Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WinNT/Mader A


  • Please log in to reply
8 replies to this topic

#1 nellsbells314

nellsbells314

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 05 November 2008 - 03:02 AM

Im running windows vista. One live care informed me of the trojan but could do nothing about it. thanks for your help
-nelly

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:37 PM, on 11/4/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [DriverMagicLogon] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [SpybotDeletingA8758] command /c del "C:\Windows\System32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6437] cmd /c del "C:\Windows\System32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB6632] command /c del "C:\Windows\System32\drivers\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5368] cmd /c del "C:\Windows\System32\drivers\core.cache.dsk"
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download with Rapget - C:\Users\Joey\Downloads\rapget.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/ru...eb-20070115.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab
O16 - DPF: {3DA2AAF4-4289-4D6E-B9C0-D8360229607B} (IPAQSelfHelp Class) - https://h50203.www5.hp.com/HPISWeb/Customer...SPEIPAQTool.CAB
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...018/flashax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 9107 bytes

StartupList report, 11/4/2008, 11:59:59 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows Vista SP1 (WinNT 6.00.1905)
Detected: Internet Explorer v7.00 (7.00.6001.18000)
* Using default options
==================================================

Running processes:

C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

OneCareUI = "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
DriverMagicLogon = "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
StartCCC = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

SpybotDeletingA8758 = command /c del "C:\Windows\System32\drivers\core.cache.dsk"
SpybotDeletingC6437 = cmd /c del "C:\Windows\System32\drivers\core.cache.dsk"
SpybotSnD = "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ehTray.exe = C:\Windows\ehome\ehTray.exe
SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

SpybotDeletingB6632 = command /c del "C:\Windows\System32\drivers\core.cache.dsk"
SpybotDeletingD5368 = cmd /c del "C:\Windows\System32\drivers\core.cache.dsk"

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[AdobeUpdater]
=

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=C:\Windows\system32\Aurora.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - (no file) - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Ask Toolbar BHO - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL - {FE063DB1-4EC0-403e-8DD8-394C54984B2C}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Advanced WindowsCare V2 Pro.job
AwcProUpdate.job

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\Windows\system32\LegitCheckControl.DLL
CODEBASE = http://download.microsoft.com/download/8/b...heckControl.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\Windows\System32\Adobe\Director\swdir.dll
CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

[{238F6F83-B8B4-11CF-8771-00A024541EE3}]
CODEBASE = http://a516.g.akamai.net/f/516/25175/7d/ru...eb-20070115.cab

[Windows Live OneCare safety scanner control]
InProcServer32 = %ProgramFiles%\Windows Live Safety Center\wlscCtrl2.dll
CODEBASE = http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab

[IPAQSelfHelp Class]
InProcServer32 = C:\Windows\DOWNLO~1\ISPEIP~1.DLL
CODEBASE = https://h50203.www5.hp.com/HPISWeb/Customer...SPEIPAQTool.CAB

[HpProductDetection Class]
InProcServer32 = C:\Program Files\HP\Common\HPDeviceDetection.dll
CODEBASE = http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab

[FlashXControl Object]
InProcServer32 = C:\Windows\system32\FlashAX\FlashAX.ocx
CODEBASE = https://signin3.valueactive.com/Register/Br...018/flashax.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #2: C:\Windows\system32\napinsp.dll
NameSpace #3: C:\Windows\system32\pnrpnsp.dll
NameSpace #4: C:\Windows\system32\pnrpnsp.dll
NameSpace #7: C:\Program Files\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Windows\System32\drivers\core.cache.dsk||C:\Windows\system32\drivers\exfatt.sys


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\Windows\system32\webcheck.dll

--------------------------------------------------
End of report, 7,084 bytes
Report generated in 0.031 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

BC AdBot (Login to Remove)

 


#2 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:02:30 PM

Posted 16 November 2008 - 03:50 AM

Hello nellsbells314 and welcome to BleepingComputer!

Apollogies for the delay. The forum has been very busy lately. If you are still having problems please download OTViewIt to your desktop.
  • Close all windows and double click OTViewIt
  • Place a tick in the Scan all Users box
  • In the File Age drop down box select 90 days
  • Click Run Scan and let the program run uninterrupted
  • On completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post.
Thanks,

Johannes

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#3 nellsbells314

nellsbells314
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 05 December 2008 - 09:27 PM

Here is one log from otviewit. The other log came up with a window titled otviewit, and reads, "Access violation at address 77195973 in module ntdll.dll read of address 0000001E

OTViewIt logfile created on: 12/5/2008 6:14:23 PM - Run 2
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Users\Joey\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 60.52% Memory free
3.62 Gb Paging File | 2.53 Gb Available in Paging File | 69.89% Paging File free
Paging file location(s): c:\pagefile.sys 1750 3500;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 10.30 Gb Free Space | 6.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOEY-PC
Current User Name: Joey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 90 Days

========== Processes ==========

[2008/01/18 23:33:37 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2008/01/18 23:33:14 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2008/07/09 17:05:22 | 00,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
[2008/01/18 23:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2008/09/23 18:16:56 | 00,704,512 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/05/23 15:30:22 | 00,176,128 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
[2008/07/24 04:03:36 | 00,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/10/26 12:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
[2006/09/29 11:48:06 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
[2008/11/05 13:16:44 | 00,025,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
[2006/11/28 15:28:12 | 00,020,480 | ---- | M] ( ) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
[2008/01/18 23:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2007/05/23 15:30:10 | 02,514,944 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe
[2008/05/26 21:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2007/11/27 22:45:02 | 00,869,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
[2008/11/05 13:18:04 | 01,132,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe
[2008/01/18 23:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/01/18 23:33:08 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2008/01/18 23:33:39 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
[2008/11/05 13:18:30 | 00,064,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
[2007/05/31 08:21:28 | 00,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdc.exe
[2008/11/10 05:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2006/11/02 01:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2008/01/18 23:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
[2008/11/17 06:32:59 | 00,342,336 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
[2008/01/18 23:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2008/01/18 23:33:15 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
[2005/12/12 12:58:24 | 00,102,400 | ---- | M] () -- C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
[2006/11/02 01:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2008/01/18 23:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2008/01/18 23:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
[2008/01/18 23:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
[2007/07/17 10:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/12/05 07:46:16 | 08,298,496 | ---- | M] () -- C:\Program Files\Sony\Station\Station Launcher\LaunchPad2\StationLauncher.exe
[2008/12/05 18:10:46 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Users\Joey\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2008/07/27 10:03:11 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/05/23 15:30:22 | 00,176,128 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv [Auto | Running])
[2008/09/23 18:16:56 | 00,704,512 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Stopped])
[2008/07/24 04:03:36 | 00,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2008/07/27 10:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
[2006/12/01 20:35:40 | 00,139,268 | ---- | M] () -- C:\Program Files\DCPFLICS\DCPFLICS.exe -- (DCPFLICS [Auto | Stopped])
[2008/01/18 23:33:06 | 02,091,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2008/01/18 23:34:06 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2008/01/18 23:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 04:34:14 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2008/10/03 12:46:30 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2008/06/19 17:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/05/02 01:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
[2007/05/23 15:29:34 | 00,102,400 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS [Auto | Stopped])
[2006/10/26 12:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM [Auto | Running])
[2006/09/29 11:48:06 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32 [Auto | Running])
[2007/08/24 05:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
[2006/11/02 05:02:42 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Running])
[2007/11/27 22:45:02 | 00,869,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe -- (msfwsvc [Auto | Running])
[2008/06/19 17:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/11/05 13:16:44 | 00,025,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon [Auto | Running])
[2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2008/07/09 17:05:22 | 00,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe -- (OneCareMP [Auto | Running])
[2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/11/28 15:28:12 | 00,020,480 | ---- | M] ( ) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])
[2006/11/09 15:30:14 | 00,065,536 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
[2008/01/18 23:36:17 | 00,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll -- (RpcSs [Unknown | Running])
[2008/01/18 23:36:19 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2008/01/18 23:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 01:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2008/10/11 04:43:38 | 00,087,288 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Stopped])
[2008/01/18 23:33:33 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2007/05/23 15:30:10 | 02,514,944 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS [Auto | Running])
[2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008/01/18 23:33:33 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
[2008/01/18 23:33:35 | 00,917,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbengine.exe -- (wbengine [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2008/11/05 13:18:04 | 01,132,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe -- (winss [Auto | Running])
[2008/01/18 23:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
[2008/05/26 21:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2008/08/14 06:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\drivers\adfs.sys -- (adfs [Auto | Running])
[2007/08/03 13:28:44 | 00,347,648 | ---- | M] (Analog Devices, Inc.) -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
[2006/11/02 01:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 01:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 01:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 01:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2005/02/23 13:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\Windows\System32\drivers\afc.sys -- (Afc [On_Demand | Running])
[2006/11/02 01:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006/11/22 06:58:10 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006/11/02 01:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006/11/22 06:58:10 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 00:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006/11/02 00:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2006/11/02 01:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 01:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2008/09/23 19:09:56 | 03,976,192 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag [On_Demand | Stopped])
[2008/01/18 21:28:26 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 00:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 00:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 00:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 00:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 00:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 00:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/11/02 00:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2006/11/02 00:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008/01/18 23:42:58 | 00,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2006/11/22 06:58:10 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006/11/02 01:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 00:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2008/01/18 21:28:57 | 00,350,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\csc.sys -- (CSC [System | Running])
[2008/01/18 21:28:20 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2008/08/01 17:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2008/02/06 16:13:00 | 00,218,752 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express [On_Demand | Running])
[2006/11/01 23:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2008/01/18 23:42:11 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2006/11/02 01:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008/01/18 21:28:01 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])
[2008/07/30 06:51:02 | 00,086,144 | ---- | M] () -- C:\Windows\System32\drivers\exfatt.sys -- (exfatt [System | Running])
[2008/01/18 23:42:31 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2008/01/18 21:30:23 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2002/05/07 08:44:04 | 00,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) -- C:\Windows\System32\drivers\V4CB0131.SYS -- (FINEPIX_PCC [On_Demand | Stopped])
[2008/01/18 23:42:12 | 00,145,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fvevol.sys -- (fvevol [Boot | Running])
[2006/11/02 01:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2006/11/01 23:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2008/01/18 20:30:49 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2007/06/12 16:05:50 | 00,045,056 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\HECI.sys -- (HECI [On_Demand | Running])
[2006/11/02 00:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 00:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 01:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2007/09/29 22:03:12 | 00,308,248 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2006/11/02 01:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2006/11/02 01:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2006/11/02 00:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2008/01/18 23:42:35 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 01:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 01:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2008/01/18 21:49:17 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/02/29 02:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
[2008/01/18 21:55:03 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2008/02/29 02:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
[2006/11/02 01:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 01:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 01:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
File not found -- -- (lsi_snt [Unknown | Running])
[2008/01/18 21:30:36 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2008/02/29 02:13:46 | 00,028,944 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt [On_Demand | Running])
[2006/11/02 01:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2008/01/18 21:52:19 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2008/05/15 16:15:16 | 00,053,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter [On_Demand | Running])
[2006/11/02 01:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2008/01/18 21:54:46 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 01:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2008/08/26 17:05:41 | 00,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2008/01/18 21:28:37 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2008/07/17 13:35:32 | 00,025,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Boot | Running])
File not found -- -- (msahciex [Unknown | Running])
[2006/11/02 01:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2007/11/27 22:45:00 | 00,091,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msfwdrv.sys -- (MSFWDrv [Auto | Running])
[2007/11/27 22:44:54 | 00,037,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msfwhlpr.sys -- (MSFWHLPR [System | Running])
[2008/01/18 23:41:14 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2008/01/18 23:42:29 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2005/04/06 13:05:24 | 00,015,360 | ---- | M] (Maxtor Corp.) -- C:\Windows\System32\drivers\mxopswd.sys -- (MXOPSWD [On_Demand | Stopped])
[2008/05/19 18:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Stopped])
[2008/08/22 04:57:03 | 00,027,136 | ---- | M] (NCH Swift Sound) -- C:\Windows\System32\drivers\nchssvad.sys -- (NCHSSVAD [On_Demand | Running])
[2006/11/02 01:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2008/01/18 21:55:50 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/01 23:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2007/07/05 21:15:00 | 07,568,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2006/11/02 01:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2006/11/02 01:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2006/11/02 01:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2008/07/18 08:52:27 | 00,240,128 | ---- | M] (PARADOX) -- C:\Windows\System32\drivers\royal.sys -- (OemBiosDevice [Boot | Stopped])
[2006/11/02 01:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2008/04/04 17:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2007/05/07 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2006/11/02 01:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 01:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2008/01/18 21:56:07 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2008/01/18 21:56:43 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp [On_Demand | Running])
[2008/01/18 22:01:09 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2008/01/18 21:55:03 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2007/05/01 14:45:22 | 00,132,232 | ---- | M] (Saitek) -- C:\Windows\System32\drivers\SaiH0109.sys -- (SaiH0109 [On_Demand | Stopped])
[2007/05/01 14:45:22 | 00,028,416 | ---- | M] (Saitek) -- C:\Windows\System32\drivers\SaiU0109.sys -- (SaiU0109 [On_Demand | Stopped])
[2006/11/02 01:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2008/03/13 22:04:29 | 00,046,652 | ---- | M] (PowerISO Computing, Inc.) -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2006/11/01 22:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008/01/18 21:49:16 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2006/11/02 00:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2006/11/02 00:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006/11/02 00:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2006/11/02 01:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006/11/02 01:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 01:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2008/01/18 21:55:27 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2008/01/18 23:41:30 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2007/07/26 08:25:12 | 00,039,808 | ---- | M] () -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter [On_Demand | Stopped])
[2008/01/18 21:29:15 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2008/01/18 21:29:12 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2002/07/11 14:28:08 | 00,010,988 | ---- | M] (USB BULK) -- C:\Windows\System32\drivers\Bulk504.sys -- (Sunplus [On_Demand | Stopped])
[2006/11/02 01:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2006/11/02 01:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 01:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2008/01/18 21:56:07 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
File not found -- -- (tdtcp2k [Unknown | Running])
[2008/01/18 21:55:58 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2008/01/18 22:01:15 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2008/01/18 21:55:41 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2008/01/18 21:55:50 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2006/11/02 01:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2006/11/02 01:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 01:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 01:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 01:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008/01/18 21:53:40 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2008/10/01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/01/18 21:53:23 | 00,073,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Stopped])
[2006/11/02 00:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2007/06/28 06:18:10 | 01,310,720 | ---- | M] (C-Media Inc) -- C:\Windows\System32\drivers\CM108.sys -- (USBPNPA [On_Demand | Stopped])
[2008/01/18 21:52:06 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 00:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2006/11/22 06:58:10 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2008/01/18 23:42:18 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2008/01/18 23:43:03 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006/11/02 01:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 00:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006/11/02 01:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008/01/18 23:43:27 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2008/01/18 21:53:22 | 00,031,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\winusb.sys -- (winusb [On_Demand | Stopped])
[2006/11/02 00:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
[2008/01/18 21:56:49 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
[2002/04/08 10:57:40 | 00,899,700 | ---- | M] (Xirlink, Inc) -- C:\Windows\System32\drivers\ucdnt.sys -- (XIRLINK [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"Local Page"=http://www2.iesearch.com/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Page_Transitions"=
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}" (HKLM) -- C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3985853363-928494329-1858876857-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Page_Transitions"=
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_USERS\S-1-5-21-3985853363-928494329-1858876857-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}" (HKLM) -- C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)

