2008-10-28 19:57:11 ----A---- C:\WINDOWS\setuplog.txt
2008-10-28 19:56:05 ----D---- C:\WINDOWS\WinSxS
2008-10-28 19:53:45 ----D---- C:\WINDOWS\system32\en-US
2008-10-28 19:53:23 ----SHD---- C:\WINDOWS\Installer
2008-10-28 18:45:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-28 17:13:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-28 16:33:20 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
2008-10-28 14:55:48 ----A---- C:\WINDOWS\system32\winlogon.exe
2008-10-27 20:59:06 ----A---- C:\Documents and Settings\lee\Application Data\burnaware.ini
2008-10-27 09:37:55 ----D---- C:\WINDOWS\Registration
2008-10-27 09:37:06 ----D---- C:\Documents and Settings\lee\Application Data\BitTorrent
2008-10-27 09:27:05 ----D---- C:\Program Files\Internet Explorer
2008-10-26 12:16:22 ----D---- C:\Program Files\Soulseek
2008-10-23 20:28:36 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-18 10:40:07 ----D---- C:\Config.Msi
2008-10-18 10:40:01 ----D---- C:\Program Files\Java
2008-10-18 10:35:42 ----D---- C:\Program Files\BitTorrent
2008-10-15 09:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-14 17:41:44 ----D---- C:\Program Files\eMule
2008-10-10 23:54:59 ----D---- C:\WINDOWS\Minidump
2008-10-07 12:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 10:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-01 11:41:34 ----D---- C:\Program Files\Incomplete

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-20 10760]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-04 12160]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-15 34760]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 wg111nd5;NETGEAR WG111 802.11g Wireless USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\wg111nd5.sys [2004-06-04 379488]
S1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-25 821856]
S1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2006-11-04 4224]
S1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-02-25 27776]
S1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
S1 vcdrom;Virtual CD-ROM Device Driver; \??\C:\WINDOWS\system32\drivers\VCdRom.sys []
S2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2006-11-04 4960]
S2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.10; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2007-08-11 15890]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 ATHFMWDL;NETGEAR WPN111 Bootloader driver; C:\WINDOWS\System32\Drivers\athwpn.sys [2004-10-14 43392]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-04-15 1130496]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 azxnzlug;azxnzlug; C:\WINDOWS\system32\drivers\azxnzlug.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\DNINDIS5.SYS []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-03-23 47360]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-06-14 180864]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service; C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-01-07 286720]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-04-15 376832]
S2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [2007-10-25 427520]
S2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [2006-11-04 58368]
S2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [2007-12-20 415232]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 241664]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 276480]
S2 IAANTMon;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [2005-04-25 98430]
S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2007-08-10 26488]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 284672]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2005-09-20 76800]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 bepldr;BCL easyPDF SDK 5 Loader; C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe [2008-02-11 163840]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 81920]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 JFHUBL;JFHUBL; C:\DOCUME~1\lee\LOCALS~1\Temp\JFHUBL.exe []
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 Ps10wimeel;Ps10wimeel; C:\WINDOWS\system32\drivers\aha154x.sys [2001-08-17 12800]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 922112]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 23040]

-----------------EOF-----------------

info.txt:
info.txt logfile of random's system information tool 1.04 2008-10-29 18:39:44

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.23-->"C:\Program Files\7-Zip\Uninstall.exe"
AC3 Decoder v.1.2.4b-->C:\PROGRA~1\MEDIAT~1\AC3DEC~1\UNWISE.EXE C:\PROGRA~1\MEDIAT~1\AC3DEC~1\INSTALL.LOG
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe After Effects 6.0-->MsiExec.exe /I{1EC60864-A294-44BF-984A-3E8867D74EA2}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe MPEG Encoder-->MsiExec.exe /I{9811A185-3D3D-11D6-9E14-00036D172B00}
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Premiere Pro 1.5-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{A14F7508-B784-40B8-B11A-E0E2EEB7229F}\setup.exe" -l0x0009
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader Chinese Traditional Fonts-->MsiExec.exe /I{AC76BA86-7AD7-2448-0000-705000000001}
Advanced RealMedia Export Plug-in for Premiere 6.0-->C:\Program Files\Adobe\Premiere 6.5\Plug-ins\RNCompiler\rnuninst.exe RealNetworks|RNCompiler|6.0
AIM "You've Got Pictures" Picture Finder Plugin v9.5.1.8-->C:\Program Files\Common Files\YGP\Plugins\AIM\9_5_1_8a\YGPInstallerAim.exe /u -d"AIM" -p"AIM" -len-US-AIM
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft TotalMedia Backup & Record-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF6F70D0-C242-4047-946B-98EA8208481A}\Setup.exe" -l0x9
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free Edition-->C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
AVI Splitter-->"C:\Program Files\avisplit\unins000.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BSPlayer-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
BurnAware Free Edition-->"C:\Documents and Settings\All Users\Application Data\{299A4764-43F6-4187-8CA5-672EB6C4D431}\burnaware_free.exe" REMOVE=TRUE MODIFY=FALSE
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
Data Lifeguard Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
DeadAIM-->MsiExec.exe /I{0F8F3415-CB0A-49A6-A23A-D8390444B127}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Picture Studio v3.0-->MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
Dell Support 3.1-->MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC}
Digidesign DigiDelivery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5676E8F9-B222-49FB-81B7-7998D17EDC4B}\Setup.exe" -l0x9 FromUninstall
Digital Media Converter 2.7-->"C:\Program Files\Deskshare\Digital Media Converter\unins000.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DonkeyMan-->C:\Program Files\DonkeyMan\uninstall.exe
Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE
DVDAuthorGUI (remove only)-->"C:\Program Files\DVDAuthorGUI\uninstall.exe"
EarthLink setup files-->MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
Edonkey Lite1.4.3.2 English-->C:\PROGRA~1\EDONKE~1.2\UNWISE.EXE C:\PROGRA~1\EDONKE~1.2\INSTALL.LOG
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Final Draft 6-->MsiExec.exe /I{CC8B19D1-91D2-4D5B-B331-F885F432745E}
Final Draft v6.0.2.5 Update-->C:\PROGRA~1\FINALD~1\UNWISE.EXE C:\PROGRA~1\FINALD~1\INSTALL.LOG
Flickr Uploadr 2.5.0.14-->"C:\Program Files\Flickr Uploadr\uninstall.exe"
FLV Player 1.3.3-->"C:\Program Files\FLVPlayer\uninstall.exe"
Free Video Flip and Rotate version 1.3-->"C:\Program Files\DVDVideoSoft\Free Video Flip and Rotate\unins000.exe"
GoldWave v5.04-->"C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.04" "C:\Program Files\GoldWave\unstall.log"
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Video Player-->"C:\Program Files\Google\Google Video Player\Uninstall.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Documents and Settings\lee\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Huffyuv AVI lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF
iConcertCal-->MsiExec.exe /I{B629F4BA-1876-4507-9233-2A25535786D8}
Intel Matrix Storage Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST
Intel® PRO Network Connections Software v9.2.4.11-->C:\Program Files\Intel\DMIX\uninst\DxSetup.exe /x /qr /le C:\DOCUME~1\Owner\LOCALS~1\Temp\PROSetDX\DMIX\\DxUninst.log
Intel® PROSafe for Wired Connections-->MsiExec.exe /I{36BD0774-6CD6-4FF9-A148-83CA09AC123E}
Intel® PROSafe for Wired Connections-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Jasc Paint Shop Photo Album 5-->MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Pro Studio, Dell Editon-->MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 2.72 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kuro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27FF6926-D614-4BB6-8B56-99F0C2DFEEE1}\Setup.exe" -uninst
Lemony-->MsiExec.exe /I{AC2D4B9A-F694-4CF5-803C-E4D8CB5CBDE3}
LimeWire 4.14.8-->"C:\Program Files\LimeWire\uninstall.exe"
LucasArts' Grim Fandango-->C:\WINDOWS\uninst.exe -f"C:\Program Files\LucasArts\Grim\DeIsL1.isu"
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Magic Bullet Editors Premiere-->C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Premiere Pro 1.5\Plug-ins\en_US\Magic Bullet Editors Premiere\mbeditorsppro.log
Magic DVD Copier Version 4.7.1 build 8-->"C:\Program Files\MagicDVDCopier\unins000.exe"
Magic DVD Ripper V5.2.1 build 8-->"C:\Program Files\MagicDVDRipper\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Monkey's Audio-->"C:\Program Files\Monkey's Audio\unins000.exe"
Mozilla Firefox (2.0.0.17)-->C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NETGEAR WPN111 Smart Wizard Wireless Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{582E9125-32B6-4CBA-AB48-3E33CE3DB389}\Setup.exe"
Nitro PDF Professional-->MsiExec.exe /I{0AB4C03C-D10F-422E-B060-75387F61599A}
PE Builder 3.1.10a-->"c:\pebuilder3110a\unins000.exe"
PowerDVD 5.9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
R-Studio NTFS v2.0-->"C:\Program Files\R-Studio NTFS\unins000.exe"
ScummVM 0.10.0-->"C:\Program Files\ScummVM\unins000.exe"
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype 3.0-->"C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SmartFTP Client 3.0 Setup Files (remove only)-->C:\Program Files\SmartFTP Client 3.0 Setup Files\uninst-sftp.exe
SmartFTP Client-->MsiExec.exe /I{11C762F9-95EA-486A-A8E7-683A50C231C1}
SmartFTP Client-->MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865}
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Uninstall 1.0.0.0-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
XviD MPEG-4 Codec-->"C:\Program Files\XviD\UninstXviD.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
YouSendIt Application Plug-in SDK-->C:\Program Files\InstallShield Installation Information\{D6F80A9A-D655-4DCE-BC53-AC2A55324F5C}\setup.exe -runfromtemp -l0x0409
YouSendIt Express-->C:\Program Files\InstallShield Installation Information\{AFA9100B-D7D3-4E88-A984-2632CAAA5D2D}\setup.exe -runfromtemp -l0x0409

======Hosts File======

127.0.0.1 NtKrnlpa.cn

======Security center information======

AV: AVG 7.5.549

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Intel\DMIX;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

Thank you so much for doing this.

1. I went to regedit, found the userinit registry, and discovered that it prompted the execution of both userinit.exe and another process (some other exe, I forgot what), so I erased the second process. I replaced the userinit.exe with one I found at this site. I believe seeing the userinit.exe getting updated when I briefly updated to SP3, which I'd later uninstalled.
2. Yes, I use my own account (with administrator privileges) for both safe and normal mode. The account name is Lee.
3. I've changed nothing since the previous post.
4. Right now I have another computer, as well as a few external hard drives, but I think my buddy is coming by to reclaim his laptop in a few hours.
5. I have the original windows installation CD without any of the SP's.

Edited by nomoretitanic, 29 October 2008 - 08:49 PM.


#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:33 PM

Posted 29 October 2008 - 09:33 PM

Thanks for the feedback.

Note 1. Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Note 2. You may download the SDFix and extract it while in Safe Mode with Networking, but to run RunThis.bat you should boot into Safe Mode.

Note 3. Please do the steps in the order they are written.
  • To disable automatic startup:
  • Go to start right-click My computer and select Properties.
  • Under Advanced tab in the section Startup and Recovery press Settings.
  • Under System failure section:
  • Write an event to the system log option should be checked.
  • Send an administrative alert should be checked.
  • Uncheck Automatically restart.
  • Click OK twice.
  • The next time Windows encounter a problem will not restart automatically and gives you an error message.
    If it happens Note the exact message and post it to your reply.

[*]Turn off Windows automatic updates as it might lead to unexpected results at this stage:
  • Go to start -> Control Panel -> double-click System to open it.
  • Go to the Automatic Updates tab.
  • Select the "Turn off Automatic Updates" box.
  • Click Apply and then OK.

[*]Go to Start > Control Panel > Double-click on User Accounts > Click on "Change the way users log on or off":
Check "Use the Welcome Screen"
Click on Apply Options and close the User Accounts window and the Control Panel.
The next time you reboot your computer the welcome screen will be shown.


[*]Go to start > Run copy/paste the following line in the run box and click OK.

sc delete JFHUBL


[*]Open notepad (start-all programs-accessories-notepad). Copy and paste the following bold text into the notepad.

@ECHO OFF
cd c:\
attrib -h -r -s C:\WINDOWS\tasks\$~$Sys0$.job
delete C:\WINDOWS\tasks\$~$Sys0$.job
  • Select save in:desktop
  • Fill in File name: remove.bat
  • Save as type: All file types (*.*)
  • Click Save and close the Notepad.
  • Double-click remove.bat on the desktop.
  • Copy/paste the content of the log.txt which opens up.
[*]Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected.
Copy and paste the text in code box into it.

