Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

system often hangs


  • This topic is locked This topic is locked
28 replies to this topic

#1 nayr1925

nayr1925

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 20 December 2008 - 07:51 AM

i have a 2-week old pc which often times hang...i always end up restarting it. the log....

Logfile of random's system information tool 1.05 (written by random/random)
Run by jackpatan at 2008-12-20 19:05:40
Microsoft Windows XP Professional Service Pack 3
System drive C: has 87 GB (57%) free of 153 GB
Total RAM: 2047 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:32 PM, on 12/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logicool\Qcam\Qcam.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ServerGuard\ServerGuard.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\jackpatan\Desktop\RSIT.exe
C:\Program Files\trend micro\jackpatan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre6\bin\java.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ati.amd.com/support/driver.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\ieso0.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logicool\Qcam\Qcam.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [autoMe] wscript.exe "C:\WINDOWS\auto.vbs"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popca...aploader_v6.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logicool Co., Ltd - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logicool Co., Ltd - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logicool Co., Ltd - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9548 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-11-21 911600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A263CF7-56A6-4D68-A8CF-345BE45BC911}]
Yahoo! IE Suggest - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll [2008-01-15 233472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-06 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-12-06 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}]
IEHlprObj Class - C:\WINDOWS\system32\ieso0.dll [2008-04-14 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-06 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-06 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-11-21 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-11-21 911600]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-12-06 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-16 16855552]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-10-11 1826816]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-12-06 590848]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-06 136600]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-07-25 562960]
"LogitechQuickCamRibbon"=C:\Program Files\Logicool\Qcam\Qcam.exe [2007-07-25 2026768]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"autoMe"=wscript.exe C:\WINDOWS\auto.vbs []
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-06-28 32768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-10-18 455968]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-16 342848]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2008-12-03 270128]
"kxva"=C:\WINDOWS\system32\kxvo.exe [2006-05-17 175171]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

C:\Documents and Settings\jackpatan\Start Menu\Programs\Startup
FrostWire On Startup.lnk - C:\Program Files\FrostWire\FrostWire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-10-29 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e854cf0-c58e-11dd-9b64-00e04da3033d}]
shell\AutoRun\command - SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe
shell\open\command - SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23b63b27-c9ab-11dd-9b7e-00e04da3033d}]
shell\AutoRun\command - wscript.exe auto.vbs
shell\Open\command - wscript.exe auto.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57bf7416-c9ce-11dd-9b80-00e04da3033d}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MS-DOS.com
shell\Explore\command - E:\MS-DOS.com
shell\Open\command - E:\MS-DOS.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bd8a819-cdd6-11dd-9b93-00e04da3033d}]
shell\AutoRun\command - wscript.exe auto.vbs
shell\Open\command - wscript.exe auto.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d280dda-c91c-11dd-9b7a-00e04da3033d}]
shell\AutoRun\command - wscript.exe auto.vbs
shell\Open\command - wscript.exe auto.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72447fe5-c6c1-11dd-9b6c-00e04da3033d}]
shell\AutoRun\command - wscript.exe auto.vbs
shell\Open\command - wscript.exe auto.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c86bada-ce44-11dd-9b95-00e04da3033d}]
shell\AutoRun\command - E:\
shell\explore\command - RECYCLER\INFO.exe
shell\open\command - RECYCLER\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d28311c0-c998-11dd-9b7d-00e04da3033d}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MS-DOS.com
shell\Explore\command - E:\MS-DOS.com
shell\Open\command - E:\MS-DOS.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddd39078-c2be-11dd-9b5a-00e04da3033d}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddd39079-c2be-11dd-9b5a-00e04da3033d}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MS-DOS.com
shell\Explore\command - F:\MS-DOS.com
shell\Open\command - F:\MS-DOS.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea1cb76a-ce51-11dd-9b96-00e04da3033d}]
shell\AutoRun\command - wscript.exe auto.vbs
shell\Open\command - wscript.exe auto.vbs