[HKEY_USERS\S-1-5-21-3985853363-928494329-1858876857-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3985853363-928494329-1858876857-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-3985853363-928494329-1858876857-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (269218 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 www.136136.net
9317 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{9CB65201-89C4-402c-BA80-02D8C59F9B1D} (HKLM) -- C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
{FE063DB1-4EC0-403e-8DD8-394C54984B2C} (HKLM) -- C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{FE063DB9-4EC0-403e-8DD8-394C54984B2C}" (HKLM) -- C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3985853363-928494329-1858876857-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"NvSvc"=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart (NVIDIA Corporation)
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" (Microsoft Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3985853363-928494329-1858876857-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)
Add to Windows &Live Favorites: File not found
Download with Rapget: C:\Users\Joey\Downloads\rapget.htm [2008/09/29 22:07:13 | 00,000,815 | ---- | M] ()

[HKEY_USERS\S-1-5-21-3985853363-928494329-1858876857-1000\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)
Add to Windows &Live Favorites: File not found
Download with Rapget: C:\Users\Joey\Downloads\rapget.htm [2008/09/29 22:07:13 | 00,000,815 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 -- %SystemRoot%\WindowsMobile\INetRepl.dll [2007/05/31 08:21:16 | 00,176,520 | ---- | M] (Microsoft Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Menu: @C:\Windows\WindowsMobile\INetRepl.dll,-223 -- %SystemRoot%\WindowsMobile\INetRepl.dll [2007/05/31 08:21:16 | 00,176,520 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{00000000-0000-0000-0000-000000000000}\\ButtonText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{00000000-0000-0000-0000-000000000000}\\CLSID [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{00000000-0000-0000-0000-000000000000}\\Default Visible [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{00000000-0000-0000-0000-000000000000}\\Exec [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{00000000-0000-0000-0000-000000000000}\\HotIcon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{00000000-0000-0000-0000-000000000000}\\Icon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\ButtonText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\CLSID [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\Default Visible [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\Exec [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\HotIcon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\Icon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\MenuStatusBar [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\MenuText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-21-3985853363-928494329-1858876857-1000\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{00000000-0000-0000-0000-000000000000}\\ButtonText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{00000000-0000-0000-0000-000000000000}\\CLSID [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{00000000-0000-0000-0000-000000000000}\\Default Visible [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{00000000-0000-0000-0000-000000000000}\\Exec [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{00000000-0000-0000-0000-000000000000}\\HotIcon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{00000000-0000-0000-0000-000000000000}\\Icon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\ButtonText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\CLSID [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\Default Visible [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\Exec [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\HotIcon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\Icon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\MenuStatusBar [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\MenuText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-3985853363-928494329-1858876857-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab -- QuickTime Object
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/8/b...heckControl.cab -- Windows Genuine Advantage Validation Tool
{233C1507-6A77-46A4-9443-F871F945D258}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{238F6F83-B8B4-11CF-8771-00A024541EE3}: http://a516.g.akamai.net/f/516/25175/7d/ru...eb-20070115.cab -- Reg Error: Key does not exist or could not be opened.
{3860DD98-0549-4D50-AA72-5D17D200EE10}: http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab -- Reg Error: Key does not exist or could not be opened.
{3DA2AAF4-4289-4D6E-B9C0-D8360229607B}: https://h50203.www5.hp.com/HPISWeb/Customer...SPEIPAQTool.CAB -- IPAQSelfHelp Class
{6B75345B-AA36-438A-BBE6-4078B4C6984D}: http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab -- HpProductDetection Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{D8089245-3211-40F6-819B-9E5E92CD61A2}: https://signin3.valueactive.com/Register/Br...018/flashax.cab -- FlashXControl Object

========== (O17) DNS Name Servers ==========

{86A41894-E471-4FFE-AC63-EAD26901D5AA} (Servers: | Description: Intel® 82566DM-2 Gigabit Network Connection)

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{E31004D1-A431-41B8-826F-E902F9D95C81}" (HKLM) = Windows DreamScene -- C:\Windows\System32\DreamScene.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/18 23:33:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\Windows\system32\qomjHbyV,
>File not found --

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/18 23:36:42 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/18 13:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1167b7c3-c29b-11dd-afb2-001aa0832335}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1167b7c3-c29b-11dd-afb2-001aa0832335}\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e8aff25-82cf-11dd-99dd-001aa0832335}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e8aff25-82cf-11dd-99dd-001aa0832335}\Shell\AutoRun\command]
""=G:\LaunchU3.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c2e2e69-bc6d-11dd-b62a-001aa0832335}\Shell\AutoRun\command]
""=E:\setupSNK.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f78169c2-7043-11dd-8b6a-001aa0832335}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f78169c2-7043-11dd-8b6a-001aa0832335}\Shell\AutoRun\command]
""=G:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
""=F:\FarCryAutoCD.exe -- File not found