REGEDIT4 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6C,69,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"_NoDriveTypeAutoRun"=-
  • Save the file to the desktop as regfix.reg
  • Make sure the Save as type field says All files.
  • Locate regfix.reg on the desktop and double-click on it and confirm.
  • A window pops up asking if you are sure to add the file to the registry. Click Yes.
  • You get another window popup saying that regfix.reg successfully added to the registry.
Note: You have to turn off any registry protector software you have in order the changes to be taken place.


[*]Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O20 - AppInit_DLLs: karna.dat


Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.


[*]Please download SDFix by AndyManchesta and save it to your desktop.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Double click SDFix.exe and it will extract the files to %systemdrive%
  • (this is the drive that contains the Windows Directory, typically C:\SDFix).
  • DO NOT use it just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Copy and paste the contents of the results file Report.txt in your next reply.
[*]If in the previous step the PC didn't boot to normal mode try it a couple of times and regardless of being able to boot normally or not proceed to the next step.


[*]Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the OTViewIt icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Set File age to 60 days.
  • Click Run Scan button.
  • Two reports will open, copy and paste them to your reply:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
[*]I see you have run Combofix among other powerful tools which normally should be run under supervision. Please post the log of the first run of combofix. If you have run it once it is here: C:\Combofix.txt but if you have run it more than once it is here: C:\Qoobox\ComboFix2.txt
You could now it by the time of running or the list of Other Deletions which is normally empty after the first run.


[*]Please copy and paste a fresh Hijackthis log to your reply.
[/list]Please copy/paste in your next reply:
  • The SDFix log.
  • The OTViewIt logs.
  • A fresh Hijackthis log.
  • The Combofix log.
  • Any comment or observation about how it went.

Edited by farbar, 29 October 2008 - 10:10 PM.


#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:33 PM

Posted 29 October 2008 - 10:14 PM

Please note that I edited step 5. Please do it as soon as you see this post.

#7 nomoretitanic

nomoretitanic
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 29 October 2008 - 11:18 PM

SDFIX log:


SDFix: Version 1.238
Run by lee on Wed 10/29/2008 at 20:25

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\-21436~1 - Deleted
C:\WINDOWS\system32\4.tmp - Deleted
C:\WINDOWS\system32\7.tmp - Deleted
C:\WINDOWS\system32\lm.dat - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 20:40:58
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:ba,94,49,73,8a,ef,de,99,e5,57,32,0b,42,f7,e5,8c,27,e3,ac,99,24,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:ba,94,49,73,8a,ef,de,99,e5,57,32,0b,42,f7,e5,8c,27,e3,ac,99,24,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:ba,94,49,73,8a,ef,de,99,e5,57,32,0b,42,f7,e5,8c,27,e3,ac,99,24,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:ba,94,49,73,8a,ef,de,99,e5,57,32,0b,42,f7,e5,8c,27,e3,ac,99,24,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Edonkey Lite 1.4.3.2\\edonkey2000.exe"="C:\\Program Files\\Edonkey Lite 1.4.3.2\\edonkey2000.exe:*:Enabled:edonkey2000"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Disabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Disabled:AOL"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Disabled:Ares"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\Kuro\\Kuro.exe"="C:\\Program Files\\Kuro\\Kuro.exe:*:Enabled:Kuro"
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"="C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe:*:Enabled:VoipBuster"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Documents and Settings\\lee\\My Documents\\zsnesw142\\zsnesw.exe"="C:\\Documents and Settings\\lee\\My Documents\\zsnesw142\\zsnesw.exe:*:Enabled:zsnesw"
"C:\\Program Files\\mldonkey\\mlnet.exe"="C:\\Program Files\\mldonkey\\mlnet.exe:*:Enabled:MLdonkey - multiuser P2P daemon"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Documents and Settings\\lee\\Desktop\\mlnet.exe"="C:\\Documents and Settings\\lee\\Desktop\\mlnet.exe:*:Disabled:MLdonkey - multiuser P2P daemon"
"C:\\Program Files\\mldonkey\\mldonkeywatch.exe"="C:\\Program Files\\mldonkey\\mldonkeywatch.exe:*:Disabled:mldonkeywatch"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"="C:\\Program Files\\SmartFTP\\SmartFTP.exe:*:Enabled:SmartFTP Client"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\Documents and Settings\\lee\\Local Settings\\Temp\\Nero Web\\SetupXu.exe"="C:\\Documents and Settings\\lee\\Local Settings\\Temp\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup"
"C:\\Documents and Settings\\lee\\My Documents\\Grim Launcher.exe"="C:\\Documents and Settings\\lee\\My Documents\\Grim Launcher.exe:*:Enabled:Grim Fandango Launcher"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 28 Oct 2008 0 ..SH. --- "C:\WINDOWS\S0AC8909C.tmp"
Thu 29 Jun 2006 53,248 A..H. --- "C:\Program Files\Lemony\AxInterop.RealAudioObjects.dll"
Thu 29 Jun 2006 15,360 A..H. --- "C:\Program Files\Lemony\AxInterop.QTActiveXPlugin.dll"
Wed 4 Aug 2004 57,344 A..H. --- "C:\Program Files\Lemony\AxInterop.MediaPlayer.dll"
Wed 4 Aug 2004 28,672 A..H. --- "C:\Program Files\Lemony\AxInterop.MSVidCtlLib.dll"
Wed 4 Aug 2004 253,952 A..H. --- "C:\Program Files\Lemony\Interop.DxVBLibA.dll"
Thu 29 Jun 2006 13,312 A..H. --- "C:\Program Files\Lemony\Interop.QTActiveXPlugin.dll"
Wed 4 Aug 2004 86,016 A..H. --- "C:\Program Files\Lemony\Interop.MediaPlayer.dll"
Mon 14 Jul 2003 655,360 A..H. --- "C:\Program Files\Lemony\Interop.Word.dll"
Wed 4 Aug 2004 221,184 A..H. --- "C:\Program Files\Lemony\Interop.MSVidCtlLib.dll"
Thu 29 Jun 2006 53,248 A..H. --- "C:\Program Files\Lemony\Interop.RealAudioObjects.dll"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 8 Sep 2005 56 ..SHR --- "C:\WINDOWS\system32\B00CF7155F.sys"
Mon 21 Jan 2002 78,336 A..H. --- "C:\Program Files\Final Draft 6\System\Rslibw32.dll"
Mon 21 Jan 2002 129,024 A..H. --- "C:\Program Files\Final Draft 6\System\Scpbw32.dll"
Mon 21 Jan 2002 157,184 A..H. --- "C:\Program Files\Final Draft 6\System\Scpw32.dll"
Thu 7 Dec 2006 3,108,864 A..H. --- "C:\Documents and Settings\lee\Application Data\U3\temp\Launchpad Removal.exe"

Finished!

The OTViewIt logs:
OTViewIt logfile created on: 10/29/2008 9:02:41 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\lee\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 777.41 Mb Available Physical Memory | 76.06% Memory free
1.88 Gb Paging File | 1.80 Gb Available in Paging File | 95.75% Paging File free
Paging file location(s): C:\pagefile.sys 1000 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.17 Gb Total Space | 1.97 Gb Free Space | 5.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 465.76 Gb Total Space | 84.80 Gb Free Space | 18.21% Space Free | Partition Type: NTFS

Computer Name: DELL9100
Current User Name: lee
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== Processes ==========

[2008/10/29 20:13:28 | 00,431,104 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lee\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2005/09/20 19:54:03 | 00,076,800 | ---- | M] () -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2008/07/22 20:42:12 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])
[2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/04/15 00:09:32 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
[2007/10/25 08:46:46 | 00,427,520 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -- (Avg7Alrt [Auto | Stopped])
[2006/11/04 13:41:13 | 00,058,368 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe -- (Avg7UpdSvc [Auto | Stopped])
[2007/12/20 09:46:50 | 00,415,232 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe -- (AVGEMS [Auto | Stopped])
[2008/02/11 11:58:00 | 00,163,840 | ---- | M] () -- C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe -- (bepldr [On_Demand | Stopped])
[2007/07/24 15:17:08 | 00,241,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
[2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/04/25 06:49:52 | 00,098,430 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon [Auto | Stopped])
[2005/04/03 21:41:10 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/07/30 10:47:48 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
File not found -- -- (NMIndexingService [On_Demand | Stopped])
[2007/08/10 20:46:18 | 00,026,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc [Auto | Stopped])
[2007/05/28 09:57:54 | 00,284,672 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Stopped])
[2007/01/19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,922,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2004/08/03 20:10:12 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883 [On_Demand | Stopped])
[2005/02/23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc [On_Demand | Running])
[2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2004/08/03 21:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 11:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 11:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2004/10/14 03:24:00 | 00,043,392 | R--- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\athwpn.sys -- (ATHFMWDL [On_Demand | Stopped])
[2005/04/15 00:14:58 | 01,130,496 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
[2004/08/03 20:10:12 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc [On_Demand | Stopped])
[2007/10/25 08:46:40 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7core.sys -- (Avg7Core [System | Stopped])
[2006/11/04 13:41:17 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsw.sys -- (Avg7RsW [System | Stopped])
[2007/02/25 11:36:04 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsxp.sys -- (Avg7RsXP [System | Stopped])
[2007/12/20 09:46:51 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgclean.sys -- (AvgClean [System | Running])
[2006/11/04 13:41:13 | 00,004,960 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdi.sys -- (AvgTdi [Auto | Stopped])
File not found -- -- (catchme [On_Demand | Running])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Boot | Running])
[2001/08/17 11:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2003/07/24 12:10:34 | 00,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5 [On_Demand | Stopped])
[2004/10/14 18:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2007/02/15 17:57:04 | 00,034,760 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL [On_Demand | Running])
[2007/08/07 12:48:33 | 00,025,160 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO [System | Stopped])
[2004/08/04 03:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga [System | Running])
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2004/08/12 15:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/04/25 11:28:14 | 00,871,040 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iastor [Boot | Running])
[2004/08/03 20:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/08/11 16:54:08 | 00,015,890 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X [Auto | Stopped])
[2001/08/17 11:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/03 20:10:00 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV [On_Demand | Stopped])
[2004/11/02 13:12:14 | 00,019,456 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL [On_Demand | Stopped])
[2004/08/03 20:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2002/11/08 17:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci [System | Running])
[2004/05/20 10:46:42 | 00,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])
[2008/03/23 09:05:40 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
[2004/08/04 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/02/20 19:05:38 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 11:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 11:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 11:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/08/03 21:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/17 10:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2001/08/17 12:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2007/12/25 20:29:31 | 00,685,816 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2005/06/14 14:40:08 | 00,180,864 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Stopped])
[2001/08/17 12:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 12:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 12:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 12:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2001/08/17 11:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/07/22 20:32:44 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2004/08/03 23:10:12 | 00,078,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Stopped])
[2001/12/19 12:45:00 | 00,008,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VCdRom.sys -- (vcdrom [System | Stopped])
[2004/06/04 13:12:10 | 00,379,488 | R--- | M] (NETGEAR, Inc.) -- C:\WINDOWS\system32\drivers\wg111nd5.sys -- (wg111nd5 [On_Demand | Running])
[2005/01/07 10:07:40 | 00,286,720 | ---- | M] (NETGEAR, Inc.) -- C:\WINDOWS\system32\drivers\WPN111.sys -- (WPN111 [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/mywaybiz
"First Home Page"=http://www.dell4me.com/mywaybiz
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/mywaybiz
"First Home Page"=http://www.dell4me.com/mywaybiz
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-907240432-3560199864-2964379039-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-907240432-3560199864-2964379039-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_USERS\S-1-5-21-907240432-3560199864-2964379039-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-907240432-3560199864-2964379039-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 NtKrnlpa.cn
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-907240432-3560199864-2964379039-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
"DeadAIM"=rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs (Microsoft Corporation)
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe /autostart (Google)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript (Malwarebytes Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SigmatelSysTrayApp"=stsystra.exe (SigmaTel, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"=C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-907240432-3560199864-2964379039-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"=C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

========== (O4) RunOnce Keys ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientAXDisabler"=cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (Microsoft Corporation)
"TSClientMSIUninstaller"=cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-907240432-3560199864-2964379039-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientAXDisabler"=cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (Microsoft Corporation)
"TSClientMSIUninstaller"=cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (Microsoft Corporation)