======File associations======

.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2008-12-20 19:05:41 ----D---- C:\Program Files\trend micro
2008-12-20 19:05:40 ----D---- C:\rsit
2008-12-20 11:50:10 ----D---- C:\WINDOWS\Prefetch
2008-12-20 11:47:38 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-20 11:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-20 11:47:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-20 11:47:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-20 11:47:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-20 11:47:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-20 11:47:11 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-20 11:47:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-20 11:47:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-20 11:46:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-20 11:46:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-20 11:46:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-20 11:46:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-20 11:46:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-20 11:46:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-20 11:46:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-20 11:46:30 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-20 11:46:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-20 11:43:45 ----D---- C:\WINDOWS\system32\scripting
2008-12-20 11:43:45 ----D---- C:\WINDOWS\l2schemas
2008-12-20 11:43:44 ----D---- C:\WINDOWS\system32\en
2008-12-20 11:43:44 ----D---- C:\WINDOWS\system32\bits
2008-12-20 11:42:01 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-20 11:40:06 ----D---- C:\WINDOWS\network diagnostic
2008-12-20 11:36:51 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-20 11:31:11 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-20 11:31:03 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-12-20 02:26:27 ----D---- C:\Documents and Settings\All Users\Application Data\PopCap
2008-12-18 03:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-12-18 03:03:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-12-18 03:03:30 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-12-18 03:03:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-12-18 03:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2008-12-18 03:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-18 03:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-18 03:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-18 03:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-12-18 03:02:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-12-18 03:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-12-18 03:02:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-12-18 03:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-12-18 03:02:10 ----D---- C:\Program Files\MSXML 6.0
2008-12-18 03:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2008-12-18 03:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-12-18 03:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-12-18 03:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-12-18 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-12-18 03:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-12-18 03:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-12-18 03:01:07 ----D---- C:\WINDOWS\ie7updates
2008-12-18 03:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-12-18 03:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2008-12-18 03:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-12-18 03:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-12-18 03:00:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2008-12-18 03:00:38 ----D---- C:\Program Files\MSXML 4.0
2008-12-17 19:28:17 ----RSH---- C:\no.com
2008-12-17 19:27:50 ----RSH---- C:\WINDOWS\system32\kxvo.exe
2008-12-17 19:27:50 ----RSH---- C:\WINDOWS\system32\fool0.dll
2008-12-17 18:14:22 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-17 18:14:20 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-17 17:34:48 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-17 17:21:50 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-17 14:45:43 ----RHD---- C:\Documents and Settings\jackpatan\Application Data\SecuROM
2008-12-17 14:45:43 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-12-17 14:37:45 ----D---- C:\Program Files\EA SPORTS
2008-12-16 13:40:26 ----SHD---- C:\RECYCLER
2008-12-16 02:13:19 ----A---- C:\ComboFix.txt
2008-12-16 02:10:09 ----D---- C:\ComboFix
2008-12-15 14:41:23 ----A---- C:\Boot.bak
2008-12-15 14:41:19 ----RASHD---- C:\cmdcons
2008-12-15 14:38:55 ----A---- C:\WINDOWS\zip.exe
2008-12-15 14:38:55 ----A---- C:\WINDOWS\VFIND.exe
2008-12-15 14:38:55 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-15 14:38:55 ----A---- C:\WINDOWS\SWSC.exe
2008-12-15 14:38:55 ----A---- C:\WINDOWS\SWREG.exe
2008-12-15 14:38:55 ----A---- C:\WINDOWS\sed.exe
2008-12-15 14:38:55 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-15 14:38:55 ----A---- C:\WINDOWS\grep.exe
2008-12-15 14:38:55 ----A---- C:\WINDOWS\fdsv.exe
2008-12-15 14:38:51 ----D---- C:\WINDOWS\ERDNT
2008-12-15 14:38:51 ----AD---- C:\Qoobox
2008-12-15 12:40:38 ----D---- C:\Documents and Settings\jackpatan\Application Data\2K Sports
2008-12-15 12:26:50 ----D---- C:\Program Files\NBA 2K9
2008-12-14 22:32:51 ----D---- C:\Level Up! Games
2008-12-14 22:28:04 ----D---- C:\Program Files\XoftSpySE
2008-12-14 21:05:58 ----D---- C:\Program Files\MSBuild
2008-12-14 21:03:49 ----D---- C:\WINDOWS\system32\XPSViewer