========== Files/Folders - Created Within 90 Days ==========

[2008/12/05 18:10:43 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Users\Joey\Desktop\OTViewIt.exe
[2008/12/05 18:06:33 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt01.sqm
[2008/12/05 18:06:33 | 00,000,232 | -H-- | C] () -- C:\sqmdata01.sqm
[2008/12/05 10:35:19 | 00,002,082 | ---- | C] () -- C:\Users\Joey\Desktop\Star Wars Galaxies.lnk
[2008/12/05 07:41:35 | 00,000,000 | ---D | C] -- C:\Program Files\StarWarsGalaxies
[2008/12/05 07:40:48 | 00,001,757 | ---- | C] () -- C:\Users\Public\Desktop\StationLauncher.lnk
[2008/12/05 04:53:43 | 00,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\Eyeblaster
[2008/12/04 19:53:42 | 00,000,018 | ---- | C] () -- C:\Windows\MSR.INI
[2008/12/04 19:49:46 | 00,000,000 | ---D | C] -- C:\MSR206
[2008/12/04 11:34:28 | 00,720,896 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002ev.exe
[2008/12/04 11:34:16 | 00,000,000 | ---D | C] -- C:\Program Files\Bejeweled 2 Deluxe
[2008/12/04 11:04:55 | 00,000,000 | ---D | C] -- C:\ProgramData\GameHouse
[2008/12/04 10:52:11 | 00,000,000 | ---D | C] -- C:\ProgramData\n7-89-o9-3r-4t-r9
[2008/12/04 10:52:01 | 00,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\GameHouse
[2008/12/04 10:48:21 | 00,000,000 | ---D | C] -- C:\Program Files\Bookworm Deluxe
[2008/12/04 10:46:53 | 00,000,000 | ---D | C] -- C:\Program Files\GameHouse
[2008/12/04 07:38:49 | 00,798,720 | ---- | C] () -- C:\Users\Joey\AppData\Roaming\Rsch.exe
[2008/12/03 22:17:10 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Favorites
[2008/12/03 22:16:34 | 00,000,252 | ---- | C] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2008/12/03 22:16:31 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Toolbar
[2008/12/03 18:22:56 | 00,000,000 | ---D | C] -- C:\Users\Joey\Documents\Documents on Joey's PDA 3
[2008/12/03 11:30:59 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2008/12/03 11:29:58 | 21,114,22464 | -HS- | C] () -- C:\hiberfil.sys
[2008/12/02 19:29:21 | 00,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\Intuit
[2008/12/02 19:29:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2008/12/02 19:25:05 | 01,933,312 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\System32\cdintf251.dll
[2008/12/02 19:24:58 | 00,002,291 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2008/12/02 19:19:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 4.0
[2008/12/02 19:19:30 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\Intuit
[2008/12/02 19:19:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2008/12/02 19:19:30 | 00,000,000 | ---D | C] -- C:\Program Files\Intuit
[2008/12/02 19:19:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2008/12/02 19:09:12 | 00,000,000 | ---D | C] -- C:\temp
[2008/12/02 18:43:39 | 00,000,000 | ---D | C] -- C:\ProgramData\COMMON FILES
[2008/11/28 23:17:07 | 00,091,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msfwdrv.sys
[2008/11/28 23:17:07 | 00,037,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msfwhlpr.sys
[2008/11/28 23:16:09 | 00,053,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\MpFilter.sys
[2008/11/28 13:30:06 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2008/11/28 13:30:06 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2008/11/28 13:30:06 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2008/11/28 13:30:06 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2008/11/28 13:29:49 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2008/11/28 13:29:49 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2008/11/28 13:29:49 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2008/11/28 13:29:38 | 00,162,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2008/11/28 13:29:38 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2008/11/28 10:41:06 | 00,000,000 | ---D | C] -- C:\Program Files\Hotspots
[2008/11/28 10:34:53 | 00,000,000 | ---D | C] -- C:\Users\Joey\Documents\Work Related
[2008/11/28 01:06:59 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm
[2008/11/28 01:06:59 | 00,000,232 | -H-- | C] () -- C:\sqmdata00.sqm
[2008/11/27 06:11:12 | 00,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\Agilix
[2008/11/27 06:10:57 | 00,000,040 | -HS- | C] () -- C:\Users\Joey\AppData\Roaming\AUWZ2JDKJ6L8MP3FDDKQB363K4
[2008/11/27 02:17:02 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2008/11/26 12:26:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2008/11/26 04:07:32 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2008/11/26 04:07:24 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2008/11/26 04:07:24 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2008/11/26 04:07:24 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2008/11/26 04:07:10 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2008/11/26 00:27:43 | 00,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\Yahoo
[2008/11/26 00:26:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2008/11/25 11:47:23 | 00,000,000 | ---D | C] -- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/11/25 11:47:23 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/11/25 11:46:29 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/11/24 11:34:21 | 00,000,172 | ---- | C] () -- C:\Users\Joey\AppData\Local\RAExpertHistory.xml
[2008/11/24 11:28:50 | 00,000,172 | ---- | C] () -- C:\Users\Joey\AppData\Local\rahistory.xml
[2008/11/24 11:28:50 | 00,000,000 | ---D | C] -- C:\Users\Joey\Documents\Remote Assistance Logs
[2008/11/23 21:49:41 | 00,000,000 | ---D | C] -- C:\Program Files\WebIS
[2008/11/23 21:47:41 | 00,000,000 | ---D | C] -- C:\Program Files\FranklinCovey
[2008/11/23 21:33:36 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2008/11/23 21:33:35 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2008/11/23 21:33:34 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2008/11/23 21:33:34 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2008/11/23 21:33:34 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2008/11/23 21:33:34 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2008/11/23 21:33:31 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2008/11/23 21:33:28 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2008/11/23 21:28:22 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2008/11/23 21:28:18 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2008/11/23 21:28:17 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2008/11/23 21:28:02 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2008/11/23 21:27:55 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2008/11/23 21:23:33 | 00,000,000 | RH-D | C] -- C:\AHCache
[2008/11/22 22:52:53 | 00,000,000 | ---D | C] -- C:\Users\Joey\Documents\Corel User Files
[2008/11/21 09:48:00 | 00,000,000 | ---D | C] -- C:\Program Files\Anthelion2
[2008/11/21 09:47:41 | 00,000,000 | ---D | C] -- C:\Program Files\Arvale
[2008/11/20 21:10:19 | 00,038,229 | ---- | C] (Generic) -- C:\Windows\System32\drivers\StMp3Rec.sys
[2008/11/20 20:58:50 | 00,194,117 | ---- | C] () -- C:\Windows\System32\setup.inx
[2008/11/19 12:29:45 | 00,000,800 | ---- | C] () -- C:\Users\Joey\Desktop\Absolute Poker.lnk
[2008/11/19 12:29:45 | 00,000,000 | ---D | C] -- C:\Users\Joey\Documents\Absolute Poker
[2008/11/19 12:29:42 | 00,000,000 | ---D | C] -- C:\Poker Application
[2008/11/17 13:18:30 | 00,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\SOTI
[2008/11/17 13:15:27 | 00,000,000 | ---D | C] -- C:\Program Files\SOTI
[2008/11/17 13:09:28 | 00,092,672 | ---- | C] () -- C:\Windows\cabinst.exe
[2008/11/16 16:24:02 | 00,129,985 | ---- | C] () -- C:\Users\Joey\Documents\iTunes Diagnostics.spx
[2008/11/16 16:24:02 | 00,002,320 | ---- | C] () -- C:\Users\Joey\Documents\iTunes Diagnostics.rtf
[2008/11/16 11:42:53 | 00,290,816 | ---- | C] (Xirlink) -- C:\Windows\System32\camfc.dll
[2008/11/16 11:42:53 | 00,086,016 | ---- | C] (Xirlink, Inc) -- C:\Windows\System32\ucdintf.dll
[2008/11/16 11:42:53 | 00,061,440 | ---- | C] (Xirlink) -- C:\Windows\System32\camiodll.dll
[2008/11/16 11:42:53 | 00,057,344 | ---- | C] (Xirlink, Inc) -- C:\Windows\System32\CamDsf.ax
[2008/11/16 11:42:53 | 00,040,960 | ---- | C] (Xirlink, Inc) -- C:\Windows\System32\PicEng.dll
[2008/11/16 11:42:52 | 00,899,700 | ---- | C] (Xirlink, Inc) -- C:\Windows\System32\drivers\ucdnt.sys
[2008/11/16 11:42:52 | 00,086,016 | ---- | C] (Xirlink, Inc.) -- C:\Windows\System32\xl_x263dec.dll
[2008/11/16 11:42:52 | 00,057,344 | ---- | C] (Xirlink, Inc.) -- C:\Windows\System32\xl_yv12.dll
[2008/11/16 11:42:52 | 00,057,344 | ---- | C] (Xirlink, Inc.) -- C:\Windows\System32\xl_yuy2.dll
[2008/11/16 11:42:52 | 00,057,344 | ---- | C] (Xirlink, Inc.) -- C:\Windows\System32\xl_uyvy.dll
[2008/11/16 11:42:52 | 00,053,248 | ---- | C] (Xirlink, Inc.) -- C:\Windows\System32\Xl_I420.dll
[2008/11/16 11:42:52 | 00,049,152 | ---- | C] (Xirlink) -- C:\Windows\System32\x263.dll
[2008/11/16 11:42:52 | 00,000,305 | ---- | C] () -- C:\Windows\bundle.ini
[2008/11/16 11:42:52 | 00,000,000 | ---D | C] -- C:\Program Files\Veo Stingray
[2008/11/16 11:41:41 | 00,000,000 | ---D | C] -- C:\SETUP
[2008/11/16 09:09:03 | 00,014,434 | ---- | C] () -- C:\Users\Joey\Documents\greenday.docx
[2008/11/16 02:20:00 | 00,000,000 | -H-D | C] -- C:\BJPrinter
[2008/11/14 17:23:40 | 00,026,690 | ---- | C] () -- C:\Users\Joey\Documents\morre than words.docx
[2008/11/14 16:32:12 | 00,000,000 | ---D | C] -- C:\Program Files\Power Tab Software
[2008/11/14 09:33:43 | 00,000,000 | ---D | C] -- C:\Program Files\Paragon Software
[2008/11/14 09:32:12 | 00,000,000 | ---D | C] -- C:\Users\Joey\Documents\SoftMaker
[2008/11/14 09:32:12 | 00,000,000 | ---D | C] -- C:\Program Files\SoftMaker
[2008/11/14 09:26:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Mobipocket Shared
[2008/11/14 09:25:29 | 00,002,506 | ---- | C] () -- C:\Windows\temp.htm
[2008/11/14 09:24:56 | 00,000,973 | ---- | C] () -- C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ListProAlarms.lnk
[2008/11/14 09:24:55 | 00,000,000 | ---D | C] -- C:\Program Files\Ilium Software
[2008/11/14 09:19:37 | 00,000,000 | ---D | C] -- C:\Program Files\Map Calibrator
[2008/11/14 09:18:58 | 00,000,000 | ---D | C] -- C:\Program Files\GPS Tuner
[2008/11/14 09:15:10 | 00,000,000 | ---D | C] -- C:\Program Files\Handmark
[2008/11/14 09:12:09 | 00,000,000 | ---D | C] -- C:\Program Files\Astraware
[2008/11/13 17:14:53 | 00,000,000 | ---D | C] -- C:\LDIR
[2008/11/13 16:22:34 | 00,916,660 | ---- | C] () -- C:\Program Files\PC Counselor.rar
[2008/11/13 16:17:07 | 00,000,000 | ---D | C] -- C:\Program Files\ConTEXT
[2008/11/13 13:21:47 | 00,000,863 | ---- | C] () -- C:\Users\Joey\Documents\Document.rtf
[2008/11/11 12:38:05 | 00,212,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2008/11/11 12:38:04 | 01,191,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2008/11/11 12:38:03 | 01,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2008/11/09 12:38:32 | 00,000,000 | ---D | C] -- C:\Program Files\Turbine
[2008/11/09 08:47:16 | 00,000,000 | ---D | C] -- C:\Users\Joey\Documents\Asheron's Call
[2008/11/07 23:24:22 | 00,000,000 | ---D | C] -- C:\Program Files\CardSpike Poker
@Alternate Data Stream - 81 bytes -> C:\Program Files\CardSpike Poker:MID
[2008/11/06 23:44:25 | 00,000,000 | ---D | C] -- C:\Program Files\reconserver
[2008/11/06 23:40:20 | 00,000,524 | ---- | C] () -- C:\Windows\System32\MediaTubeCodec_ver1.1595.0.exe
[2008/11/06 01:13:44 | 00,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\MigWiz
[2008/11/06 00:59:05 | 00,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\Media Player Classic
[2008/11/06 00:15:02 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2008/11/06 00:15:00 | 00,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/11/06 00:15:00 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2008/11/06 00:14:57 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2008/11/06 00:14:57 | 00,287,744 | ---- | C] (Kristal StudioDFileDescription) -- C:\Windows\System32\divxa32.acm
[2008/11/06 00:14:57 | 00,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\mp3fhg.acm
[2008/11/06 00:14:57 | 00,118,784 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2008/11/06 00:14:57 | 00,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2008/11/06 00:14:56 | 02,041,363 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2008/11/06 00:14:56 | 00,630,784 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2008/11/06 00:14:56 | 00,438,272 | ---- | C] (On2.com) -- C:\Windows\System32\vp6vfw.dll
[2008/11/06 00:14:56 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2008/11/06 00:14:56 | 00,039,936 | ---- | C] (Disappearing Inc.) -- C:\Windows\System32\huffyuv.dll
[2008/11/06 00:14:54 | 00,683,520 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\divx.dll
[2008/11/06 00:14:53 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/11/06 00:14:50 | 00,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\Real
[2008/11/06 00:14:50 | 00,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\Real
[2008/11/06 00:14:50 | 00,000,000 | ---D | C] -- C:\ProgramData\Real
[2008/11/06 00:14:50 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2008/11/06 00:07:54 | 00,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/11/06 00:07:54 | 00,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/11/06 00:07:54 | 00,077,824 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2008/11/06 00:07:54 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid
[2008/11/04 22:44:10 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/11/04 21:00:16 | 00,000,390 | ---- | C] () -- C:\Windows\wininit.ini