========== (O4) Startup Folders ==========

[1999/11/04 13:06:48 | 00,122,368 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2001/02/12 23:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
[2005/01/24 16:58:24 | 00,503,894 | ---- | M] (NETGEAR) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111 Configuration Utility\WPN111.exe
[2007/06/06 11:35:02 | 00,282,624 | ---- | M] (ArcSoft, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-907240432-3560199864-2964379039-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_USERS\S-1-5-21-907240432-3560199864-2964379039-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Clean Traces: C:\Program Files\DAP\Privacy Package\dapcleanerie.htm [2005/10/23 13:29:16 | 00,001,748 | ---- | M] ()
&Download the file(s) in D.S.Code: C:\Documents and Settings\lee\My Documents\DSLite2.07.45\DSLite2.07.45\DSLite2\dl_text.html [2004/02/20 15:03:38 | 00,000,399 | ---- | M] ()
&Download the file(s) in D.S.Code-File: C:\Documents and Settings\lee\My Documents\DSLite2.07.45\DSLite2.07.45\DSLite2\dl_url.html [2004/02/20 15:03:40 | 00,001,861 | ---- | M] ()
&Download with &DAP: C:\Program Files\DAP\dapextie.htm [2006/03/20 15:34:42 | 00,002,020 | ---- | M] ()
??????(&D.S.Lite): Reg Error: Value does not exist or could not be read. File not found
????????(&D.S.Lite): Reg Error: Value does not exist or could not be read. File not found
Download &all with DAP: C:\Program Files\DAP\dapextie2.htm [2006/03/20 15:37:42 | 00,001,041 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/06/20 14:37:18 | 09,080,832 | R--- | M] (Microsoft Corporation)
下載編碼內容(&D.S.Lite): C:\Documents and Settings\lee\My Documents\DSLite2.07.45\DSLite2.07.45\DSLite2\dl_text.html [2004/02/20 15:03:38 | 00,000,399 | ---- | M] ()
下載編碼檔案內容(&D.S.Lite): C:\Documents and Settings\lee\My Documents\DSLite2.07.45\DSLite2.07.45\DSLite2\dl_url.html [2004/02/20 15:03:40 | 00,001,861 | ---- | M] ()

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
&Clean Traces: C:\Program Files\DAP\Privacy Package\dapcleanerie.htm [2005/10/23 13:29:16 | 00,001,748 | ---- | M] ()
&Download with &DAP: C:\Program Files\DAP\dapextie.htm [2006/03/20 15:34:42 | 00,002,020 | ---- | M] ()
Download &all with DAP: C:\Program Files\DAP\dapextie2.htm [2006/03/20 15:37:42 | 00,001,041 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/06/20 14:37:18 | 09,080,832 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
&Clean Traces: C:\Program Files\DAP\Privacy Package\dapcleanerie.htm [2005/10/23 13:29:16 | 00,001,748 | ---- | M] ()
&Download with &DAP: C:\Program Files\DAP\dapextie.htm [2006/03/20 15:34:42 | 00,002,020 | ---- | M] ()
Download &all with DAP: C:\Program Files\DAP\dapextie2.htm [2006/03/20 15:37:42 | 00,001,041 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/06/20 14:37:18 | 09,080,832 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
&Clean Traces: Reg Error: Key does not exist or could not be opened. File not found
&Download with &DAP: Reg Error: Key does not exist or could not be opened. File not found
Download &all with DAP: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
&Clean Traces: Reg Error: Key does not exist or could not be opened. File not found
&Download with &DAP: Reg Error: Key does not exist or could not be opened. File not found
Download &all with DAP: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-907240432-3560199864-2964379039-1006\Software\Microsoft\Internet Explorer\MenuExt\]
&Clean Traces: C:\Program Files\DAP\Privacy Package\dapcleanerie.htm [2005/10/23 13:29:16 | 00,001,748 | ---- | M] ()
&Download the file(s) in D.S.Code: C:\Documents and Settings\lee\My Documents\DSLite2.07.45\DSLite2.07.45\DSLite2\dl_text.html [2004/02/20 15:03:38 | 00,000,399 | ---- | M] ()
&Download the file(s) in D.S.Code-File: C:\Documents and Settings\lee\My Documents\DSLite2.07.45\DSLite2.07.45\DSLite2\dl_url.html [2004/02/20 15:03:40 | 00,001,861 | ---- | M] ()
&Download with &DAP: C:\Program Files\DAP\dapextie.htm [2006/03/20 15:34:42 | 00,002,020 | ---- | M] ()
??????(&D.S.Lite): Reg Error: Value does not exist or could not be read. File not found
????????(&D.S.Lite): Reg Error: Value does not exist or could not be read. File not found
Download &all with DAP: C:\Program Files\DAP\dapextie2.htm [2006/03/20 15:37:42 | 00,001,041 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/06/20 14:37:18 | 09,080,832 | R--- | M] (Microsoft Corporation)
下載編碼內容(&D.S.Lite): C:\Documents and Settings\lee\My Documents\DSLite2.07.45\DSLite2.07.45\DSLite2\dl_text.html [2004/02/20 15:03:38 | 00,000,399 | ---- | M] ()
下載編碼檔案內容(&D.S.Lite): C:\Documents and Settings\lee\My Documents\DSLite2.07.45\DSLite2.07.45\DSLite2\dl_url.html [2004/02/20 15:03:40 | 00,001,861 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: Button: AIM -- %ProgramFiles%\AIM\aim.exe [2005/08/05 12:08:26 | 00,067,160 | ---- | M] (America Online, Inc.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 05:44:50 | 00,566,272 | ---- | M] (Microsoft Corporation)
{F8475519-8412-4D40-A46E-692D9D04DF7F}: Button: D.S.Lite -- %UserProfile%\My Documents\DSLite2.07.45\DSLite2.07.45\DSLite2\DSLite.exe [2005/04/02 21:25:26 | 00,669,184 | ---- | M] (watermonster.org)
{F8475519-8412-4D40-A46E-692D9D04DF7F}: Menu: &D.S.Lite -- %UserProfile%\My Documents\DSLite2.07.45\DSLite2.07.45\DSLite2\DSLite.exe [2005/04/02 21:25:26 | 00,669,184 | ---- | M] (watermonster.org)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 09:24:37 | 01,702,912 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 09:24:37 | 01,702,912 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2005/08/05 12:08:26 | 00,067,160 | ---- | M] (America Online, Inc.)
CmdMapping\\{F8475519-8412-4D40-A46E-692D9D04DF7F} [HKLM] -> %UserProfile%\My Documents\DSLite2.07.45\DSLite2.07.45\DSLite2\DSLite.exe [D.S.Lite] -> [2005/04/02 21:25:26 | 00,669,184 | ---- | M] (watermonster.org)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,702,912 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,702,912 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,702,912 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-907240432-3560199864-2964379039-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2005/08/05 12:08:26 | 00,067,160 | ---- | M] (America Online, Inc.)
CmdMapping\\{F8475519-8412-4D40-A46E-692D9D04DF7F} [HKLM] -> %UserProfile%\My Documents\DSLite2.07.45\DSLite2.07.45\DSLite2\DSLite.exe [D.S.Lite] -> [2005/04/02 21:25:26 | 00,669,184 | ---- | M] (watermonster.org)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,702,912 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
73 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
73 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
73 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
73 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
73 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-907240432-3560199864-2964379039-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
73 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{00000161-0000-0010-8000-00AA00389B71}: http://codecs.microsoft.com/codecs/i386/msaudio.cab -- Reg Error: Key does not exist or could not be opened.
{01A88BB1-1174-41EC-ACCB-963509EAE56B}: http://support.dell.com/systemprofiler/SysPro.CAB -- SysProWmi Class
{166B1BCA-3F9C-11CF-8075-444553540000}: http://fpdownload.macromedia.com/get/shock...director/sw.cab -- Shockwave ActiveX Control
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{33564D57-0000-0010-8000-00AA00389B71}: http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB -- Reg Error: Key does not exist or could not be opened.
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab -- Reg Error: Key does not exist or could not be opened.
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab -- MSN Photo Upload Tool
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{9A54032D-31F7-400D-B184-83B33BDE65FA}: http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab -- MSN File Upload Control
{9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8}: http://pictures06.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab -- AIM UPF Control
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}: http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/shock...ash/swflash.cab -- Shockwave Flash Object
{ED28050F-D713-43BA-A376-DCC5C35407D5}: https://music.msn.com/client/msnmusax4123.cab -- MsnMusicAx Class