[2008/11/04 20:17:09 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2008/11/04 20:17:09 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/11/04 11:22:28 | 00,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2008/11/02 14:46:07 | 00,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\Softplicity
[2008/11/02 14:45:42 | 00,000,000 | ---D | C] -- C:\Program Files\TotalMovieConverter
[2008/10/29 07:12:33 | 00,000,000 | ---D | C] -- C:\Users\Joey\Documents\SweetScape
[2008/10/29 07:12:33 | 00,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\010 Editor
[2008/10/29 07:10:08 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2008/10/29 07:10:07 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2008/10/29 07:10:07 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wersvc.dll
[2008/10/27 17:12:49 | 00,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\Roblox
[2008/10/27 17:11:52 | 00,000,000 | ---D | C] -- C:\ProgramData\Roblox
[2008/10/27 17:11:52 | 00,000,000 | ---D | C] -- C:\Program Files\Roblox
[2008/10/26 14:21:27 | 00,018,364 | ---- | C] () -- C:\Users\Joey\Documents\Warrant.docx
[2008/10/26 10:41:15 | 00,000,000 | ---D | C] -- C:\Users\Joey\Documents\watchers
[2008/10/25 12:26:35 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/10/25 12:18:49 | 00,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\Nero
[2008/10/25 11:31:00 | 00,000,000 | ---D | C] -- C:\Program Files\AskTBar
[2008/10/25 11:30:53 | 00,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/10/25 11:18:21 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2008/10/25 11:18:05 | 00,000,000 | ---D | C] -- C:\ProgramData\Nero
[2008/10/25 11:18:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2008/10/25 10:58:25 | 00,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/10/23 23:57:42 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2008/10/23 16:20:44 | 00,000,000 | -H-D | C] -- C:\Windows\PIF
[2008/10/23 15:52:56 | 00,080,269 | ---- | C] () -- C:\Users\Joey\Documents\gigabyte 939 motherboard specs.docx
[2008/10/22 17:28:42 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2008/10/22 17:28:42 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2008/10/22 17:28:41 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2008/10/22 17:28:40 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2008/10/22 17:28:40 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2008/10/22 13:24:46 | 00,000,000 | R--D | C] -- C:\Users\Joey\Documents\Scanned Documents
[2008/10/22 13:24:45 | 00,000,000 | ---D | C] -- C:\Users\Joey\Documents\Fax
[2008/10/17 20:11:56 | 00,000,886 | ---- | C] () -- C:\Windows\EntPack.dat
[2008/10/17 20:11:56 | 00,000,668 | ---- | C] () -- C:\Windows\EntPack.ini
[2008/10/17 20:08:40 | 00,019,200 | ---- | C] () -- C:\Windows\System\Weputil.dll
[2008/10/17 02:04:39 | 00,000,000 | ---D | C] -- C:\ProgramData\ATI
[2008/10/17 01:54:26 | 00,000,040 | ---- | C] () -- C:\Windows\mtwm2.ini
[2008/10/17 01:49:32 | 00,010,988 | ---- | C] (USB BULK) -- C:\Windows\System32\drivers\Bulk504.sys
[2008/10/17 01:34:33 | 00,000,000 | ---D | C] -- C:\Program Files\Driver Magician
[2008/10/16 18:14:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ChaosGroup
[2008/10/16 18:14:19 | 00,000,000 | ---D | C] -- C:\Program Files\Chaos Group
[2008/10/16 18:10:53 | 00,581,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.000
[2008/10/16 18:10:52 | 00,000,000 | ---D | C] -- C:\Program Files\DarkSim
[2008/10/16 18:10:15 | 00,000,000 | ---D | C] -- C:\Program Files\DCPFLICS
[2008/10/16 16:49:29 | 00,000,000 | ---D | C] -- C:\Program Files\NoviiMedia
[2008/10/16 16:42:06 | 00,000,000 | ---D | C] -- C:\Program Files\PC Counselor
[2008/10/16 16:24:48 | 00,010,048 | ---- | C] () -- C:\Windows\msvrc20.dll
[2008/10/16 16:24:43 | 00,000,000 | ---D | C] -- C:\Program Files\IObit
[2008/10/16 14:39:51 | 00,000,000 | ---D | C] -- C:\ProgramData\SymplisIT
[2008/10/16 14:38:32 | 00,000,090 | ---- | C] () -- C:\Windows\vmreg32.dll
[2008/10/16 14:38:19 | 00,000,000 | ---D | C] -- C:\Program Files\SymplisIT
[2008/10/16 12:03:13 | 00,000,000 | ---D | C] -- C:\Program Files\PDAmill
[2008/10/16 12:01:40 | 00,000,000 | ---D | C] -- C:\Program Files\Binaryfish
[2008/10/16 11:54:26 | 00,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2008/10/16 11:52:52 | 00,000,000 | ---D | C] -- C:\Program Files\Postal2STP
[2008/10/16 11:48:55 | 00,000,000 | ---D | C] -- C:\Program Files\Hard Disk Sentinel
[2008/10/16 11:48:29 | 00,000,000 | ---D | C] -- C:\Program Files\HDD Regenerator
[2008/10/15 11:49:29 | 00,000,000 | ---D | C] -- C:\Program Files\Sony
[2008/10/15 02:03:33 | 03,601,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2008/10/15 02:03:33 | 03,549,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2008/10/15 02:03:31 | 03,578,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2008/10/15 02:03:30 | 06,068,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2008/10/15 02:03:29 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2008/10/15 02:03:29 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2008/10/15 02:03:28 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2008/10/15 02:03:28 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2008/10/15 02:03:27 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2008/10/15 02:03:27 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2008/10/15 02:02:48 | 02,032,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2008/10/15 02:01:48 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2008/10/14 01:45:05 | 00,000,000 | ---D | C] -- C:\ATI
[2008/10/12 20:51:44 | 10,491,482 | ---- | C] () -- C:\Users\Joey\Documents\9320.3031212.EN.exe
[2008/10/11 15:41:53 | 00,000,000 | ---D | C] -- C:\Users\Joey\Documents\Documents on Joey's PDA
[2008/10/11 15:22:31 | 00,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/10/11 15:22:17 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2008/10/10 18:42:38 | 00,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2008/10/10 00:23:13 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/10/10 00:20:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2008/10/09 17:03:08 | 00,000,000 | ---D | C] -- C:\ProgramData\MSScanAppDataDir
[2008/10/09 02:46:26 | 00,505,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll
[2008/10/09 02:46:24 | 00,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008/10/09 02:46:24 | 00,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/10/09 02:46:24 | 00,035,840 | ---- | C] () -- C:\Windows\System32\comdlg32.oca
[2008/10/09 02:46:24 | 00,028,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxmlr.dll
[2008/10/09 02:46:24 | 00,026,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlinst.exe
[2008/10/09 02:46:24 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2008/10/09 02:39:46 | 00,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2008/10/08 23:16:21 | 00,000,000 | ---D | C] -- C:\Program Files\Serious Sam 2
[2008/10/02 04:43:03 | 00,000,000 | ---D | C] -- C:\Program Files\LittleWing Pinball
[2008/10/01 11:25:15 | 00,000,000 | ---D | C] -- C:\Program Files\Lighthouse Interactive
[2008/09/30 16:43:34 | 01,286,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4.dll
[2008/09/29 08:13:13 | 00,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2008/09/29 05:27:41 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2008/09/28 19:23:32 | 00,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\InstallShield Installation Information
[2008/09/28 19:19:58 | 00,000,000 | ---D | C] -- C:\Program Files\Unreal Tournament 3 Demo
[2008/09/28 19:17:54 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2008/09/28 19:17:54 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2008/09/28 19:17:54 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2008/09/28 19:17:53 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2008/09/28 19:17:53 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2008/09/28 19:17:53 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2008/09/28 19:17:52 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2008/09/28 19:17:52 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2008/09/28 19:17:52 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2008/09/28 19:17:52 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2008/09/28 19:17:51 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2008/09/28 19:17:51 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2008/09/28 19:17:51 | 00,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2008/09/28 19:17:51 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2008/09/28 19:17:50 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2008/09/28 19:17:50 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2008/09/28 19:17:50 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2008/09/28 19:17:49 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2008/09/28 19:17:33 | 00,000,000 | ---D | C] -- C:\Windows\System32\AGEIA
[2008/09/28 19:17:32 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2008/09/28 19:17:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/09/28 01:03:38 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2008/09/28 01:02:55 | 00,678,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll
[2008/09/27 01:59:20 | 00,000,000 | ---D | C] -- C:\Windows\System32\FlashAX2
[2008/09/25 01:24:16 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{3064846e-89e0-11dd-9af5-001aa0832335}.TMContainer00000000000000000002.regtrans-ms
[2008/09/25 01:24:16 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{3064846e-89e0-11dd-9af5-001aa0832335}.TMContainer00000000000000000001.regtrans-ms
[2008/09/25 01:24:16 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{3064846e-89e0-11dd-9af5-001aa0832335}.TM.blf
[2008/09/25 01:24:15 | 00,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2008/09/23 19:16:42 | 00,002,321 | ---- | C] () -- C:\Windows\vista32d.ini
[2008/09/23 19:11:22 | 00,000,189 | ---- | C] () -- C:\Windows\KPCMS.INI
[2008/09/23 19:11:19 | 00,196,608 | ---- | C] (Eastman Kodak Company) -- C:\Windows\kpcp32.dll
[2008/09/23 19:11:19 | 00,133,120 | ---- | C] (Eastman Kodak Company) -- C:\Windows\sprof32.dll
[2008/09/23 19:11:19 | 00,104,448 | ---- | C] (Aldus Corporation\0) -- C:\Windows\twain32.dll
[2008/09/23 19:11:19 | 00,064,769 | ---- | C] (Service & Quality Technology) -- C:\Windows\System32\drivers\Fusb100.sys
[2008/09/23 19:11:19 | 00,047,616 | R--- | C] () -- C:\Windows\ucmsp_32.dll
[2008/09/23 19:11:19 | 00,037,376 | ---- | C] (Eastman Kodak Company) -- C:\Windows\kpsys32.dll
[2008/09/23 19:11:19 | 00,017,376 | ---- | C] (PowerVision Technologies Inc.) -- C:\Windows\System32\pv8630.sys
[2008/09/23 19:11:19 | 00,006,932 | ---- | C] () -- C:\Windows\System32\glscan.sys
[2008/09/23 19:11:19 | 00,000,000 | ---D | C] -- C:\Windows\PHOTOCD
[2008/09/23 19:11:18 | 00,024,576 | ---- | C] () -- C:\Windows\System32\drivers\udnt.sys
[2008/09/23 19:11:18 | 00,000,000 | ---D | C] -- C:\Windows\TWAIN32
[2008/09/23 18:35:16 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2008/09/23 18:34:36 | 00,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\Downloaded Installations
[2008/09/23 18:18:39 | 00,262,144 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll
[2008/09/23 17:40:37 | 00,055,160 | ---- | C] () -- C:\Windows\System32\atiumdva.cap
[2008/09/19 15:08:14 | 00,000,000 | ---D | C] -- C:\Program Files\Rockstar Games
[2008/09/18 01:39:55 | 00,000,000 | --SD | C] -- C:\Users\Joey\Documents\My Data Sources
[2008/09/17 11:17:19 | 00,176,918 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/09/17 08:30:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2008/09/17 08:28:56 | 00,000,000 | ---D | C] -- C:\Program Files\Beach Head 2000
[2008/09/16 11:07:54 | 00,000,048 | ---- | C] () -- C:\Windows\Esv44JBS5X2.dll
[2008/09/16 11:07:54 | 00,000,004 | ---- | C] () -- C:\Windows\Esv44JBS5X.dll
[2008/09/16 11:00:27 | 00,000,000 | ---D | C] -- C:\Program Files\TryMedia
[2008/09/16 10:58:56 | 00,000,000 | ---D | C] -- C:\Program Files\DigitalFusion
[2008/09/16 10:05:37 | 00,486,171 | ---- | C] () -- C:\Windows\System32\autorun.inf
[2008/09/14 22:10:49 | 00,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2008/09/14 22:09:31 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2008/09/14 22:05:57 | 00,000,000 | ---D | C] -- C:\inetpub
[2008/09/14 10:10:35 | 00,032,768 | ---- | C] (Company) -- C:\Windows\Steam_Cracker.exe
[2008/09/14 09:31:31 | 00,000,000 | ---D | C] -- C:\Program Files\Valve
[2008/09/12 01:24:29 | 00,000,000 | ---D | C] -- C:\Windows\System32\FlashAX
[2008/09/12 01:24:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Microgaming
[2008/09/12 01:24:15 | 00,000,000 | ---D | C] -- C:\ProgramData\MGS
[2008/09/11 05:59:06 | 00,000,000 | ---D | C] -- C:\Program Files\TexasCalculatem
[2008/09/10 22:37:47 | 00,000,000 | ---D | C] -- C:\Users\Joey\Documents\MySpaceIM Pics
[2008/09/10 22:36:45 | 00,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\MySpace
[2008/09/10 22:36:42 | 00,000,000 | ---D | C] -- C:\Program Files\MySpace
[2008/09/09 18:55:09 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2008/09/09 18:55:09 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2008/09/09 18:54:22 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2008/09/09 18:54:18 | 00,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2008/09/09 18:54:18 | 00,565,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\emdmgmt.dll
[2008/09/09 18:54:18 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2008/09/09 18:54:18 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2008/09/09 18:54:18 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