========== (O17) DNS Name Servers ==========

{0312BC62-CE6B-4AA2-AB02-AFC1A28B3FA0} (Servers: | Description: NETGEAR RangeMax™ Wireless USB 2.0 Adapter WPN111)
{0C6D1803-AF99-4CEA-A060-C8A3504F4D6D} (Servers: | Description: Intel® PRO/100 VE Network Connection)
{479F88D3-8016-4AC0-92DF-618BDBA77E6C} (Servers: | Description: 1394 Net Adapter)
{D93A428A-CFE3-4A5D-B602-5811ECCC9E89} (Servers: | Description: )
{F11CEE2C-768C-4D8B-B233-3FAF78C31AED} (Servers: | Description: NETGEAR WG111 802.11g Wireless USB2.0 Adapter)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
dimsntfy: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/10 11:04:08 | 00,000,000 | -HS- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2407cb9-fad9-11dc-b87b-00146c3473e6}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2407cb9-fad9-11dc-b87b-00146c3473e6}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2407cb9-fad9-11dc-b87b-00146c3473e6}\Shell\AutoRun\command]
""=I:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 60 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2008/10/29 20:18:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/10/29 20:13:19 | 00,431,104 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lee\Desktop\OTViewIt.exe
[2008/10/29 20:12:14 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/10/29 20:11:48 | 01,556,227 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\SDFix.exe
[2008/10/29 20:10:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lee\Desktop\backups
[2008/10/29 20:05:59 | 00,000,468 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\regfix.reg
[2008/10/29 19:48:53 | 00,000,206 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\remove.bat
[2008/10/29 19:28:57 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/10/29 18:39:19 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\lee\Desktop\lee.exe
[2008/10/29 18:39:17 | 00,000,000 | ---D | C] -- C:\rsit
[2008/10/29 18:38:53 | 00,305,705 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\RSIT.exe
[2008/10/29 04:35:02 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\lee\Desktop\HiJackThis.exe
[2008/10/29 03:39:44 | 00,000,000 | ---D | C] -- C:\Avenger
[2008/10/29 02:29:44 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/10/29 01:59:50 | 00,000,326 | ---- | C] () -- C:\WINDOWS\tasks\$~$Sys0$.job
[2008/10/29 01:53:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2008/10/28 22:11:16 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2008/10/28 22:11:10 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/10/28 22:11:02 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2008/10/28 22:09:50 | 00,221,184 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008/10/28 22:09:50 | 00,171,008 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/10/28 22:09:50 | 00,146,432 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/10/28 22:09:50 | 00,107,520 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/10/28 22:09:50 | 00,101,792 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/10/28 22:09:50 | 00,089,116 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/10/28 22:09:50 | 00,076,800 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/10/28 22:09:50 | 00,065,092 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/10/28 22:09:50 | 00,039,424 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008/10/28 22:09:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/10/28 22:09:46 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/10/28 22:09:05 | 02,996,725 | R--- | C] () -- C:\Documents and Settings\lee\Desktop\ComboFix.exe
[2008/10/28 20:00:15 | 00,005,884 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2008/10/28 19:53:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/10/28 19:53:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/10/28 19:53:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/10/28 19:53:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/10/28 18:42:21 | 00,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll
[2008/10/28 18:42:21 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sdbus.sys
[2008/10/28 18:42:21 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2008/10/28 18:42:21 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2008/10/28 18:42:21 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2008/10/28 18:42:21 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2008/10/28 18:42:21 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk7.sys
[2008/10/28 18:42:21 | 00,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelppm.sys
[2008/10/28 18:42:21 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ip6fw.sys
[2008/10/28 18:42:21 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbehci.sys
[2008/10/28 18:42:21 | 00,015,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mssmbios.sys
[2008/10/28 18:42:21 | 00,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tunmp.sys
[2008/10/28 18:42:21 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffdisk.sys
[2008/10/28 18:42:21 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_sd.sys
[2008/10/28 18:42:20 | 02,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp2res.dll
[2008/10/28 18:42:19 | 00,262,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\http.sys
[2008/10/28 18:42:18 | 00,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msftedit.dll
[2008/10/28 18:42:18 | 00,078,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/10/28 18:42:18 | 00,078,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2008/10/28 18:42:18 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltlib.dll
[2008/10/28 18:42:17 | 00,134,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssap.dll
[2008/10/28 18:42:17 | 00,128,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fltmgr.sys
[2008/10/28 18:42:17 | 00,128,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys
[2008/10/28 18:42:17 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2008/10/28 18:42:17 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmc.exe
[2008/10/28 18:42:16 | 00,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2008/10/28 18:42:16 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2008/10/28 18:41:58 | 00,265,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentsvr.exe
[2008/10/28 18:41:58 | 00,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2008/10/28 18:41:58 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentdpv.dll
[2008/10/28 18:41:58 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentdp2.dll
[2008/10/28 18:41:58 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2008/10/28 18:41:58 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2008/10/28 18:41:58 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2008/10/28 18:41:58 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2008/10/28 18:41:57 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2008/10/28 18:41:56 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\directdb.dll
[2008/10/28 18:41:53 | 00,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2008/10/28 18:41:53 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2008/10/28 18:41:52 | 02,136,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/28 18:41:52 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2008/10/28 18:41:52 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2008/10/28 18:41:52 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2008/10/28 18:41:51 | 02,180,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/28 18:41:51 | 02,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/28 18:41:51 | 02,015,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/28 18:41:50 | 01,197,294 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2008/10/28 18:41:49 | 00,510,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winlogon.exe
[2008/10/28 18:41:49 | 00,510,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32.dll
[2008/10/28 18:41:49 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabimp.dll
[2008/10/28 18:41:32 | 01,041,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\explorer.exe
[2008/10/28 18:41:29 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2008/10/28 18:41:26 | 01,022,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2008/10/28 18:41:25 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2008/10/28 18:41:25 | 00,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdfview.dll
[2008/10/28 18:41:24 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ciodm.dll
[2008/10/28 18:41:22 | 01,054,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\danim.dll
[2008/10/28 18:41:20 | 00,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsapi.dll
[2008/10/28 18:41:20 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsrslvr.dll
[2008/10/28 18:41:19 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\es.dll
[2008/10/28 18:41:19 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2008/10/28 18:41:19 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2008/10/28 18:41:17 | 00,546,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hhctrl.ocx
[2008/10/28 18:41:17 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll
[2008/10/28 18:41:16 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hlink.dll
[2008/10/28 18:41:13 | 00,683,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/10/28 18:41:13 | 00,163,840 | ---- | C] (America Online) -- C:\WINDOWS\System32\dllcache\jgdw400.dll
[2008/10/28 18:41:13 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iphlpapi.dll
[2008/10/28 18:41:13 | 00,027,648 | ---- | C] (Johnson-Grace Company) -- C:\WINDOWS\System32\dllcache\jgpl400.dll
[2008/10/28 18:41:13 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2008/10/28 18:41:12 | 00,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2008/10/28 18:41:12 | 00,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2008/10/28 18:41:12 | 00,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2008/10/28 18:41:12 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2008/10/28 18:41:12 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2008/10/28 18:41:12 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2008/10/28 18:41:12 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2008/10/28 18:41:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2008/10/28 18:41:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2008/10/28 18:41:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2008/10/28 18:41:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2008/10/28 18:41:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2008/10/28 18:41:12 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2008/10/28 18:41:11 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2008/10/28 18:41:11 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mf3216.dll
[2008/10/28 18:41:08 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscms.dll
[2008/10/28 18:41:07 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctf.dll
[2008/10/28 18:41:06 | 00,151,583 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjint40.dll
[2008/10/28 18:41:04 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswsock.dll
[2008/10/28 18:41:03 | 01,104,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/10/28 18:41:03 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/28 18:41:00 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledlg.dll
[2008/10/28 18:40:58 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2008/10/28 18:40:57 | 01,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2008/10/28 18:40:57 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasmans.dll
[2008/10/28 18:40:57 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasadhlp.dll
[2008/10/28 18:40:55 | 00,582,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2008/10/28 18:40:55 | 00,433,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\riched20.dll
[2008/10/28 18:40:53 | 01,498,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2008/10/28 18:40:48 | 08,460,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2008/10/28 18:40:47 | 00,474,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2008/10/28 18:40:47 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shsvcs.dll
[2008/10/28 18:40:44 | 00,713,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sxs.dll
[2008/10/28 18:40:42 | 00,577,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/10/28 18:40:42 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2008/10/28 18:40:42 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiaservc.dll
[2008/10/28 18:40:42 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\upnphost.dll
[2008/10/28 18:40:42 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbui.dll
[2008/10/28 18:40:42 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2008/10/28 18:40:41 | 00,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll
[2008/10/28 18:40:37 | 00,984,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
[2008/10/28 18:40:37 | 00,984,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2008/10/28 18:40:37 | 00,721,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lsasrv.dll
[2008/10/28 18:40:37 | 00,721,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2008/10/28 18:40:37 | 00,708,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntdll.dll
[2008/10/28 18:40:37 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2008/10/28 18:40:37 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comctl32.dll
[2008/10/28 18:40:37 | 00,616,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\advapi32.dll
[2008/10/28 18:40:37 | 00,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autoconv.exe
[2008/10/28 18:40:37 | 00,588,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autochk.exe
[2008/10/28 18:40:37 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2008/10/28 18:40:37 | 00,341,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\localspl.dll
[2008/10/28 18:40:37 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.dll
[2008/10/28 18:40:37 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imagehlp.dll
[2008/10/28 18:40:37 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\desk.cpl
[2008/10/28 18:40:37 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msv1_0.dll
[2008/10/28 18:40:37 | 00,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhcpcsvc.dll
[2008/10/28 18:40:37 | 00,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpcsvc.dll
[2008/10/28 18:40:37 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntprint.dll
[2008/10/28 18:40:37 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nslookup.exe
[2008/10/28 18:40:37 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\locator.exe
[2008/10/28 18:40:37 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftp.exe
[2008/10/28 18:40:37 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msgsvc.dll
[2008/10/28 18:40:37 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2008/10/28 18:40:37 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cacls.exe
[2008/10/28 18:40:37 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\format.com
[2008/10/28 18:40:37 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mgmtapi.dll
[2008/10/28 18:40:37 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lmhsvc.dll
[2008/10/28 18:40:37 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntlsapi.dll
[2008/10/28 18:40:37 | 00,000,325 | ---- | C] () -- C:\WINDOWS\System32\ntnet.drv
[2008/10/28 18:40:36 | 00,550,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaut32.dll
[2008/10/28 18:40:36 | 00,550,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll
[2008/10/28 18:40:36 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
[2008/10/28 18:40:36 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nwprovau.dll
[2008/10/28 18:40:36 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nwprovau.dll
[2008/10/28 18:40:36 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfctrs.dll
[2008/10/28 18:40:36 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecnv32.dll
[2008/10/28 18:40:35 | 00,984,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\syssetup.dll
[2008/10/28 18:40:35 | 00,983,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupapi.dll
[2008/10/28 18:40:35 | 00,657,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasdlg.dll
[2008/10/28 18:40:35 | 00,560,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\printui.dll
[2008/10/28 18:40:35 | 00,415,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\samsrv.dll
[2008/10/28 18:40:35 | 00,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\untfs.dll
[2008/10/28 18:40:35 | 00,298,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sysdm.cpl
[2008/10/28 18:40:35 | 00,275,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ulib.dll
[2008/10/28 18:40:35 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasapi32.dll
[2008/10/28 18:40:35 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2008/10/28 18:40:35 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schannel.dll
[2008/10/28 18:40:35 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2008/10/28 18:40:35 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\services.exe
[2008/10/28 18:40:35 | 00,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scardsvr.exe
[2008/10/28 18:40:35 | 00,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srvsvc.dll
[2008/10/28 18:40:35 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasauto.dll
[2008/10/28 18:40:35 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\samlib.dll
[2008/10/28 18:40:35 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasman.dll
[2008/10/28 18:40:35 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rastapi.dll
[2008/10/28 18:40:35 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smss.exe
[2008/10/28 18:40:35 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpmonui.dll
[2008/10/28 18:40:35 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rshx32.dll
[2008/10/28 18:40:35 | 00,026,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2008/10/28 18:40:35 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe
[2008/10/28 18:40:34 | 01,846,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2008/10/28 18:40:34 | 01,846,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/28 18:40:34 | 00,799,744 | ---- | C] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\drivers\dmboot.sys
[2008/10/28 18:40:34 | 00,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ntfs.sys
[2008/10/28 18:40:34 | 00,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntfs.sys
[2008/10/28 18:40:34 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2008/10/28 18:40:34 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/10/28 18:40:34 | 00,187,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\acpi.sys
[2008/10/28 18:40:34 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2008/10/28 18:40:34 | 00,179,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxdav.sys
[2008/10/28 18:40:34 | 00,179,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxdav.sys
[2008/10/28 18:40:34 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmixer.sys
[2008/10/28 18:40:34 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2008/10/28 18:40:34 | 00,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\netbt.sys
[2008/10/28 18:40:34 | 00,153,344 | ---- | C] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\drivers\dmio.sys
[2008/10/28 18:40:34 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winspool.drv
[2008/10/28 18:40:34 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fastfat.sys
[2008/10/28 18:40:34 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys
[2008/10/28 18:40:34 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2008/10/28 18:40:34 | 00,140,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2008/10/28 18:40:34 | 00,140,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ks.sys
[2008/10/28 18:40:34 | 00,138,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\afd.sys
[2008/10/28 18:40:34 | 00,138,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2008/10/28 18:40:34 | 00,134,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipnat.sys
[2008/10/28 18:40:34 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wkssvc.dll
[2008/10/28 18:40:34 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll
[2008/10/28 18:40:34 | 00,119,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pcmcia.sys
[2008/10/28 18:40:34 | 00,107,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mup.sys
[2008/10/28 18:40:34 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32spl.dll
[2008/10/28 18:40:34 | 00,095,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.sys
[2008/10/28 18:40:34 | 00,095,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2008/10/28 18:40:34 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ksecdd.sys
[2008/10/28 18:40:34 | 00,091,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndiswan.sys
[2008/10/28 18:40:34 | 00,088,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys
[2008/10/28 18:40:34 | 00,085,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nabtsfec.sys
[2008/10/28 18:40:34 | 00,085,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2008/10/28 18:40:34 | 00,080,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\parport.sys
[2008/10/28 18:40:34 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipsec.sys
[2008/10/28 18:40:34 | 00,071,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bridge.sys
[2008/10/28 18:40:34 | 00,071,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys
[2008/10/28 18:40:34 | 00,068,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pci.sys
[2008/10/28 18:40:34 | 00,068,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pci.sys
[2008/10/28 18:40:34 | 00,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys
[2008/10/28 18:40:34 | 00,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdfs.sys
[2008/10/28 18:40:34 | 00,061,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nic1394.sys
[2008/10/28 18:40:34 | 00,061,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ohci1394.sys
[2008/10/28 18:40:34 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\arp1394.sys
[2008/10/28 18:40:34 | 00,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2008/10/28 18:40:34 | 00,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2008/10/28 18:40:34 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmarpc.sys
[2008/10/28 18:40:34 | 00,055,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys
[2008/10/28 18:40:34 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\1394bus.sys
[2008/10/28 18:40:34 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dmusic.sys
[2008/10/28 18:40:34 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2008/10/28 18:40:34 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i8042prt.sys
[2008/10/28 18:40:34 | 00,051,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2008/10/28 18:40:34 | 00,051,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2008/10/28 18:40:34 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys
[2008/10/28 18:40:34 | 00,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdrom.sys
[2008/10/28 18:40:34 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\61883.sys
[2008/10/28 18:40:34 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2008/10/28 18:40:34 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\p3.sys
[2008/10/28 18:40:34 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mountmgr.sys
[2008/10/28 18:40:34 | 00,041,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\imapi.sys
[2008/10/28 18:40:34 | 00,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys
[2008/10/28 18:40:34 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\avc.sys
[2008/10/28 18:40:34 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2008/10/28 18:40:34 | 00,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndproxy.sys
[2008/10/28 18:40:34 | 00,036,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys
[2008/10/28 18:40:34 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\crusoe.sys
[2008/10/28 18:40:34 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\disk.sys
[2008/10/28 18:40:34 | 00,036,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys
[2008/10/28 18:40:34 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\isapnp.sys
[2008/10/28 18:40:34 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapnp.sys
[2008/10/28 18:40:34 | 00,035,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msgpc.sys
[2008/10/28 18:40:34 | 00,034,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fips.sys
[2008/10/28 18:40:34 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\netbios.sys
[2008/10/28 18:40:34 | 00,030,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\npfs.sys
[2008/10/28 18:40:34 | 00,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\modem.sys
[2008/10/28 18:40:34 | 00,027,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fdc.sys
[2008/10/28 18:40:34 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys
[2008/10/28 18:40:34 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pciidex.sys
[2008/10/28 18:40:34 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys
[2008/10/28 18:40:34 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdclass.sys
[2008/10/28 18:40:34 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouclass.sys
[2008/10/28 18:40:34 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipinip.sys
[2008/10/28 18:40:34 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\flpydisk.sys
[2008/10/28 18:40:34 | 00,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfs.sys
[2008/10/28 18:40:34 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\partmgr.sys
[2008/10/28 18:40:34 | 00,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i2omp.sys
[2008/10/28 18:40:34 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ccdecode.sys
[2008/10/28 18:40:34 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2008/10/28 18:40:34 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2008/10/28 18:40:34 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\asyncmac.sys
[2008/10/28 18:40:34 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys
[2008/10/28 18:40:34 | 00,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisuio.sys
[2008/10/28 18:40:34 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irenum.sys
[2008/10/28 18:40:34 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisip.sys
[2008/10/28 18:40:34 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2008/10/28 18:40:34 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndistapi.sys
[2008/10/28 18:40:34 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2008/10/28 18:40:34 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i2omgmt.sys
[2008/10/28 18:40:34 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mskssrv.sys
[2008/10/28 18:40:34 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mskssrv.sys
[2008/10/28 18:40:34 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mstee.sys
[2008/10/28 18:40:34 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelide.sys
[2008/10/28 18:40:34 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2008/10/28 18:40:34 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspclock.sys
[2008/10/28 18:40:34 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspclock.sys
[2008/10/28 18:40:34 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspqm.sys
[2008/10/28 18:40:34 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspqm.sys
[2008/10/28 18:40:34 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmkaud.sys
[2008/10/28 18:40:34 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2008/10/28 18:40:33 | 00,136,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2008/10/28 18:40:33 | 00,136,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2008/10/28 18:40:33 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\psched.sys
[2008/10/28 18:40:33 | 00,051,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rasl2tp.sys
[2008/10/28 18:40:33 | 00,048,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\raspptp.sys
[2008/10/28 18:40:33 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\raspppoe.sys
[2008/10/28 18:40:33 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\processr.sys
[2008/10/28 18:40:32 | 00,196,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2008/10/28 18:40:32 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdbss.sys
[2008/10/28 18:40:32 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdbss.sys
[2008/10/28 18:40:32 | 00,139,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys
[2008/10/28 18:40:32 | 00,057,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys
[2008/10/28 18:40:31 | 02,136,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2008/10/28 18:40:31 | 02,015,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2008/10/28 18:40:31 | 00,364,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\update.sys
[2008/10/28 18:40:31 | 00,364,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\update.sys
[2008/10/28 18:40:31 | 00,360,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip.sys
[2008/10/28 18:40:31 | 00,360,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2008/10/28 18:40:31 | 00,333,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\srv.sys
[2008/10/28 18:40:31 | 00,333,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/28 18:40:31 | 00,225,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2008/10/28 18:40:31 | 00,225,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys
[2008/10/28 18:40:31 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys
[2008/10/28 18:40:31 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2008/10/28 18:40:31 | 00,142,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys
[2008/10/28 18:40:31 | 00,142,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2008/10/28 18:40:31 | 00,134,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hal.dll
[2008/10/28 18:40:31 | 00,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys
[2008/10/28 18:40:31 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdmaud.sys
[2008/10/28 18:40:31 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2008/10/28 18:40:31 | 00,079,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys
[2008/10/28 18:40:31 | 00,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sr.sys
[2008/10/28 18:40:31 | 00,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\udfs.sys
[2008/10/28 18:40:31 | 00,064,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\serial.sys
[2008/10/28 18:40:31 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sysaudio.sys
[2008/10/28 18:40:31 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2008/10/28 18:40:31 | 00,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbhub.sys
[2008/10/28 18:40:31 | 00,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbhub.sys
[2008/10/28 18:40:31 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swmidi.sys
[2008/10/28 18:40:31 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2008/10/28 18:40:31 | 00,052,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\volsnap.sys
[2008/10/28 18:40:31 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2008/10/28 18:40:31 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stream.sys
[2008/10/28 18:40:31 | 00,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\termdd.sys
[2008/10/28 18:40:31 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wanarp.sys
[2008/10/28 18:40:31 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2008/10/28 18:40:31 | 00,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys
[2008/10/28 18:40:31 | 00,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbstor.sys
[2008/10/28 18:40:31 | 00,025,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys
[2008/10/28 18:40:31 | 00,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys
[2008/10/28 18:40:31 | 00,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys
[2008/10/28 18:40:31 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys
[2008/10/28 18:40:31 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vga.sys
[2008/10/28 18:40:31 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbuhci.sys
[2008/10/28 18:40:31 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbuhci.sys
[2008/10/28 18:40:31 | 00,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wstcodec.sys
[2008/10/28 18:40:31 | 00,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2008/10/28 18:40:31 | 00,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys
[2008/10/28 18:40:31 | 00,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys
[2008/10/28 18:40:31 | 00,015,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\serenum.sys
[2008/10/28 18:40:31 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\streamip.sys
[2008/10/28 18:40:31 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2008/10/28 18:40:31 | 00,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys
[2008/10/28 18:40:31 | 00,014,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\asfsipc.dll
[2008/10/28 18:40:31 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys
[2008/10/28 18:40:31 | 00,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys
[2008/10/28 18:40:31 | 00,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sfloppy.sys
[2008/10/28 18:40:31 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\slip.sys
[2008/10/28 18:40:31 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2008/10/28 18:40:31 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys
[2008/10/28 18:40:31 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2008/10/28 18:40:31 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaide.sys
[2008/10/28 18:40:31 | 00,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swenum.sys
[2008/10/28 18:39:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2008/10/28 18:09:12 | 00,000,000 | ---D | C] -- C:\~ErdUserProfile.$$$
[2008/10/28 17:42:02 | 33,180,5736 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\lee\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2008/10/28 17:02:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lee\Desktop\fixlogonandoff
[2008/10/28 17:01:07 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/10/28 14:32:29 | 04,874,112 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\lee\Desktop\Silverlight.2.0.exe
[2008/10/28 02:13:54 | 00,000,000 | ---D | C] -- C:\pebuilder3110a
[2008/10/28 02:13:37 | 00,073,054 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\RunScanner10022.cab
[2008/10/28 02:13:30 | 03,306,678 | ---- | C] (Bart Lagerweij ) -- C:\Documents and Settings\lee\Desktop\pebuilder3110a.exe
[2008/10/27 23:00:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lee\Desktop\rookitrevealer
[2008/10/27 22:59:31 | 00,231,390 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\RootkitRevealer.zip
[2008/10/27 22:09:24 | 00,009,989 | ---- | C] () -- C:\WINDOWS\USERINIT.EX_
[2008/10/27 20:56:51 | 03,702,784 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\cd080802.iso
[2008/10/27 20:54:36 | 03,305,600 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\cd080802.zip
[2008/10/27 20:06:21 | 00,003,126 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2008/10/27 20:05:57 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2008/10/27 20:05:57 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2008/10/27 20:05:57 | 00,099,840 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\AntiXPVSTFix.exe
[2008/10/27 20:05:57 | 00,098,816 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2008/10/27 20:05:57 | 00,094,208 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2008/10/27 20:05:57 | 00,094,208 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2008/10/27 20:05:57 | 00,094,208 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2008/10/27 20:05:57 | 00,093,696 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2008/10/27 20:05:57 | 00,065,536 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2008/10/27 20:05:57 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2008/10/27 20:05:57 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2008/10/27 20:05:24 | 01,663,634 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\SmitfraudFix.exe
[2008/10/27 11:50:22 | 00,044,544 | ---- | C] (Ret) -- C:\WINDOWS\System32\hgapt32.dll
[2008/10/27 11:37:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lee\Application Data\Malwarebytes
[2008/10/27 10:27:01 | 00,002,206 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/27 10:17:07 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/27 10:17:07 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/27 10:17:05 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/27 10:17:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/27 10:17:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/27 09:59:41 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\CCleaner.lnk
[2008/10/26 23:27:55 | 00,014,937 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\Entourage.S05E08.HDTV.DviX.torrent
[2008/10/26 09:01:47 | 00,024,090 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\Skyward - Synopsis Short.pdf
[2008/10/25 09:31:49 | 00,028,277 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\Jerry_Seinfeld_-_I_m_Telling_You_For_The_Last_Time_(reseed).3287341.TPB(2).torrent
[2008/10/22 21:49:43 | 00,273,459 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\caligula.pdf
[2008/10/21 23:02:55 | 00,020,870 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\close or far.pdf
[2008/10/21 23:02:15 | 00,005,043 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\close or far cover page.fdr
[2008/10/21 23:02:06 | 00,037,226 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\close or far.fdr
[2008/10/20 11:25:16 | 00,018,573 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\pepe vs.pdf
[2008/10/20 11:21:04 | 00,004,986 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\sting and shield cover page.fdr
[2008/10/19 14:11:52 | 00,000,650 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\BitTorrent.lnk
[2008/10/19 13:46:59 | 00,143,950 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\If I Vanished - Original Story.pdf
[2008/10/19 13:44:25 | 00,049,298 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\If I Vanished - Script 1.1.pdf
[2008/10/18 10:35:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lee\Local Settings\Application Data\DNA
[2008/10/18 10:35:27 | 00,000,000 | ---D | C] -- C:\Program Files\DNA
[2008/10/18 10:35:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lee\Application Data\DNA
[2008/10/17 05:33:54 | 06,368,140 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\Big_Boi_feat._Mary_J_Blige_-_Something_s_Gotta_Give.mp3
[2008/10/13 23:17:36 | 00,133,849 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\skyward v0.45.pdf
[2008/10/13 13:23:09 | 00,037,254 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\pepe vs.fdr
[2008/10/09 11:17:19 | 04,344,771 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\la di di.mp3
[2008/10/09 11:17:15 | 04,804,103 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\very.mp3
[2008/10/09 11:17:10 | 03,215,421 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\sara and juan.mp3
[2008/10/02 23:39:41 | 00,035,840 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\Skyward - Synopsis Short.doc
[2008/10/02 23:04:25 | 00,273,660 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\20673.pdf
[2008/09/30 23:39:32 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\Short Stories Compilation List.doc
[2008/09/29 23:51:56 | 00,253,164 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\at hotel utah for hello echo.jpg
[2008/09/29 23:21:25 | 00,068,697 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\at hotel utah.jpg
[2008/09/28 14:19:15 | 00,997,644 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\DSCF1057.JPG
[2008/09/27 19:28:09 | 07,351,637 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\DeVotchKa - Clockwise Witness - The Field Remix.mp3
[2008/09/25 23:42:45 | 00,009,918 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\samsong 1.jpg
[2008/09/25 23:42:34 | 00,013,360 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\samsong.jpg
[2008/09/25 21:41:16 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\Geek to the Beat Treatment.doc
[2008/09/25 21:33:18 | 01,514,265 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\geek snippet1.mp3
[2008/09/19 10:46:04 | 00,126,748 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\1221846345-7bfcf3ff620bad0107be54745200d144.pdf
[2008/09/19 10:12:35 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\Kindergarten Room is FULL.doc
[2008/09/19 10:10:52 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\3-5 Room is FULL.doc
[2008/09/19 10:10:41 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\1-2 Room is FULL.doc
[2008/09/12 11:12:33 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\letter to 3-5 parents chinese.doc
[2008/09/12 10:26:28 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\letter to 3-5 parents.doc
[2008/09/10 03:04:21 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/09/10 00:24:52 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2008/09/10 00:00:39 | 00,041,402 | ---- | C] () -- C:\Documents and Settings\lee\Application Data\Lemony.config
[2008/09/09 23:53:12 | 00,000,000 | ---D | C] -- C:\Program Files\Lemony
[2008/09/06 00:20:19 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\tube rose.doc
[2008/09/05 22:37:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lee\My Documents\YAAI_2.0.3.488
[2008/09/05 22:35:00 | 00,236,725 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\YAAI_2.0.3.488.zip
[2008/09/01 21:51:34 | 00,034,465 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\IMG_6389-01_A.jpg
[2008/09/01 17:31:32 | 00,323,398 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\assembly cut-1.prproj