========== Files - Modified Within 90 Days ==========

[2008/12/05 18:10:46 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Users\Joey\Desktop\OTViewIt.exe
[2008/12/05 18:06:33 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/12/05 18:06:33 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/12/05 17:17:00 | 00,000,252 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2008/12/05 17:05:43 | 00,005,200 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2008/12/05 17:05:43 | 00,005,200 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2008/12/05 10:35:19 | 00,002,082 | ---- | M] () -- C:\Users\Joey\Desktop\Star Wars Galaxies.lnk
[2008/12/05 10:09:35 | 00,000,018 | ---- | M] () -- C:\Windows\MSR.INI
[2008/12/05 10:07:23 | 00,751,146 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2008/12/05 10:07:23 | 00,636,754 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2008/12/05 10:07:23 | 00,117,882 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2008/12/05 07:40:48 | 00,001,757 | ---- | M] () -- C:\Users\Public\Desktop\StationLauncher.lnk
[2008/12/05 07:39:35 | 00,091,136 | ---- | M] () -- C:\Users\Joey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/05 06:48:05 | 00,000,040 | -HS- | M] () -- C:\Users\Joey\AppData\Roaming\AUWZ2JDKJ6L8MP3FDDKQB363K4
[2008/12/04 23:05:38 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2008/12/04 23:05:36 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2008/12/04 23:05:34 | 21,114,22464 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/04 20:50:44 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2008/12/04 20:50:39 | 03,510,213 | -H-- | M] () -- C:\Users\Joey\AppData\Local\IconCache.db
[2008/12/04 11:34:12 | 00,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002ev.exe
[2008/12/04 11:28:54 | 00,000,502 | ---- | M] () -- C:\Windows\win.ini
[2008/12/04 11:02:33 | 00,000,014 | ---- | M] () -- C:\Windows\popcinfo.dat
[2008/12/04 10:43:18 | 00,798,720 | ---- | M] () -- C:\Users\Joey\AppData\Roaming\Rsch.exe
[2008/12/04 00:17:54 | 00,075,859 | ---- | M] () -- C:\Windows\FontData.fdb
[2008/12/04 00:17:37 | 00,003,350 | ---- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/12/03 11:20:59 | 00,002,032 | ---- | M] () -- C:\Users\Joey\AppData\Local\d3d9caps.dat
[2008/12/03 11:18:59 | 01,731,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2008/12/03 01:35:15 | 00,108,144 | ---- | M] () -- C:\Users\Joey\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/12/03 01:33:46 | 00,269,218 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2008/12/03 00:43:27 | 00,000,668 | ---- | M] () -- C:\Windows\EntPack.ini
[2008/12/03 00:43:24 | 00,000,886 | ---- | M] () -- C:\Windows\EntPack.dat
[2008/12/02 19:24:58 | 00,002,291 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2008/11/28 01:06:59 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/11/28 01:06:59 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/11/24 11:34:21 | 00,000,172 | ---- | M] () -- C:\Users\Joey\AppData\Local\RAExpertHistory.xml
[2008/11/24 11:28:50 | 00,000,172 | ---- | M] () -- C:\Users\Joey\AppData\Local\rahistory.xml
[2008/11/20 20:57:58 | 00,194,117 | ---- | M] () -- C:\Windows\System32\setup.inx
[2008/11/19 12:30:06 | 00,000,800 | ---- | M] () -- C:\Users\Joey\Desktop\Absolute Poker.lnk
[2008/11/17 13:02:43 | 00,002,506 | ---- | M] () -- C:\Windows\temp.htm
[2008/11/16 16:24:02 | 00,129,985 | ---- | M] () -- C:\Users\Joey\Documents\iTunes Diagnostics.spx
[2008/11/16 16:24:02 | 00,002,320 | ---- | M] () -- C:\Users\Joey\Documents\iTunes Diagnostics.rtf
[2008/11/16 09:09:04 | 00,014,434 | ---- | M] () -- C:\Users\Joey\Documents\greenday.docx
[2008/11/15 20:00:07 | 00,010,048 | ---- | M] () -- C:\Windows\msvrc20.dll
[2008/11/14 17:23:40 | 00,026,690 | ---- | M] () -- C:\Users\Joey\Documents\morre than words.docx
[2008/11/14 10:01:25 | 00,000,973 | ---- | M] () -- C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ListProAlarms.lnk
[2008/11/13 13:21:47 | 00,000,863 | ---- | M] () -- C:\Users\Joey\Documents\Document.rtf
[2008/11/06 23:40:39 | 00,000,524 | ---- | M] () -- C:\Windows\System32\MediaTubeCodec_ver1.1595.0.exe
[2008/11/04 21:49:45 | 00,000,390 | ---- | M] () -- C:\Windows\wininit.ini
[2008/11/04 21:38:06 | 00,000,040 | ---- | M] () -- C:\Windows\mtwm2.ini
[2008/11/04 21:31:04 | 00,269,186 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20081104-213121.backup
[2008/11/03 16:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2008/10/26 14:21:28 | 00,018,364 | ---- | M] () -- C:\Users\Joey\Documents\Warrant.docx
[2008/10/26 10:18:57 | 00,000,039 | ---- | M] () -- C:\Windows\Irremote.ini
[2008/10/25 12:27:55 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2008/10/23 15:52:57 | 00,080,269 | ---- | M] () -- C:\Users\Joey\Documents\gigabyte 939 motherboard specs.docx
[2008/10/22 19:04:22 | 00,000,502 | ---- | M] () -- C:\Users\Joey\Documents\My Sharing Folders.lnk
[2008/10/21 19:57:30 | 00,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2008/10/20 21:25:17 | 01,645,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2008/10/16 18:04:35 | 00,000,090 | ---- | M] () -- C:\Windows\vmreg32.dll
[2008/10/16 14:08:00 | 00,162,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2008/10/16 13:56:04 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2008/10/16 13:13:38 | 01,809,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2008/10/16 13:12:19 | 00,561,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2008/10/16 13:09:43 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2008/10/16 13:09:43 | 00,043,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2008/10/16 13:08:57 | 00,034,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2008/10/16 12:56:28 | 01,524,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2008/10/16 12:55:59 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2008/10/15 20:47:33 | 00,466,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2008/10/12 20:51:45 | 10,491,482 | ---- | M] () -- C:\Users\Joey\Documents\9320.3031212.EN.exe
[2008/10/11 15:22:17 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2008/10/10 18:42:38 | 00,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2008/10/03 04:30:30 | 00,000,414 | ---- | M] () -- C:\Windows\System32\lame_acm.xml
[2008/10/01 19:49:19 | 01,166,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2008/10/01 19:49:19 | 00,827,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2008/10/01 19:49:16 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2008/10/01 19:49:15 | 03,578,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2008/10/01 19:49:14 | 06,068,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2008/10/01 19:49:14 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2008/10/01 19:49:14 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2008/10/01 17:32:38 | 01,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2008/09/30 16:43:34 | 01,286,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml4.dll
[2008/09/26 03:05:16 | 00,000,048 | ---- | M] () -- C:\Windows\Esv44JBS5X2.dll
[2008/09/25 01:24:16 | 00,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{3064846e-89e0-11dd-9af5-001aa0832335}.TMContainer00000000000000000002.regtrans-ms
[2008/09/25 01:24:16 | 00,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{3064846e-89e0-11dd-9af5-001aa0832335}.TMContainer00000000000000000001.regtrans-ms
[2008/09/25 01:24:16 | 00,262,144 | ---- | M] () -- C:\ProgramData\ntuser.dat
[2008/09/25 01:24:16 | 00,065,536 | -HS- | M] () -- C:\ProgramData\ntuser.dat{3064846e-89e0-11dd-9af5-001aa0832335}.TM.blf
[2008/09/24 10:41:12 | 00,839,680 | ---- | M] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2008/09/23 19:16:42 | 00,002,321 | ---- | M] () -- C:\Windows\vista32d.ini
[2008/09/23 19:11:22 | 00,000,189 | ---- | M] () -- C:\Windows\KPCMS.INI
[2008/09/23 18:19:03 | 00,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
[2008/09/23 18:18:50 | 00,327,680 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll
[2008/09/23 18:18:39 | 00,262,144 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll
[2008/09/23 18:18:25 | 00,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
[2008/09/23 17:40:37 | 00,055,160 | ---- | M] () -- C:\Windows\System32\atiumdva.cap
[2008/09/17 21:09:10 | 03,601,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2008/09/17 21:09:09 | 03,549,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2008/09/17 20:56:07 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wersvc.dll
[2008/09/17 20:56:02 | 00,147,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2008/09/17 18:16:28 | 02,032,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2008/09/17 11:17:19 | 00,176,918 | ---- | M] () -- C:\Windows\System32\atiicdxx.dat
[2008/09/16 11:07:54 | 00,000,004 | ---- | M] () -- C:\Windows\Esv44JBS5X.dll
[2008/09/15 16:14:24 | 03,596,288 | ---- | M] () -- C:\Windows\System32\qt-dx331.dll
[2008/09/15 16:12:02 | 00,081,920 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll
[2008/09/15 16:11:56 | 00,683,520 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\divx.dll
[2008/09/09 19:40:14 | 01,334,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2008/09/08 11:05:21 | 00,032,768 | ---- | M] (Company) -- C:\Windows\Steam_Cracker.exe
< End of report >

Attached Files



#4 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:02:30 PM

Posted 07 December 2008 - 04:19 PM

hi there. we do need that second log. so lets do it different then.
  • Please double-click on "OTViewIt.exe"
  • Navigate to the following icon and click it: Posted Image
  • OTViewIt might ask you to reboot. If it does so, please let it do so.
Note: after reboot, OTViewIt and your other helper tools downloaded while cleaning your Pc, will be removed. So its ok if it is not there anymore ;) .

Then do this:
  • Please download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Remember that you will need to do a right-click "run as administrator" in Vista.