========== Files - Modified Within 60 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2008/10/29 20:53:03 | 00,000,206 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\remove.bat
[2008/10/29 20:35:25 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/29 20:34:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/29 20:34:28 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/10/29 20:13:51 | 03,152,744 | -H-- | M] () -- C:\Documents and Settings\lee\Local Settings\Application Data\IconCache.db
[2008/10/29 20:13:28 | 00,431,104 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lee\Desktop\OTViewIt.exe
[2008/10/29 20:12:03 | 01,556,227 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\SDFix.exe
[2008/10/29 20:05:59 | 00,000,468 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\regfix.reg
[2008/10/29 19:31:51 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/10/29 18:39:03 | 00,305,705 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\RSIT.exe
[2008/10/29 04:35:11 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\lee\Desktop\lee.exe
[2008/10/29 04:35:11 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\lee\Desktop\HiJackThis.exe
[2008/10/29 03:12:26 | 00,158,208 | ---- | M] () -- C:\Documents and Settings\lee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/29 02:28:09 | 00,479,156 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/29 02:28:09 | 00,407,170 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/29 02:28:09 | 00,063,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/29 02:23:00 | 00,312,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/29 02:14:21 | 00,005,884 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2008/10/29 02:04:15 | 00,250,032 | RHS- | M] () -- C:\ntldr
[2008/10/29 01:59:50 | 00,000,326 | ---- | M] () -- C:\WINDOWS\tasks\$~$Sys0$.job
[2008/10/29 01:32:42 | 00,000,318 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/28 22:11:16 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2008/10/28 22:09:30 | 02,996,725 | R--- | M] () -- C:\Documents and Settings\lee\Desktop\ComboFix.exe
[2008/10/28 20:05:47 | 00,002,711 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/28 18:30:52 | 33,180,5736 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\lee\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2008/10/28 17:13:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/28 14:55:48 | 00,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winlogon.exe
[2008/10/28 14:32:50 | 04,874,112 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\lee\Desktop\Silverlight.2.0.exe
[2008/10/28 01:44:32 | 00,073,054 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\RunScanner10022.cab
[2008/10/28 01:44:12 | 03,306,678 | ---- | M] (Bart Lagerweij ) -- C:\Documents and Settings\lee\Desktop\pebuilder3110a.exe
[2008/10/27 23:36:25 | 00,026,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2008/10/27 22:59:30 | 00,231,390 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\RootkitRevealer.zip
[2008/10/27 22:51:23 | 00,044,544 | ---- | M] (Ret) -- C:\WINDOWS\System32\hgapt32.dll
[2008/10/27 20:59:06 | 00,000,085 | ---- | M] () -- C:\Documents and Settings\lee\Application Data\burnaware.ini
[2008/10/27 20:55:40 | 03,305,600 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\cd080802.zip
[2008/10/27 20:06:21 | 00,003,126 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2008/10/27 20:05:50 | 01,663,634 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\SmitfraudFix.exe
[2008/10/27 10:17:07 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/27 09:59:41 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\CCleaner.lnk
[2008/10/27 01:00:35 | 00,000,584 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\My Sharing Folders.lnk
[2008/10/26 23:27:54 | 00,014,937 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\Entourage.S05E08.HDTV.DviX.torrent
[2008/10/26 10:03:02 | 00,020,870 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\close or far.pdf
[2008/10/26 10:02:52 | 00,037,226 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\close or far.fdr
[2008/10/26 09:01:43 | 00,024,090 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\Skyward - Synopsis Short.pdf
[2008/10/25 23:18:15 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/25 09:31:47 | 00,028,277 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\Jerry_Seinfeld_-_I_m_Telling_You_For_The_Last_Time_(reseed).3287341.TPB(2).torrent
[2008/10/23 07:33:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/22 21:49:42 | 00,273,459 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\caligula.pdf
[2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/21 23:02:15 | 00,005,043 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\close or far cover page.fdr
[2008/10/21 22:52:32 | 00,037,254 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\pepe vs.fdr
[2008/10/20 11:25:16 | 00,018,573 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\pepe vs.pdf
[2008/10/20 11:21:04 | 00,004,986 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\sting and shield cover page.fdr
[2008/10/19 14:11:52 | 00,000,650 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\BitTorrent.lnk
[2008/10/19 13:46:58 | 00,143,950 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\If I Vanished - Original Story.pdf
[2008/10/19 13:44:23 | 00,049,298 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\If I Vanished - Script 1.1.pdf
[2008/10/17 05:38:59 | 06,368,140 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\Big_Boi_feat._Mary_J_Blige_-_Something_s_Gotta_Give.mp3
[2008/10/15 09:57:55 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 09:57:55 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/13 23:17:35 | 00,133,849 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\skyward v0.45.pdf
[2008/10/10 07:58:08 | 00,094,208 | ---- | M] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2008/10/10 07:58:08 | 00,094,208 | ---- | M] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2008/10/09 13:13:42 | 03,215,421 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\sara and juan.mp3
[2008/10/09 11:19:35 | 04,344,771 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\la di di.mp3
[2008/10/09 11:17:37 | 04,804,103 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\very.mp3
[2008/10/07 12:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/03 19:57:38 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\Skyward - Synopsis Short.doc
[2008/10/03 10:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 10:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/10/02 23:04:25 | 00,273,660 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\20673.pdf
[2008/10/01 14:51:40 | 00,098,816 | ---- | M] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2008/09/30 23:55:42 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\Short Stories Compilation List.doc
[2008/09/30 23:54:06 | 00,076,930 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\plank is gonna sing.pdf
[2008/09/29 23:53:02 | 00,253,164 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\at hotel utah for hello echo.jpg
[2008/09/29 23:21:26 | 00,068,697 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\at hotel utah.jpg
[2008/09/28 14:19:15 | 00,997,644 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\DSCF1057.JPG
[2008/09/27 19:28:52 | 07,351,637 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\DeVotchKa - Clockwise Witness - The Field Remix.mp3
[2008/09/26 21:57:57 | 00,094,532 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\plank is gonna sing.fdr
[2008/09/25 23:42:54 | 00,009,918 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\samsong 1.jpg
[2008/09/25 23:42:35 | 00,013,360 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\samsong.jpg
[2008/09/25 21:41:14 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\Geek to the Beat Treatment.doc
[2008/09/25 21:33:28 | 01,514,265 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\geek snippet1.mp3
[2008/09/20 11:00:14 | 00,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2008/09/20 11:00:14 | 00,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2008/09/19 22:52:18 | 00,000,224 | ---- | M] () -- C:\WINDOWS\VUI.pref
[2008/09/19 10:46:04 | 00,126,748 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\1221846345-7bfcf3ff620bad0107be54745200d144.pdf
[2008/09/19 10:17:49 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\Kindergarten Room is FULL.doc
[2008/09/19 10:17:14 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\1-2 Room is FULL.doc
[2008/09/19 10:12:12 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\3-5 Room is FULL.doc
[2008/09/18 11:33:17 | 00,083,034 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\momo face guilt.fdr
[2008/09/15 04:57:41 | 01,846,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2008/09/15 04:57:41 | 01,846,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/09/12 12:40:34 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\letter to 3-5 parents chinese.doc
[2008/09/12 10:28:10 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\letter to 3-5 parents.doc
[2008/09/11 02:37:07 | 00,041,402 | ---- | M] () -- C:\Documents and Settings\lee\Application Data\Lemony.config
[2008/09/10 03:04:21 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2008/09/09 00:13:59 | 00,000,501 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\Shortcut to pete lee's Music.lnk
[2008/09/08 22:38:55 | 00,099,840 | ---- | M] (S!Ri.URZ) -- C:\WINDOWS\System32\AntiXPVSTFix.exe
[2008/09/06 00:21:44 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\tube rose.doc
[2008/09/05 22:35:09 | 00,236,725 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\YAAI_2.0.3.488.zip
[2008/09/01 21:51:35 | 00,034,465 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\IMG_6389-01_A.jpg
[2008/09/01 17:24:57 | 00,323,398 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\assembly cut-1.prproj
< End of report >

fresh hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:25, on 10/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\lee\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
O4 - HKCU\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download the file(s) in D.S.Code - C:\Documents and Settings\lee\My Documents\DSLite2.07.45\DSLite2.07.45\DSLite2\dl_text.html
O8 - Extra context menu item: &Download the file(s) in D.S.Code-File - C:\Documents and Settings\lee\My Documents\DSLite2.07.45\DSLite2.07.45\DSLite2\dl_url.html
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\lee\My Documents\DSLite2.07.45\DSLite2.07.45\DSLite2\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\lee\My Documents\DSLite2.07.45\DSLite2.07.45\DSLite2\DSLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax4123.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7954 bytes

the first and only combofix log:


ComboFix 08-10-28.01 - lee 2008-10-28 22:11:29.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.679 [GMT -7:00]
Running from: C:\Documents and Settings\lee\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\lee\Application Data\inst.exe
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\ntnet.drv
C:\WINDOWS\system32\ssprs.dll
I:\autorun.inf

----- BITS: Possible infected sites -----

hxxp://megauplinkbindinstaller.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ALFACLEANERSERVICE


((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-29 )))))))))))))))))))))))))))))))
.

2008-10-28 22:14 . 2008-10-28 22:14 0 --ahs---- C:\WINDOWS\S0AC8909C.tmp
2008-10-28 20:00 . 2008-10-28 20:00 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-10-28 20:00 . 2008-10-28 20:05 2,833 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-10-28 19:54 . 2008-04-14 05:42 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-10-28 19:53 . 2008-10-28 19:53 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-28 19:53 . 2008-10-28 19:53 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-28 19:53 . 2008-10-28 19:53 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-28 19:53 . 2008-10-28 19:53 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-28 19:53 . 2008-04-14 05:42 45,154 --------- C:\WINDOWS\slrundll.exe
2008-10-28 19:18 . 2008-10-28 19:18 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-28 18:39 . 2008-10-28 18:39 <DIR> d-------- C:\WINDOWS\EHome
2008-10-28 18:09 . 2008-10-28 18:09 <DIR> d-------- C:\~ErdUserProfile.$$$
2008-10-28 17:02 . 2008-10-28 17:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-10-28 17:01 . 2008-10-28 17:01 <DIR> d-------- C:\Program Files\CCleaner
2008-10-28 02:13 . 2008-10-28 16:56 <DIR> d-------- C:\pebuilder3110a
2008-10-27 22:09 . 2001-08-18 05:00 9,989 --a------ C:\WINDOWS\USERINIT.EX_
2008-10-27 20:06 . 2008-10-27 20:06 3,126 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-27 20:05 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-10-27 20:05 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-10-27 20:05 . 2008-09-08 22:38 99,840 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-27 20:05 . 2008-10-01 14:51 98,816 --a------ C:\WINDOWS\system32\VACFix.exe
2008-10-27 20:05 . 2008-10-10 07:58 94,208 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-27 20:05 . 2008-05-18 20:40 94,208 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-10-27 20:05 . 2008-10-10 07:58 94,208 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-27 20:05 . 2008-08-18 11:19 93,696 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-27 20:05 . 2003-06-05 20:13 65,536 --a------ C:\WINDOWS\system32\Process.exe
2008-10-27 20:05 . 2004-07-31 17:50 59,904 --a------ C:\WINDOWS\system32\dumphive.exe
2008-10-27 20:05 . 2007-10-03 23:36 37,888 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-10-27 11:50 . 2008-10-27 22:51 44,544 --a------ C:\WINDOWS\system32\hgapt32.dll
2008-10-27 11:37 . 2008-10-27 11:37 <DIR> d-------- C:\Documents and Settings\lee\Application Data\Malwarebytes
2008-10-27 11:15 . 2008-10-27 22:51 1 --a------ C:\WINDOWS\system32\lm.dat
2008-10-27 10:27 . 2008-10-29 01:32 2,206 --a------ C:\WINDOWS\system32\wpa.dbl
2008-10-27 10:17 . 2008-10-28 16:58 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-27 10:17 . 2008-10-27 10:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-27 10:17 . 2008-10-27 10:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-10-27 10:17 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-27 10:17 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-27 09:43 . 2008-10-27 09:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-10-27 09:24 . 2008-10-27 09:25 2 --a------ C:\-2143696038
2008-10-23 12:58 . 2008-10-15 09:34 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-18 10:35 . 2008-10-18 10:35 <DIR> d-------- C:\Program Files\DNA
2008-10-18 10:35 . 2008-10-27 09:37 <DIR> d-------- C:\Documents and Settings\lee\Application Data\DNA
2008-10-14 16:11 . 2008-09-08 03:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-14 16:10 . 2008-08-14 03:11 2,189,184 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-14 16:10 . 2008-08-14 03:09 2,145,280 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-14 16:10 . 2008-08-14 02:33 2,066,048 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-14 16:10 . 2008-08-14 02:33 2,023,936 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-14 16:10 . 2008-09-15 05:12 1,846,400 --------- C:\WINDOWS\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-28 23:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-10-27 16:37 --------- d-----w C:\Documents and Settings\lee\Application Data\BitTorrent
2008-10-26 19:16 --------- d-----w C:\Program Files\Soulseek
2008-10-18 17:40 --------- d-----w C:\Program Files\Java
2008-10-18 17:35 --------- d-----w C:\Program Files\BitTorrent
2008-10-15 00:41 --------- d-----w C:\Program Files\eMule
2008-10-11 12:17 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-10-01 18:41 --------- d-----w C:\Program Files\Incomplete
2008-09-24 03:03 --------- d-----w C:\Program Files\LimeWire
2008-09-15 18:29 --------- d-----w C:\Documents and Settings\lee\Application Data\Skype
2008-09-10 07:24 --------- d-----w C:\Program Files\MSXML 6.0
2008-09-10 06:53 --------- d-----w C:\Program Files\Lemony
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-02 06:54 --------- d-----w C:\Program Files\Monkey's Audio
2008-08-30 05:07 --------- d-----w C:\Documents and Settings\lee\Application Data\Apple Computer
2008-08-14 22:58 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-06-04 08:15 49,968 ----a-w C:\Documents and Settings\lee\Application Data\GDIPFONTCACHEV1.DAT
2008-03-23 16:05 47,360 ----a-w C:\Documents and Settings\lee\Application Data\pcouffin.sys
2005-09-09 06:04 56 --sh--r C:\WINDOWS\system32\B00CF7155F.sys
.