Thanks.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#5 nellsbells314

nellsbells314
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 11 December 2008 - 12:02 PM

Logfile of random's system information tool 1.04 (written by random/random)
Run by Joey at 2008-12-11 09:00:15
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 9 GB (6%) free of 153 GB
Total RAM: 2013 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:48 AM, on 12/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Joey\Desktop\RSIT.exe
C:\Program Files\trend micro\Joey.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download with Rapget - C:\Users\Joey\Downloads\rapget.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Cool Hand Poker - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\coolhandMPP\MPPoker.exe (file missing) (HKCU)
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/ru...eb-20070115.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab
O16 - DPF: {3DA2AAF4-4289-4D6E-B9C0-D8360229607B} (IPAQSelfHelp Class) - https://h50203.www5.hp.com/HPISWeb/Customer...SPEIPAQTool.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/...NPUplden-us.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...018/flashax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 8995 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Check Updates for Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"OneCareUI"=C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe [2008-11-05 64880]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-17 13580832]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-17 92704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-11-17 342336]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2008-07-17 233888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\Windows\system32\qomjHbyV

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\OneCareMP]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\FarCryAutoCD.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1167b7c3-c29b-11dd-afb2-001aa0832335}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e8aff25-82cf-11dd-99dd-001aa0832335}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c2e2e69-bc6d-11dd-b62a-001aa0832335}]
shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f78169c2-7043-11dd-8b6a-001aa0832335}]
shell\AutoRun\command - G:\LaunchU3.exe


======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2008-12-11 08:59:34 ----D---- C:\rsit
2008-12-11 00:07:45 ----D---- C:\Program Files\iNeeda Password & Tracker
2008-12-11 00:07:35 ----A---- C:\psapi.dll
2008-12-10 23:39:34 ----D---- C:\Program Files\Ashkon Technology
2008-12-10 18:09:33 ----A---- C:\Windows\system32\tzres.dll
2008-12-10 17:04:39 ----A---- C:\Windows\system32\gdi32.dll
2008-12-10 17:04:36 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-10 17:04:36 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-10 17:03:58 ----A---- C:\Windows\system32\shell32.dll
2008-12-10 17:03:47 ----A---- C:\Windows\explorer.exe
2008-12-10 17:03:42 ----A---- C:\Windows\system32\urlmon.dll
2008-12-10 17:03:42 ----A---- C:\Windows\system32\mshtml.dll
2008-12-10 17:03:41 ----A---- C:\Windows\system32\wininet.dll
2008-12-10 17:03:41 ----A---- C:\Windows\system32\mstime.dll
2008-12-10 17:03:41 ----A---- C:\Windows\system32\ieframe.dll
2008-12-10 17:03:40 ----A---- C:\Windows\system32\iertutil.dll
2008-12-10 17:03:39 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-10 17:03:26 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-10 17:03:26 ----A---- C:\Windows\system32\mf.dll
2008-12-10 17:03:25 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-10 17:03:25 ----A---- C:\Windows\system32\logagent.exe
2008-12-09 04:02:28 ----A---- C:\log_send.txt
2008-12-08 17:46:37 ----D---- C:\Casino
2008-12-08 16:52:45 ----D---- C:\ProgramData\Microgaming
2008-12-08 16:52:33 ----D---- C:\MicroGaming
2008-12-08 06:48:46 ----D---- C:\Program Files\Cool Cat Casino
2008-12-08 03:14:57 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-12-08 03:14:10 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2008-12-08 03:05:43 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-12-08 03:05:22 ----D---- C:\Program Files\Windows Live
2008-12-08 03:04:39 ----D---- C:\ProgramData\WLInstaller
2008-12-06 13:52:26 ----D---- C:\Program Files\AppsPro
2008-12-06 13:50:56 ----D---- C:\Program Files\ORKTOOLS
2008-12-05 07:41:35 ----D---- C:\Program Files\StarWarsGalaxies
2008-12-05 04:53:43 ----D---- C:\Users\Joey\AppData\Roaming\Eyeblaster
2008-12-04 19:53:42 ----A---- C:\Windows\MSR.INI
2008-12-04 11:34:28 ----A---- C:\Windows\iun6002ev.exe
2008-12-04 11:34:16 ----D---- C:\Program Files\Bejeweled 2 Deluxe
2008-12-04 11:04:55 ----D---- C:\ProgramData\GameHouse
2008-12-04 10:52:11 ----D---- C:\ProgramData\n7-89-o9-3r-4t-r9
2008-12-04 10:52:01 ----D---- C:\Users\Joey\AppData\Roaming\GameHouse
2008-12-04 10:46:53 ----D---- C:\Program Files\GameHouse
2008-12-04 07:38:49 ----A---- C:\Users\Joey\AppData\Roaming\Rsch.exe
2008-12-03 22:17:10 ----D---- C:\Program Files\Windows Live Favorites
2008-12-03 22:16:31 ----D---- C:\Program Files\Windows Live Toolbar
2008-12-03 11:30:59 ----D---- C:\ProgramData\NVIDIA
2008-12-03 11:27:56 ----A---- C:\Windows\system32\nvexpbar.dll
2008-12-03 11:27:56 ----A---- C:\Windows\system32\nvcpluir.dll
2008-12-03 11:27:56 ----A---- C:\Windows\system32\nvcplui.exe
2008-12-03 11:25:17 ----A---- C:\Windows\system32\NVUNINST.EXE
2008-12-02 19:29:21 ----D---- C:\Users\Joey\AppData\Roaming\Intuit
2008-12-02 19:25:05 ----A---- C:\Windows\system32\cdintf251.dll
2008-12-02 19:19:53 ----D---- C:\Program Files\Common Files\AnswerWorks 4.0
2008-12-02 19:19:30 ----D---- C:\ProgramData\Intuit
2008-12-02 19:19:30 ----D---- C:\Program Files\Intuit
2008-12-02 19:19:30 ----D---- C:\Program Files\Common Files\Intuit
2008-12-02 19:17:00 ----A---- C:\log_recv.txt
2008-12-02 19:09:12 ----D---- C:\temp
2008-12-02 19:06:58 ----A---- C:\Windows\system32\javaws.exe
2008-12-02 19:06:58 ----A---- C:\Windows\system32\javaw.exe
2008-12-02 19:06:58 ----A---- C:\Windows\system32\java.exe
2008-12-02 18:43:39 ----D---- C:\ProgramData\COMMON FILES
2008-11-28 13:30:06 ----A---- C:\Windows\system32\wups2.dll
2008-11-28 13:30:06 ----A---- C:\Windows\system32\wucltux.dll
2008-11-28 13:30:06 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-28 13:30:06 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-28 13:29:49 ----A---- C:\Windows\system32\wups.dll
2008-11-28 13:29:49 ----A---- C:\Windows\system32\wudriver.dll
2008-11-28 13:29:49 ----A---- C:\Windows\system32\wuapi.dll
2008-11-28 13:29:38 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-28 13:29:38 ----A---- C:\Windows\system32\wuapp.exe
2008-11-28 10:41:06 ----D---- C:\Program Files\Hotspots
2008-11-28 03:27:49 ----A---- C:\vraylog.txt
2008-11-27 06:11:12 ----D---- C:\Users\Joey\AppData\Roaming\Agilix
2008-11-27 02:17:02 ----D---- C:\Program Files\Microsoft Windows OneCare Live
2008-11-26 12:26:43 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-11-26 04:07:32 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 04:07:24 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 04:07:24 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 04:07:24 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 04:07:10 ----A---- C:\Windows\system32\connect.dll
2008-11-25 11:47:23 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-25 11:47:23 ----D---- C:\Program Files\iTunes
2008-11-25 11:46:29 ----D---- C:\Program Files\QuickTime
2008-11-23 21:49:41 ----D---- C:\Program Files\WebIS
2008-11-23 21:47:41 ----D---- C:\Program Files\FranklinCovey
2008-11-23 21:33:36 ----A---- C:\Windows\system32\infocardapi.dll
2008-11-23 21:33:35 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2008-11-23 21:33:34 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2008-11-23 21:33:34 ----A---- C:\Windows\system32\icardres.dll
2008-11-23 21:33:34 ----A---- C:\Windows\system32\icardagt.exe
2008-11-23 21:33:31 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2008-11-23 21:33:28 ----A---- C:\Windows\system32\PresentationHost.exe
2008-11-23 21:28:22 ----A---- C:\Windows\system32\dfshim.dll
2008-11-23 21:28:18 ----A---- C:\Windows\system32\mscoree.dll
2008-11-23 21:28:17 ----A---- C:\Windows\system32\netfxperf.dll
2008-11-23 21:28:02 ----A---- C:\Windows\system32\mscorier.dll
2008-11-23 21:27:55 ----A---- C:\Windows\system32\mscories.dll
2008-11-23 21:23:33 ----RHD---- C:\AHCache
2008-11-21 09:47:41 ----D---- C:\Program Files\Arvale
2008-11-19 12:29:42 ----D---- C:\Poker Application
2008-11-17 13:18:30 ----D---- C:\Users\Joey\AppData\Roaming\SOTI
2008-11-17 13:15:27 ----D---- C:\Program Files\SOTI
2008-11-17 13:09:28 ----A---- C:\Windows\cabinst.exe
2008-11-16 11:42:53 ----N---- C:\Windows\system32\camiodll.dll
2008-11-16 11:42:53 ----A---- C:\Windows\system32\ucdintf.dll
2008-11-16 11:42:53 ----A---- C:\Windows\system32\PicEng.dll
2008-11-16 11:42:53 ----A---- C:\Windows\system32\camfc.dll
2008-11-16 11:42:52 ----N---- C:\Windows\system32\xl_yv12.dll
2008-11-16 11:42:52 ----N---- C:\Windows\system32\xl_yuy2.dll
2008-11-16 11:42:52 ----N---- C:\Windows\system32\xl_x263dec.dll
2008-11-16 11:42:52 ----N---- C:\Windows\system32\xl_uyvy.dll
2008-11-16 11:42:52 ----N---- C:\Windows\system32\Xl_I420.dll
2008-11-16 11:42:52 ----N---- C:\Windows\system32\x263.dll
2008-11-16 11:42:52 ----D---- C:\Program Files\Veo Stingray
2008-11-16 11:42:52 ----A---- C:\Windows\bundle.ini
2008-11-16 11:41:41 ----D---- C:\SETUP
2008-11-16 02:20:00 ----HD---- C:\BJPrinter
2008-11-14 16:32:12 ----D---- C:\Program Files\Power Tab Software
2008-11-14 09:32:12 ----D---- C:\Program Files\SoftMaker
2008-11-14 09:26:01 ----D---- C:\Program Files\Common Files\Mobipocket Shared
2008-11-14 09:24:55 ----D---- C:\Program Files\Ilium Software
2008-11-14 09:19:37 ----D---- C:\Program Files\Map Calibrator
2008-11-14 09:18:58 ----D---- C:\Program Files\GPS Tuner
2008-11-14 09:15:10 ----D---- C:\Program Files\Handmark
2008-11-13 16:17:07 ----D---- C:\Program Files\ConTEXT

======List of files/folders modified in the last 1 months======

2008-12-11 09:00:48 ----D---- C:\Program Files\Trend Micro
2008-12-11 09:00:30 ----D---- C:\Windows\Prefetch
2008-12-11 08:54:13 ----D---- C:\Users\Joey\AppData\Roaming\DNA
2008-12-11 08:40:03 ----D---- C:\Windows\System32
2008-12-11 08:40:03 ----D---- C:\Windows\inf
2008-12-11 08:40:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-11 08:37:48 ----D---- C:\Windows\Temp
2008-12-11 08:33:49 ----D---- C:\Program Files\DNA
2008-12-11 08:33:43 ----D---- C:\Windows
2008-12-11 08:33:41 ----A---- C:\Windows\system32\log.txt
2008-12-11 00:07:45 ----RD---- C:\Program Files
2008-12-10 23:26:43 ----SHD---- C:\System Volume Information
2008-12-10 18:35:40 ----D---- C:\Windows\rescache
2008-12-10 18:30:00 ----D---- C:\Windows\winsxs
2008-12-10 18:19:54 ----D---- C:\Windows\system32\catroot
2008-12-10 18:16:47 ----D---- C:\Windows\system32\en-US
2008-12-10 18:16:47 ----D---- C:\Windows\AppPatch
2008-12-10 18:16:47 ----D---- C:\Program Files\Windows Mail
2008-12-10 18:12:46 ----SHD---- C:\Windows\Installer
2008-12-10 18:12:45 ----HD---- C:\Config.Msi
2008-12-10 18:12:44 ----D---- C:\ProgramData\Microsoft Help
2008-12-10 18:10:02 ----D---- C:\Windows\system32\catroot2
2008-12-09 15:24:37 ----A---- C:\Windows\system32\mrt.exe
2008-12-08 23:57:57 ----D---- C:\Program Files\AskTBar
2008-12-08 23:52:01 ----D---- C:\Windows\system32\drivers
2008-12-08 21:51:52 ----D---- C:\Windows\system32\Tasks
2008-12-08 16:52:45 ----HD---- C:\ProgramData
2008-12-08 09:49:07 ----RSD---- C:\Windows\assembly
2008-12-08 03:33:09 ----D---- C:\Windows\Microsoft.NET
2008-12-08 03:07:13 ----D---- C:\Program Files\Common Files\microsoft shared
2008-12-08 03:05:43 ----D---- C:\Program Files\Common Files
2008-12-08 00:19:51 ----D---- C:\Program Files\Binaryfish
2008-12-07 11:41:08 ----A---- C:\Windows\EntPack.ini
2008-12-07 11:18:47 ----SD---- C:\Windows\Downloaded Program Files
2008-12-06 20:15:18 ----D---- C:\Program Files\TexasCalculatem
2008-12-06 13:54:03 ----RSD---- C:\Windows\Media
2008-12-05 19:03:49 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-05 18:55:02 ----D---- C:\Program Files\Yahoo!
2008-12-05 18:54:07 ----D---- C:\Windows\WindowsMobile
2008-12-05 18:51:38 ----D---- C:\Program Files\HP
2008-12-05 08:03:28 ----D---- C:\Program Files\Sony
2008-12-05 06:13:15 ----D---- C:\Windows\Registration
2008-12-04 11:28:54 ----A---- C:\Windows\win.ini
2008-12-04 07:43:36 ----D---- C:\Users\Joey\AppData\Roaming\MiniLyrics
2008-12-03 23:48:16 ----D---- C:\Users\Joey\AppData\Roaming\LimeWire
2008-12-03 22:17:18 ----SD---- C:\Users\Joey\AppData\Roaming\Microsoft
2008-12-03 22:16:34 ----D---- C:\Windows\Tasks
2008-12-03 11:27:38 ----D---- C:\Windows\Help
2008-12-03 01:39:46 ----D---- C:\Users\Joey\AppData\Roaming\Adobe
2008-12-03 01:30:12 ----D---- C:\Program Files\Adobe
2008-12-03 01:28:50 ----D---- C:\Program Files\Common Files\Adobe
2008-12-02 19:21:36 ----RSD---- C:\Windows\Fonts
2008-12-02 19:06:57 ----D---- C:\Program Files\Java
2008-11-29 02:11:52 ----D---- C:\Windows\system32\Macromed
2008-11-28 23:22:38 ----SD---- C:\ProgramData\Microsoft
2008-11-28 23:17:07 ----DC---- C:\Windows\system32\DRVSTORE
2008-11-28 23:16:18 ----D---- C:\Program Files\Common Files\PX Storage Engine
2008-11-28 09:12:55 ----D---- C:\Users\Joey\AppData\Roaming\BitTorrent
2008-11-26 00:25:23 ----D---- C:\ProgramData\Yahoo!
2008-11-25 11:47:24 ----D---- C:\Program Files\iPod
2008-11-25 11:47:24 ----D---- C:\Program Files\Common Files\Apple
2008-11-25 11:46:52 ----D---- C:\Program Files\Bonjour
2008-11-23 21:38:26 ----D---- C:\Windows\system32\XPSViewer
2008-11-23 21:38:26 ----D---- C:\Windows\system32\wbem
2008-11-20 21:08:09 ----D---- C:\Windows\Downloaded Installations
2008-11-18 14:14:56 ----D---- C:\Program Files\reconserver
2008-11-16 16:43:27 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-11-16 16:43:27 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-16 16:40:02 ----D---- C:\Program Files\Rockstar Games
2008-11-16 16:37:43 ----D---- C:\Program Files\Google
2008-11-16 16:36:33 ----D---- C:\Windows\twain_32
2008-11-16 16:33:39 ----D---- C:\Program Files\Driver Magician
2008-11-15 20:00:07 ----A---- C:\Windows\msvrc20.dll
2008-11-15 18:03:02 ----D---- C:\Lyrics
2008-11-13 16:06:11 ----D---- C:\Program Files\RAR Password Cracker
2008-11-12 19:30:49 ----D---- C:\Users\Joey\AppData\Roaming\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-18 350720]
R1 exfatt;exfatt; C:\Windows\System32\drivers\exfatt.sys [2008-07-30 86144]
R1 MSFWHLPR;MSFWHLPR; C:\Windows\system32\DRIVERS\msfwhlpr.sys [2007-11-27 37440]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-03-13 46652]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 MSFWDrv;MSFWDrv; C:\Windows\system32\DRIVERS\msfwdrv.sys [2007-11-27 91200]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2007-08-03 347648]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-02-06 218752]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HECI;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2007-06-12 45056]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
R3 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2008-05-15 53168]
R3 NCHSSVAD;SoundTap Recorder; C:\Windows\system32\drivers\nchssvad.sys [2008-08-22 27136]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-17 7379872]
S2 Machnm32;Machnm32 Driver; \??\C:\Windows\system32\Machnm32.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-09-23 3976192]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 FINEPIX_PCC;FinePix Digital Camera 030617; C:\Windows\System32\Drivers\V4CB0131.SYS [2002-05-07 81700]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\Windows\system32\DRIVERS\mxopswd.sys [2005-04-06 15360]
S3 NPF;WinPcap Packet Driver (NPF); C:\Windows\system32\drivers\NPF.sys []
S3 SaiH0109;SaiH0109; C:\Windows\system32\DRIVERS\SaiH0109.sys [2007-05-01 132232]
S3 SaiU0109;SaiU0109; C:\Windows\system32\DRIVERS\SaiU0109.sys [2007-05-01 28416]
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM); C:\Windows\system32\drivers\srs_sscfilter_i386.sys [2007-07-26 39808]
S3 Sunplus;GSmart Mini 3 Still Image Capture; C:\Windows\System32\Drivers\Bulk504.sys [2002-07-11 10988]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-18 73088]
S3 USBPNPA;USB PnP Sound Device Interface; C:\Windows\system32\drivers\CM108.sys [2007-06-28 1310720]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 winusb;WinUsb Driver; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-18 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 XIRLINK;Veo PC Camera; C:\Windows\system32\DRIVERS\ucdnt.sys [2002-04-08 899700]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 atchksrv;Intel® Active Management Technology System Status Service; C:\Program Files\Intel\AMT\atchksrv.exe [2007-05-23 176128]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-09-23 704512]
R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-07-24 72704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 DCPFLICS;DCPFLICS; C:\Program Files\DCPFLICS\DCPFLICS.exe [2006-12-01 139268]
R2 LMS;Intel® Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2007-05-23 102400]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 mi-raysat_3dsmax9_32;mental ray 3.5 Satellite (32-bit); C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [2006-09-29 65536]
R2 msfwsvc;@C:\Program Files\Microsoft Windows OneCare Live\Firewall\\MSFWSVCResource.dll,-10000; C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe [2007-11-27 869952]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-17 196608]
R2 OcHealthMon;Windows Live OneCare Health Monitor; C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-11-05 25968]
R2 OneCareMP;OneCare AntiSpyware and AntiVirus; C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe [2008-07-09 18704]
R2 QBCFMonitorService;QuickBooks Database Manager Service; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2006-11-28 20480]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 UNS;Intel® Active Management Technology User Notification Service; C:\Program Files\Intel\AMT\UNS.exe [2007-05-23 2514944]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 winss;Windows Live OneCare; C:\Program Files\Microsoft Windows OneCare Live\winss.exe [2008-11-05 1132912]
S1 InCDRec;Nero UDF File System Recognizer Driver; C:\Windows\system32\DRIVERS\InCDRec.sys [2008-09-19 19352]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-18 523776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-03 655624]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2006-11-09 65536]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-10-11 87288]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-18 917504]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

#6 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:02:30 PM

Posted 13 December 2008 - 03:00 PM

hi,

this is again missing the second file. I need you to post everything I ask you for, otherwise it will be hard to help you.

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Bitorent DNA). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

Step #1

Do the following please:

Go to Start > run > type: "%userprofile%\desktop\rsit.exe" /info
Hit "Enter".
You should now see the info.txt. Post its contents in your next reply please.

Step #2

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#7 nellsbells314

nellsbells314
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 15 December 2008 - 05:04 AM