------- Sigcheck -------

2004-08-04 03:00 23040 ba0470f3171b7fe83be1cdb674dfe89c C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2008-04-14 05:42 23040 57e3770e5bf9c5614de6c1b9c941ace4 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-13 17:12 23040 823d06289cd37456459485fb3a90de66 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
2008-04-13 17:12 23040 f1fabb260b3b52231478e7624619775b C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\svchost.exe
2008-04-14 05:42 23040 bfaa477f4ca67fa241523ddb6e90a0d1 C:\WINDOWS\system32\svchost.exe

2008-04-14 05:42 1042432 adcb8ef3903b2dda334ed35682504dd1 C:\WINDOWS\explorer.exe
2007-06-13 04:26 1041920 b26870cbed8cb731a9c1e3eb253907bd C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 03:23 1041920 8553830eb5fe087b0089dd5c95cddaa4 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 03:00 1040896 a2977f89ae9c81bd60f68cb223cab5c2 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 05:42 1042432 30dc31103f4fd3edbe3c43affc982ef4 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-13 17:12 1042432 fdaad83a0febbcb85bf4d45a9d1963fb C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
2008-04-13 17:12 1042432 23afe7fe44175f66144d490716cab5fa C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\explorer.exe

2004-08-04 03:00 116736 dca5e24d5e7b39b567b19a07c8063fc2 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2008-04-14 05:42 117248 d254d7a0e313040825a891b6e7eda38f C:\WINDOWS\ServicePackFiles\i386\services.exe
2008-04-13 17:12 117248 a8919028bdc3b69b08e10d2c74db9354 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
2008-04-13 17:12 117248 1797b3da33619fbf75f3eba72d8a6504 C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\services.exe
2008-04-14 05:42 117248 4b03f4fe7abe8e05de157167012ed77f C:\WINDOWS\system32\services.exe

2004-08-04 03:00 24064 497554c898a52681f310b439d72a8382 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 05:42 24064 f24450251e352712a773a9d1d31a63d7 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-13 17:12 24064 0b0ca7c01d2332d47e80f73101d82f46 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
2008-04-13 17:12 24064 2fedbdee573d1f276fabdb724b8e01cf C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\ctfmon.exe
2008-04-14 05:42 24064 a0a7b230fda2786001a6ecde7b05b18f C:\WINDOWS\system32\ctfmon.exe

2005-06-10 17:17 66560 924035a2d2b5595c90c8d9e96de463ca C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-10 16:53 66560 fa54074522e6990d9b738fddf63c1c4b C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 03:00 66560 7eb5233899739ac89e94f5a049c4314c C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-04-14 05:42 66560 63241991221db7242c84226f7a9c73e2 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-13 17:12 66560 7112e1e9bdd4f9d07a87036a5f35b5e2 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
2008-04-13 17:12 66560 aef7250852da317ce803a966d7d48cde C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\spoolsv.exe
2008-04-14 05:42 66560 1500383bc3452a98c299961f23f26318 C:\WINDOWS\system32\spoolsv.exe

2008-10-27 23:36 26384 f1d183814894cd6b34eb2557d6d2826a C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2008-04-14 05:42 34816 ad220a1efa73b444343396c6e10825b7 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-13 17:12 34816 68aa08644a3a49f3958036dcf7328d93 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
2008-04-13 17:12 34816 5c4d5464b30c12dd259f6a0f391c9c86 C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\userinit.exe
2008-04-14 05:42 34816 d24e377305ba6c8282def8a3cb43945d C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 4662776]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 67160]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 24064]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="C:\WINDOWS\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"TSClientAXDisabler"="C:\WINDOWS\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm" [2005-09-19 144896]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-10-16 599552]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-17 185896]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 61440]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3751936]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 425984]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-22 1273488]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 227840]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-24 122368]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 83360]
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe [2007-08-11 503894]
TotalMedia Backup Monitor.lnk - C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2008-03-09 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"aux"= sysaudio.sys

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-10-18 10:35 289088 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 04:03 233472 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 05:42 1703936 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 425984 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-03-17 20:59 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Nitro PDF Printer Monitor"="C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Edonkey Lite 1.4.3.2\\edonkey2000.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Kuro\\Kuro.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Documents and Settings\\lee\\My Documents\\zsnesw142\\zsnesw.exe"=
"C:\\Program Files\\mldonkey\\mlnet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\mldonkey\\mldonkeywatch.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule incoming
"4672:UDP"= 4672:UDP:emule incoming udp
"4661:TCP"= 4661:TCP:4661
"4711:TCP"= 4711:TCP:4711
"4665:UDP"= 4665:UDP:4665

S1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [2001-12-19 8576]
S3 ATHFMWDL;NETGEAR WPN111 Bootloader driver;C:\WINDOWS\system32\Drivers\athwpn.sys [2004-10-14 43392]
S3 bepldr;BCL easyPDF SDK 5 Loader;C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe [2008-02-11 151552]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 17149]
S3 JFHUBL;JFHUBL;C:\DOCUME~1\lee\LOCALS~1\Temp\JFHUBL.exe [ ]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2004-11-02 19456]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-01-07 286720]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2407cb9-fad9-11dc-b87b-00146c3473e6}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-10-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\lee\Application Data\Mozilla\Firefox\Profiles\rvhvk14r.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 01:32:52
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-29 1:53:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-29 08:53:01

Pre-Run: 1,014,579,200 bytes free
Post-Run: 1,055,002,624 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

270 --- E O F --- 2008-10-28 21:11:37




as I've mentioned in my PM - doing step 5 (before and after I edited the file) yielded no log.txt screen. SDFix rebooted to normal mode, which still was really slow so I rebooted the computer to safe mode for SDFix to finish the process. Shall I try rebooting in normal mode now?

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:33 PM

Posted 30 October 2008 - 02:17 AM

I need OTViewIt extra.txt log as it is missing, but only after you have tried a few times to boot into normal mode. First try to boot into normal mode a few times. Then run OTViewIt again. No need to post the OTViewIt.txt again. Just extra.txt, I emphasize after trying a few times to log into normal mode. Please give as much feedback as possible.

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:33 PM

Posted 30 October 2008 - 07:05 AM

nomoretitanic, could it be that you replaced userinit.exe after running ComboFix?

Please after trying at least once to reboot to normal mode run and post the OTViewIt extra.txt as I mentioned in previous post. In need to see the eventual error om the log when you try to boot into normal mode. After posting no need to wait just proceed to the following step:

Go to Safe Mode with networking. Remove your copy of Combofix from the desktop. Download the latest version of Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**
  • Close any open browsers.
  • Double click on combofix.exe & follow the prompts.
  • If needed to reboot let it and wait at least for 5 minutes.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


#10 nomoretitanic

nomoretitanic
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 30 October 2008 - 02:13 PM

I've tried three times booting under the normal mode. After the window XP screen and the loading screen comes up, the screen goes to black, but the mouse cursor is on the screen and fully functional. Last night I waited about 40 minutes and nothing ever came on. Today I waited a few minutes each. Here are the new otviewit and extras logs, as well as the new combofix log. I don't believe I replaced the userinit after I ran combofix. I did combofix right before coming to this forum. I've attached the combofix.txt because it's too long.


extras log:


OTViewIt Extras logfile created on: 10/30/2008 11:43:58 AM - Run 2
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\lee\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 763.61 Mb Available Physical Memory | 74.71% Memory free
1.88 Gb Paging File | 1.80 Gb Available in Paging File | 95.54% Paging File free
Paging file location(s): C:\pagefile.sys 1000 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.17 Gb Total Space | 1.93 Gb Free Space | 5.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 465.76 Gb Total Space | 84.80 Gb Free Space | 18.21% Space Free | Partition Type: NTFS

Computer Name: DELL9100
Current User Name: lee
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 03:00:00 | 00,149,504 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2007/01/19 13:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 17:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2006/10/10 05:44:50 | 00,566,272 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 03:00:00 | 00,149,504 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/11/30 22:49:06 | 00,091,640 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2004/10/13 09:24:37 | 01,702,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2005/08/05 12:08:26 | 00,067,160 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
[2008/03/17 20:59:40 | 00,214,560 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer
[2007/08/16 15:00:00 | 00,159,744 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2005/04/17 15:08:11 | 03,125,248 | ---- | M] () -- C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek
[2004/08/04 03:00:00 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2005/09/11 15:03:18 | 02,493,910 | ---- | M] () -- C:\Program Files\Edonkey Lite 1.4.3.2\edonkey2000.exe:*:Enabled:edonkey2000
[2007/01/01 14:22:02 | 03,751,936 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
[2005/10/31 08:56:00 | 00,712,704 | ---- | M] (LimeWire) -- C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer
[2008/10/16 09:03:09 | 00,523,264 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe
[2007/12/20 09:46:50 | 00,415,232 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe
[2006/10/11 16:38:02 | 03,335,944 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)
[2006/02/27 14:43:50 | 00,774,144 | ---- | M] () -- C:\Program Files\Kuro\Kuro.exe:*:Enabled:Kuro
[2008/09/26 16:44:20 | 00,634,672 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2006/06/09 09:15:15 | 00,523,264 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\zsnesw142\zsnesw.exe:*:Enabled:zsnesw
[2006/09/21 16:45:59 | 06,879,744 | ---- | M] (mldonkey team) -- C:\Program Files\mldonkey\mlnet.exe:*:Enabled:MLdonkey - multiuser P2P daemon
[2007/10/25 08:46:46 | 00,427,520 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe
[2008/10/16 09:03:06 | 00,599,552 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe
[2008/08/01 10:41:24 | 05,492,736 | ---- | M] (http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe:*:Enabled:eMule
[2006/09/26 10:52:59 | 00,455,680 | ---- | M] () -- C:\Program Files\mldonkey\mldonkeywatch.exe:*:Disabled:mldonkeywatch
[2006/11/30 22:49:04 | 04,662,776 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/01/19 13:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 17:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2006/10/10 05:44:50 | 00,566,272 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2005/10/06 19:17:32 | 02,455,088 | ---- | M] (SmartFTP GmbH) -- C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP Client
[2007/07/24 15:17:08 | 00,241,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/09/25 11:54:57 | 07,671,408 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2008/06/01 21:37:34 | 07,024,928 | ---- | M] (SmartSoft Ltd.) -- C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0
[2008/07/30 10:47:50 | 20,252,968 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2006/12/11 21:41:08 | 25,343,016 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2008/10/18 10:35:27 | 00,289,088 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe:*:Enabled:DNA

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/01/29 07:08:23 | 00,868,352 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 07:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 13:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 07:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 07:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 13:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/24 15:22:56 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/11/01 16:21:20 | 01,783,384 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}"=Macromedia Flash Player
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{0AB4C03C-D10F-422E-B060-75387F61599A}"=Nitro PDF Professional
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}"=Qualxserve Service Agreement
"{0F8F3415-CB0A-49A6-A23A-D8390444B127}"=DeadAIM
"{11C762F9-95EA-486A-A8E7-683A50C231C1}"=SmartFTP Client
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1EC60864-A294-44BF-984A-3E8867D74EA2}"=Adobe After Effects 6.0
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk"=Google Talk (remove only)
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}"=Rhapsody Player Engine
"{27FF6926-D614-4BB6-8B56-99F0C2DFEEE1}"=Kuro
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}"=Data Lifeguard Tools
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}"=Internet Explorer Default Page
"{36BD0774-6CD6-4FF9-A148-83CA09AC123E}"=Intel® PROSafe for Wired Connections
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}"=Skype Plugin Manager
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}"=iTunes
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}"=Google Earth
"{403EF592-953B-4794-BCEF-ECAB835C2095}"=Intel® PROSafe for Wired Connections
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}"=Jasc Paint Shop Photo Album 5
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}"=Apple Mobile Device Support
"{548EEA8E-8299-497F-8057-811D2D7097DC}"=Dell Support 3.1
"{5676E8F9-B222-49FB-81B7-7998D17EDC4B}"=Digidesign DigiDelivery
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{582E9125-32B6-4CBA-AB48-3E33CE3DB389}"=NETGEAR WPN111 Smart Wizard Wireless Utility
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD 5.9
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}"=SmartFTP Client
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}"=EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}"=Jasc Paint Shop Pro Studio, Dell Editon
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{90280409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}"=Intel Matrix Storage Manager
"{9811A185-3D3D-11D6-9E14-00036D172B00}"=Adobe MPEG Encoder
"{A14F7508-B784-40B8-B11A-E0E2EEB7229F}"=Adobe Premiere Pro 1.5
"{A1ABB12D-047A-431C-AE12-024491E143F1}"=BurnAware Free Edition
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}"=SigmaTel Audio
"{AC2D4B9A-F694-4CF5-803C-E4D8CB5CBDE3}"=Lemony
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AC76BA86-7AD7-2448-0000-705000000001}"=Adobe Reader Chinese Traditional Fonts
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}"=Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}"=WordPerfect Office 12
"{AFA9100B-D7D3-4E88-A984-2632CAAA5D2D}"=YouSendIt Express
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B629F4BA-1876-4507-9233-2A25535786D8}"=iConcertCal
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}"=Netflix Movie Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}"=Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CC8B19D1-91D2-4D5B-B331-F885F432745E}"=Final Draft 6
"{D6F80A9A-D655-4DCE-BC53-AC2A55324F5C}"=YouSendIt Application Plug-in SDK
"{EF6F70D0-C242-4047-946B-98EA8208481A}"=ArcSoft TotalMedia Backup & Record
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}"=Adobe Photoshop CS
"7-Zip"=7-Zip 4.23
"AC3 Decoder v.1.2.4b"=AC3 Decoder v.1.2.4b
"Ad-Aware SE Personal"=Ad-Aware SE Personal
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"AIM YGP Picture Finder"=AIM "You've Got Pictures" Picture Finder Plugin v9.5.1.8
"AOL Instant Messenger"=AOL Instant Messenger
"ATI Display Driver"=ATI Display Driver
"AVG7Uninstall"=AVG Free Edition
"AVI Splitter_is1"=AVI Splitter
"BSPlayer1"=BSPlayer
"BurnAware Free Edition"=BurnAware Free Edition
"CCleaner"=CCleaner (remove only)
"CleanUp!"=CleanUp!
"CloneCD"=CloneCD
"Dell Digital Jukebox Driver"=Dell Digital Jukebox Driver
"Digital Media Converter_is1"=Digital Media Converter 2.7
"DonkeyMan"=DonkeyMan
"Download Accelerator Plus (DAP)"=Download Accelerator Plus (DAP)
"DVDAuthorGUI"=DVDAuthorGUI (remove only)
"Edonkey Lite1.4.3.2 English"=Edonkey Lite1.4.3.2 English
"eMule"=eMule
"Final Draft v6.0.2.5 Update"=Final Draft v6.0.2.5 Update
"Flickr Uploadr"=Flickr Uploadr 2.5.0.14
"FLVPlayer"=FLV Player 1.3.3
"Free Video Flip and Rotate_is1"=Free Video Flip and Rotate version 1.3
"GoldWave v5.04"=GoldWave v5.04
"GoogleVideoPlayer"=Google Video Player
"HijackThis"=HijackThis 2.0.2
"HUFFYUV"=Huffyuv AVI lossless video codec (Remove Only)
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{AFA9100B-D7D3-4E88-A984-2632CAAA5D2D}"=YouSendIt Express
"InstallShield_{D6F80A9A-D655-4DCE-BC53-AC2A55324F5C}"=YouSendIt Application Plug-in SDK
"InterActual Player"=InterActual Player
"IrfanView"=IrfanView (remove only)
"KLiteCodecPack_is1"=K-Lite Codec Pack 2.72 Full
"LimeWire"=LimeWire 4.14.8
"LucasArts' Grim Fandango"=LucasArts' Grim Fandango
"Macromedia Shockwave Player"=Macromedia Shockwave Player
"Magic Bullet Editors Premiere"=Magic Bullet Editors Premiere
"Magic DVD Copier_is1"=Magic DVD Copier Version 4.7.1 build 8
"Magic DVD Ripper_is1"=Magic DVD Ripper V5.2.1 build 8
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Monkey's Audio_is1"=Monkey's Audio
"Mozilla Firefox (2.0.0.17)"=Mozilla Firefox (2.0.0.17)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant"=MSN Music Assistant
"MSNINST"=MSN
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PE Builder_is1"=PE Builder 3.1.10a
"PROSetDX"=Intel® PRO Network Connections Software v9.2.4.11
"RealPlayer 6.0"=RealPlayer
"RNCompiler 6.0"=Advanced RealMedia Export Plug-in for Premiere 6.0
"R-Studio NTFS_is1"=R-Studio NTFS v2.0
"ScummVM_is1"=ScummVM 0.10.0
"Skype_is1"=Skype 3.0
"SmartFTP Client 3.0 Setup Files"=SmartFTP Client 3.0 Setup Files (remove only)
"Soulseek"=SoulSeek Client 156c
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.5.2.20
"Uninstall_is1"=Uninstall 1.0.0.0
"Unlocker"=Unlocker 1.8.7
"ViewpointMediaPlayer"=Viewpoint Media Player
"VobSub"=VobSub v2.23 (Remove Only)
"WebCyberCoach_wtrb"=WebCyberCoach 3.2 Dell
"WGA"=Windows Genuine Advantage Validation Tool
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WinZip"=WinZip
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD"=XviD MPEG-4 Codec
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Messenger"=Yahoo! Messenger
"Yahoo! Toolbar"=Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent"=BitTorrent
"BitTorrent DNA"=DNA

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-907240432-3560199864-2964379039-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent"=BitTorrent
"BitTorrent DNA"=DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/27/2008 1:28:23 PM | Computer Name = DELL9100 | Source = Application Error | ID = 1000
Description = Faulting application taskmgr.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x009f0433.

Error - 10/27/2008 1:28:40 PM | Computer Name = DELL9100 | Source = Application Error | ID = 1000
Description = Faulting application taskmgr.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x009f0433.

Error - 10/27/2008 1:30:45 PM | Computer Name = DELL9100 | Source = Application Error | ID = 1000
Description = Faulting application userinit.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x009b0433.

Error - 10/27/2008 1:31:12 PM | Computer Name = DELL9100 | Source = Application Error | ID = 1000
Description = Faulting application taskmgr.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x009f0433.

Error - 10/27/2008 3:03:07 PM | Computer Name = DELL9100 | Source = Application Error | ID = 1000
Description = Faulting application userinit.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x009e0433.

Error - 10/27/2008 3:04:57 PM | Computer Name = DELL9100 | Source = Application Error | ID = 1000
Description = Faulting application taskmgr.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00a10433.

Error - 10/27/2008 3:05:24 PM | Computer Name = DELL9100 | Source = Application Error | ID = 1000
Description = Faulting application taskmgr.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00a10433.

Error - 10/27/2008 3:31:58 PM | Computer Name = DELL9100 | Source = Application Error | ID = 1000
Description = Faulting application userinit.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00a30433.

Error - 10/27/2008 3:34:52 PM | Computer Name = DELL9100 | Source = Application Error | ID = 1000
Description = Faulting application userinit.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x009e0433.

Error - 10/28/2008 6:18:36 PM | Computer Name = DELL9100 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20080.17373, faulting
module js3250.dll, version 4.0.0.0, fault address 0x0001fa3a.

[ System Events ]
Error - 10/29/2008 11:35:50 PM | Computer Name = DELL9100 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Avg7Core Avg7RsW Avg7RsXP Beep ElbyCDIO Fips intelppm

Error - 10/30/2008 12:13:13 AM | Computer Name = DELL9100 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/30/2008 12:16:20 AM | Computer Name = DELL9100 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/30/2008 12:52:37 AM | Computer Name = DELL9100 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/30/2008 1:51:50 AM | Computer Name = DELL9100 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/30/2008 1:52:13 AM | Computer Name = DELL9100 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Avg7Core Avg7RsW Avg7RsXP Beep ElbyCDIO Fips intelppm

Error - 10/30/2008 2:23:06 AM | Computer Name = DELL9100 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/30/2008 2:21:10 PM | Computer Name = DELL9100 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.2.30 for the Network Card with network address
000FB502B97C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent
a DHCPNACK message).

Error - 10/30/2008 2:21:45 PM | Computer Name = DELL9100 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/30/2008 2:22:27 PM | Computer Name = DELL9100 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Avg7Core Avg7RsW Avg7RsXP Beep ElbyCDIO Fips intelppm


< End of report >

Attached Files


Edited by farbar, 31 October 2008 - 02:06 AM.


#11 nomoretitanic

nomoretitanic
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 30 October 2008 - 11:39 PM

ah, I notice we're on opposite schedules. I left the computer on, trying to boot under normal mode, right before leaving for work, and when I came back, it was still a black screen with a mouse cursor that I could move, 8 hours later. I couldn't even get to the log in screen now.

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:33 PM

Posted 31 October 2008 - 01:59 AM

ah, I notice we're on opposite schedules. I left the computer on, trying to boot under normal mode, right before leaving for work, and when I came back, it was still a black screen with a mouse cursor that I could move, 8 hours later. I couldn't even get to the log in screen now.


What do you mean? And why did you left computer on trying to boot under normal mode when we now you are not able to boot?

When I asked you to boot to normal mode I did not believe you could get to normal mode. I needed the Windows event log being written which then could be read on the subsequent scan by OTViewIt.

FYI: I removed the OTViewIt.txt from your post. I did not ask for that and the logs which are not needed make going back and fort through the needed log more difficult. It is the same for attached logs.

I have not got sufficient time to go through all the logs, but a quick look shows it went wrong when you replaced your userinit.exe with the wrong one. The registry entry pointing at userinit.exe was modified by the malware but not the file itself. Repairing the registry should have been sufficient. If you have asked for help, even after replacing userinit with the wrong copy of userinit, we could easily restore userinit.exe from your computer. But now it is not so simple as when you tried to update to SP3, userinit and some other system files were replaced. Uninstalling SP3 did not restored some of the SP2 system files.

I'm going to go through the logs today when I find time and post you the fix. One way or another we will clean this mess and get your computer back to normal.

Edited by farbar, 31 October 2008 - 02:41 AM.


#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:33 PM

Posted 31 October 2008 - 10:35 AM

Sorry for the delay and thanks for waiting.

You may attach the posts as they are too many.
  • AVG 7 is outdated. Its drivers aren't loading any more too.
    Visit http://free.avg.com/download?prd=afe to download AVG 8 setup up file to your desktop. Don't install it yet. We wait until you can get to normal mode. The first step after booting normally is to install the downloaded version and update it.

    Go to Add/Remove programs and uninstall AVG Free Edition.

  • The malware makes some registry modifications to use divx.nls or ntnet.drv. I'm not sure if applications related to DivX are intact any more. You may choose to uninstall these applications and install them later on when the system is booting and clean. If you wanted to uninstall them go to Add/Remove programs and uninstall the following:

    DivX Codec
    DivX Player
    DivX Converter
    DivX Web Player


  • The CloneCD driver is not loading too. If it is malware related, corrupted files or registry item or due to system malfunction or in any way related to DivX corruption I can't say. An option is to uninstall it and reinstall it later on after the system is clean and functioning or wait and see if it will load after our fixes. Let me know what is your action on this.

  • Close any open browsers.

    Open notepad and copy/paste the text in the code box below into it:

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=-
    
    Driver::
    Avg7Core
    Avg7RsW
    Avg7RsXP

    Save this as CFScript.txt, in the same location as ComboFix.exe


    Posted Image

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you ( "C:\ComboFix.txt"). Please post the log to your reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall


  • Please visit URL=http://www.billsway.com/vbspage/.
    • Scroll down the page to "Registry Search Tool".
    • Download RegSrch.zip and extract it to your desktop.
    • Doubleclick RegSrch.vbs to run the program.
    • Copy/paste in the search window: userinit.exe
    • After the search is done a WordPad opens with a report.
    • Copy and paste the content of the report to your reply.
    • Repeat the search for:
      beep.sys
      fips.sys
      intelppm.sys
  • Open notepad, make sure the wordwrap under format menu is not selected
    Copy and paste the text in the code box in it:

    if exist Export.txt del /q Export.txt
    regedit /e Check1.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Beep"
    regedit /e Check2.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelppm"
    regedit /e Check3.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fips"
    Type Check*.txt > Export.txt
    del /q Check*.txt 
    notepad Export.txt
    del look.bat
    • Go to the File menu at the top of the Notepad and select Save as.
    • Select save in: desktop
    • Fill in File name: look.bat
    • Save as type: All files.
    • Click save
    • Close the Notepad.
    • Locate and double-click look.bat on the desktop.
    • Notepad will open with some text in it. Copy and paste the contents (Export.txt) in your next reply.
  • Please try to boo to normal mode once. Then run OTViewIt, set it for all users and 7 days. Attach just extra.txt, no need for OTviewIt.txt


#14 nomoretitanic

nomoretitanic
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 31 October 2008 - 02:54 PM

I'm stuck on step 4 - nothing happens when I drag cfscript.txt onto combofix.exe. nothing happens even when I double-click on combofix.exe now.
help?

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:33 PM

Posted 31 October 2008 - 03:33 PM

Remove combofix from your desktop. While you are in Safe Mode with networking download a fresh copy and proceed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users