info.txt logfile of random's system information tool 1.04 2008-12-15 01:57:47

======Uninstall list======

-->"C:\Windows\WindowsMobile\Freecell for Pocket PC\uninstall.exe"
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Windows\IsUninst.exe -f"C:\Program Files\Veo Stingray\Uninst.isu"
-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
-->MsiExec.exe /I{71EEA108-09C9-4D81-8FA2-D48C70681242}
-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
010 Editor 3.0-->"C:\Program Files\010 Editor v3\unins000.exe"
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
3dsmax ancillary install-->MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Across Lite Mobile 1.0.3-->C:\Program Files\Binaryfish\Across Lite Mobile\uninst.exe
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe CS4 American English Speech Analysis Models-->MsiExec.exe /I{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS3-->C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3-->MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS3-->MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash CS3 Professional-->C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash CS4 Extension - Flash Lite STI en-->MsiExec.exe /I{793D1D88-6141-43DE-BE58-59BCE31B4090}
Adobe Flash CS4 Professional-->C:\Program Files\Common Files\Adobe\Installers\a68eec966ce913ddaa63251dc82ed31\Setup.exe --uninstall=1
Adobe Flash CS4 STI-en-->MsiExec.exe /I{2168245A-B5AD-40D8-A641-48E3E070B5B6}
Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{3A6829EF-0791-4FDD-9382-C690DD0821B9}
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe Media Player-->msiexec /qb /x {5C74694C-A687-E3EB-FF18-B018D4A76ECD}
Adobe Media Player-->MsiExec.exe /I{5C74694C-A687-E3EB-FF18-B018D4A76ECD}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Premiere Pro CS3-->C:\Program Files\Common Files\Adobe\Installers\32fdd767b4383606e8168e834af5d90\Setup.exe
Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{02383859-C71C-4AE0-80C9-12552ADA6B1E}
Adobe Setup-->MsiExec.exe /I{083E277B-7976-4C5A-894E-C84A0966F14A}
Adobe Setup-->MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Setup-->MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{84D58782-A2F0-47D4-A557-3041363893CF}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{BB81360F-041C-4CF7-B15E-71380D154244}
Adobe Setup-->MsiExec.exe /I{EED50C97-C79E-4149-BD82-7C5A22437708}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Setup-->MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe Soundbooth CS3 Codecs-->MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Soundbooth CS3-->C:\Program Files\Common Files\Adobe\Installers\a2d19e6e015da53f697cb97ae89ca85\Setup.exe
Adobe Soundbooth CS3-->MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Soundbooth CS4 Codecs-->C:\Program Files\Common Files\Adobe\Installers\9f42804f89f9a287eff5269cd426478\Setup.exe --uninstall=1
Adobe Soundbooth CS4 Codecs-->MsiExec.exe /I{52232EF4-CC12-4C21-ABCF-ADB79618302D}
Adobe Soundbooth CS4-->C:\Program Files\Common Files\Adobe\Installers\5a2cf0498f0f8a9d712b9c8926ae172\Setup.exe --uninstall=1
Adobe Soundbooth CS4-->MsiExec.exe /I{14F70205-1940-4000-88C7-BE799A6B2CAD}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Advanced ZIP Password Recovery-->C:\PROGRA~1\AZPR\UNWISE.EXE C:\PROGRA~1\AZPR\INSTALL.LOG
AfterBurn 3.2a for 3ds Max R9 (32 bit)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C932270-F7AD-4B1C-B3C7-EA5204479B7F}\setup.exe"
Age of Empires III-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Alien Shooter-->C:\Program Files\Alawar\AlienShooter\Uninstall.exe
All Mobile Casino 3 - VGA/QVGA Edition 3.0.2-->C:\Program Files\Binaryfish\All Mobile Casino 3 - VGAQVGA Edition\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Autodesk 3ds Max 9 32-bit-->MsiExec.exe /I{E96D4088-AAC5-437F-9E39-EC0E387897B4}
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
Backburner-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
Beach Head - Desert War-->C:\PROGRA~1\DIGITA~1\BEACHH~1\UNWISE.EXE C:\PROGRA~1\DIGITA~1\BEACHH~1\INSTALL.LOG
Beach Head 2000 (remove only)-->"C:\Program Files\Beach Head 2000\Uninstall.exe"
Bejeweled 2 Deluxe-->C:\Windows\iun6002ev.exe "C:\Program Files\Bejeweled 2 Deluxe\irunin.ini"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Bookworm Adventures Deluxe-->C:\PROGRA~1\GAMEHO~1\BOOKWO~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\BOOKWO~1\INSTALL.LOG
Bookworm Deluxe-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Codec Pack - All In 1 6.0.3.0-->C:\Windows\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
CorelDRAW Graphics Suite X3-->MsiExec.exe /I{63218538-4A69-497F-8455-904261B0E9E4}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DreamScape 2.5c for 3ds Max R9 (32 bit)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F103D27-8E21-436F-A701-F247724B0DF7}\setup.exe"
Drug Lord 2-->C:\Program Files\Drug Lord 2\Drug_Lord_2_(like_Dope_Wars).exe remove
Easy Credit Card Checker 1.2-->"C:\Program Files\Ashkon Technology\Credit Card Checker\unins000.exe"
EN-->MsiExec.exe /I{32A72502-BC2C-4C39-ACEA-BC3D463F0697}
Excel Utilities 1.5-->C:\PROGRA~1\AppsPro\EXCELU~1\UNWISE.EXE C:\PROGRA~1\AppsPro\EXCELU~1\INSTALL.LOG
Far Cry-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC} /l2057
FBX Plugin 2006.08 for Max 9.0-->C:\Program Files\Autodesk\FBX\FbxPlugins\2006.08\Max90\Uninstall.exe
FL Studio 5-->C:\Program Files\Image-Line\FLStudio5\uninstall.exe
Flip Words-->C:\PROGRA~1\GAMEHO~1\FLIPWO~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\FLIPWO~1\INSTALL.LOG
FLV Player 2.0, build 24-->C:\Program Files\FLV Player\uninst.exe
FontNav-->MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
Form Fill (Windows Live Toolbar)-->MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}
FranklinCovey PlanPlus for Microsoft Outlook-->MsiExec.exe /I{7E11478B-E195-4738-9CB6-5452BE94FE30}
GTOneCare-->MsiExec.exe /X{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}
HairFX Version 1.60.66-->"C:\Program Files\Autodesk\3ds Max 9\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotspots 1.5.3-->"C:\Program Files\Hotspots\unins000.exe"
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
Intel® Network Connections 13.2.8.0-->MsiExec.exe /i{AAA4850F-7E20-40D7-A4C3-3697E7FA4A54} ARPREMOVE=1
Intel® Network Connections 13.2.8.0-->MsiExec.exe /i{AAA4850F-7E20-40D7-A4C3-3697E7FA4A54} ARPREMOVE=1
Intel® Active Management Technology-->C:\Windows\system32\mesoludlg.exe -uninstall
Intel® Management Engine Interface-->C:\Windows\system32\heciudlg.exe -uninstall
iPod for Windows 2006-06-28-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iPod Software 1.3 Updater-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3B04A1DD-EEE4-46B1-88C0-E8024C47DA24} /l1033
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
K-Lite Mega Codec Pack 4.2.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LimeWire 4.18.3-->"C:\Program Files\LimeWire\uninstall.exe"
ListPro-->C:\PROGRA~1\ILIUMS~1\ListPro\UNWISE.EXE C:\PROGRA~1\ILIUMS~1\ListPro\INSTALL.LOG
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Lume Tools Collection Demo-->C:\Users\Joey\DOCUME~1\DOWNLO~1\3DS_MA~1\LUMETO~1\\plugins\DIGIMA~1\LUMETO~1\UNWISE.EXE C:\Users\Joey\DOCUME~1\DOWNLO~1\3DS_MA~1\LUMETO~1\\plugins\DIGIMA~1\LUMETO~1\LumeTools Demo.LOG
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2003 Resource Kit-->MsiExec.exe /I{90240409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Sounds-->MsiExec.exe /I{10CE1EA2-12E9-11D3-825E-00C04F6843FE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Protection Service-->MsiExec.exe /I{F3B58D4E-7324-44E4-A6B3-65D2DB8D1FE9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Live OneCare Resources v2.5.2900.20-->MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus-->MsiExec.exe /I{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}
Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install-->MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Microsoft Windows OneCare Live v2.5.2900.20-->MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Minilyrics(remove only)-->"C:\Program Files\Minilyrics\uninst-ml.exe"
MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Need for Speed™ Most Wanted-->C:\Program Files\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
NVIDIA PhysX Unreal Tournament 3 Mods-->MsiExec.exe /X{D60924D0-86C6-441B-BD39-BA3037508976}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}
Pocket Controller-Professional-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC9EA2BC-BCFA-4DEA-8F5F-1E1032567673}\Setup.exe" -l0x9 UNINSTALL
Pocket Informant with PlanPlus for Outlook 5 Sync 8.02-->C:\Program Files\WebIS\PPO 5 ActiveSync\uninst.exe
Postal 2 Share The Pain-->C:\Windows\unvise32.exe C:\Program Files\Postal2STP\uninstal.log
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
PX Engine-->MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
QuickBooks Premier Edition 2007-->msiexec.exe /I {71EEA108-09C9-4D81-8FA2-D48C70681242} UNIQUE_NAME="superpro" QBFULLNAME="QuickBooks Premier Edition 2007" ADDREMOVE=1
QuickBooks Product Listing Service-->MsiExec.exe /I{91208A47-5D08-4C79-986F-1931940F51BB}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Requiem-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F9831B39-277F-4F53-BFB0-12DC90C4CB40}\setup.exe" -l0x9 -removeonly
Ricochet Infinity-->"C:\Program Files\Ricochet Infinity\ReflexiveArcade\unins000.exe"
Risk-->C:\PROGRA~1\GAMEHO~1\Risk\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\Risk\INSTALL.LOG
SCRABBLE Deluxe-->C:\PROGRA~1\ZONE~1.COM\SCRABB~1\UNWISE.EXE C:\PROGRA~1\ZONE~1.COM\SCRABB~1\INSTALL.LOG
SCRABBLE-->C:\PROGRA~1\GAMEHO~1\SCRABB~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\SCRABB~1\INSTALL.LOG
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Serious Sam 2-->C:\Program Files\Serious Sam 2\Bin\Uninstall.exe
Serious Sam: The First Encounter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{815050E5-F545-11D4-9569-004095812ACC}\Setup.exe"
shaderFX 1.2-->"C:\Program Files\Autodesk\3ds Max 9\unins001.exe"
SimbiontMAX 2.57 (R9)-->C:\PROGRA~1\DarkSim\SIMBIO~1\Plugin\UNWISE.EXE C:\PROGRA~1\DarkSim\SIMBIO~1\Plugin\INSTALL.LOG
Slingo Deluxe-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SoundMAX-->C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0009 -removeonly
Star Defender 4-->"C:\Program Files\Star Defender 4\ReflexiveArcade\unins000.exe"
Star Wars Galaxies-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88038160-9BCB-47BE-A5C3-5CE2DC115509}\setup.exe" -l0x9
Station Launcher-->"C:\Program Files\InstallShield Installation Information\{958AF490-810C-4D3E-AA82-EBA2CE41DA20}\setup.exe" -runfromtemp -l0x0009 -removeonly
Steam™-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Super TextTwist-->C:\PROGRA~1\GAMEHO~1\TEXTTW~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\TEXTTW~1\INSTALL.LOG
Super WHATword?-->C:\PROGRA~1\GAMEHO~1\WHATword\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\WHATword\INSTALL.LOG
Ten Pin Championship Bowling Pro-->C:\PROGRA~1\GAMEHO~1\TENPIN~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\TENPIN~1\INSTALL.LOG
Texas Calculatem 4 with "AutoRead"-->"C:\Program Files\TexasCalculatem\unins000.exe"
TotalMovieConverter-->"C:\Program Files\TotalMovieConverter\unins000.exe"
Ultimate Extras sounds from Microsoft® Tinker™-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound2.inf,Uninstall
Unreal Tournament 3 Demo-->MsiExec.exe /X{3266FEA9-98E9-448B-B235-DAC63D4CE781}
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Access 2007 Help (KB957241)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {D670F9B9-3E84-47B5-8A4A-618B65DB1593}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office InfoPath 2007 Help (KB957243)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {766DF26B-5F03-48ED-9307-5326F2790ED0}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
Update Manager-->MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
VBA-->MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
V-Ray for 3dsmax R9 for x86-->"C:\Program Files\Chaos Group\V-Ray\3dsmax R9 for x86\uninstall\wininstaller.exe"-uninstall="C:\Program Files\Chaos Group\V-Ray\3dsmax R9 for x86\uninstall\install.log" -uninstallApp="V-Ray for 3dsmax R9 for x86"
VRayMtl Converter v2.0-->C:\Program Files\Autodesk\vmc_uninst.exe
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare-->"C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Mobile Device Center Driver Update-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Windows Mobile Device Center-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Windows Sound Schemes-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip Self-Extractor-->"C:\Program Files\WinZip Self-Extractor\wzipse32.exe" -uninstall
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Word Slinger-->C:\PROGRA~1\GAMEHO~1\WORDSL~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\WORDSL~1\INSTALL.LOG
Xeno Assault-->c:\Program Files\Alawar\Xeno Assault\uninstal.exe
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Windows Live OneCare
FW: Windows Live OneCare Firewall
AS: Windows Defender
AS: Windows Live OneCare

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Autodesk\Backburner\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\010 Editor v3;C:\Program Files\Intel\DMIX;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#8 nellsbells314

nellsbells314
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 15 December 2008 - 07:24 AM

I followed your steps and i posted everything it gave back to me. I read your instructions and installed combo fix. When i ran combo fix, it proceeded to start erasing system32 files and ultimately crashed my computer and wouldn't load windows with out instalation disk in.. So i had to do a repair which didnt make any difference so i took the other offer which was restore. Windows finally booted but i still have the stupid pop ups and windows live one care keeps finding the virus.
I know all about peer to peer file sharing and its dangers. I just wanna know how to remove this virus because it is extremely obnoxious. Thanks so much, joey

#9 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:02:30 PM

Posted 15 December 2008 - 02:23 PM

Hi,

Step #1

Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Java™ 6 Update 7, Java™ SE Runtime Environment 6 Update 1


Step #2

Please download Malwarebytes' Anti-Malware from Here
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step #3

Please post back with the logs from Malwarebytes Antimalware and if present C:\ComboFix.txt. Thanks!

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users