2008-12-14 21:03:18 ----D---- C:\Program Files\Reference Assemblies
2008-12-14 21:02:59 ----N---- C:\WINDOWS\system32\spmsg2.dll
2008-12-14 21:02:39 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2008-12-14 18:16:58 ----D---- C:\Program Files\Canon
2008-12-14 17:54:53 ----D---- C:\Program Files\YouTube Downloader
2008-12-11 22:33:42 ----HD---- C:\WINDOWS\msdownld.tmp
2008-12-11 22:33:34 ----D---- C:\WINDOWS\WBEM
2008-12-11 22:33:34 ----D---- C:\WINDOWS\system32\en-US
2008-12-11 22:32:26 ----HDC---- C:\WINDOWS\ie7
2008-12-11 22:32:13 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-12-11 22:31:58 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-12-11 22:31:30 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-12-11 22:31:26 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-12-11 00:43:28 ----D---- C:\Documents and Settings\jackpatan\Application Data\Canon
2008-12-10 19:49:25 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-10 19:36:07 ----A---- C:\WINDOWS\CSTBox.INI
2008-12-10 19:27:54 ----HD---- C:\CanoScan
2008-12-10 19:27:54 ----A---- C:\WINDOWS\system32\UCS32P.DLL
2008-12-10 19:27:54 ----A---- C:\WINDOWS\system32\CNQU71.DLL
2008-12-10 19:27:54 ----A---- C:\WINDOWS\system32\CNQL1208.dll
2008-12-10 12:28:02 ----D---- C:\Documents and Settings\jackpatan\Application Data\CyberLink
2008-12-10 12:20:09 ----D---- C:\MyWorks
2008-12-10 12:20:02 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-12-10 12:19:48 ----D---- C:\Program Files\CyberLink
2008-12-10 12:05:01 ----RASH---- C:\WINDOWS\auto.vbs
2008-12-09 08:41:19 ----RHD---- C:\$VAULT$.AVG
2008-12-08 21:17:35 ----D---- C:\Documents and Settings\jackpatan\Application Data\LimeWire
2008-12-08 21:17:14 ----D---- C:\Program Files\LimeWire
2008-12-08 20:17:04 ----A---- C:\WINDOWS\system32\ptpusb.dll
2008-12-08 20:17:03 ----A---- C:\WINDOWS\system32\ptpusd.dll
2008-12-08 09:10:55 ----D---- C:\WINDOWS\Sun
2008-12-06 22:49:01 ----RA---- C:\WINDOWS\system32\cnmA3.tmp
2008-12-06 22:49:01 ----HD---- C:\BJPrinter
2008-12-06 22:45:30 ----A---- C:\WINDOWS\system32\CNMVS4e.DLL
2008-12-06 22:45:30 ----A---- C:\WINDOWS\system32\CNMLM4e.DLL
2008-12-06 22:45:29 ----RA---- C:\WINDOWS\system32\CNMCP4e.exe
2008-12-06 17:43:03 ----D---- C:\Documents and Settings\jackpatan\Application Data\Google
2008-12-06 17:20:48 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-06 17:20:45 ----D---- C:\Program Files\Google
2008-12-06 13:29:22 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-12-06 11:51:32 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-06 11:51:32 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-06 11:51:32 ----A---- C:\WINDOWS\system32\java.exe
2008-12-06 11:51:32 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-06 01:20:10 ----D---- C:\Documents and Settings\jackpatan\Application Data\U3
2008-12-06 00:49:24 ----D---- C:\Ntreev
2008-12-05 23:27:27 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-05 22:15:54 ----D---- C:\Documents and Settings\jackpatan\Application Data\FrostWire
2008-12-05 21:37:39 ----D---- C:\Program Files\DNA
2008-12-05 21:37:39 ----D---- C:\Documents and Settings\jackpatan\Application Data\DNA
2008-12-05 21:25:47 ----D---- C:\Documents and Settings\jackpatan\Application Data\Sun
2008-12-05 21:10:41 ----D---- C:\Documents and Settings\jackpatan\Application Data\Apple Computer
2008-12-05 21:10:37 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-12-05 21:10:23 ----D---- C:\Program Files\iPod
2008-12-05 21:10:21 ----D---- C:\Program Files\iTunes
2008-12-05 21:10:21 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-05 21:10:10 ----D---- C:\Program Files\Bonjour
2008-12-05 21:09:49 ----D---- C:\Program Files\QuickTime
2008-12-05 21:09:49 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-12-05 21:09:41 ----D---- C:\Program Files\Apple Software Update
2008-12-05 21:09:06 ----D---- C:\Program Files\Common Files\Apple
2008-12-05 21:09:06 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-12-05 19:22:03 ----A---- C:\WINDOWS\ODBC.INI
2008-12-05 19:21:53 ----D---- C:\Program Files\ServerGuard
2008-12-05 19:21:32 ----N---- C:\WINDOWS\Setup1.exe
2008-12-05 19:21:31 ----A---- C:\WINDOWS\ST6UNST.EXE
2008-12-05 17:16:04 ----D---- C:\Documents and Settings\jackpatan\Application Data\Nero
2008-12-05 17:16:04 ----D---- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-12-05 17:13:12 ----D---- C:\Program Files\Common Files\LightScribe
2008-12-05 17:07:57 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2008-12-05 17:06:30 ----D---- C:\Program Files\Nero
2008-12-05 17:06:30 ----D---- C:\Program Files\Common Files\Nero
2008-12-05 17:06:30 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-12-05 17:01:26 ----D---- C:\WINDOWS\RegisteredPackages
2008-12-05 16:18:23 ----HDC---- C:\WINDOWS\$NtUninstallKB916089$
2008-12-05 15:22:22 ----RA---- C:\WINDOWS\system32\LVUI2RC.dll
2008-12-05 15:22:22 ----RA---- C:\WINDOWS\system32\LVUI2.dll
2008-12-05 15:22:22 ----RA---- C:\WINDOWS\system32\lvcoinst.ini
2008-12-05 15:22:22 ----RA---- C:\WINDOWS\system32\lvcodec2.dll
2008-12-05 15:22:22 ----RA---- C:\WINDOWS\system32\lvci1110.dll
2008-12-05 15:22:22 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-12-05 15:14:33 ----D---- C:\Documents and Settings\All Users\Application Data\Logicool
2008-12-05 15:14:31 ----D---- C:\Program Files\Logicool
2008-12-05 15:14:31 ----D---- C:\Program Files\Common Files\LogiShrd
2008-12-05 15:14:00 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-12-04 02:22:53 ----A---- C:\WINDOWS\system32\h323log.txt
2008-12-04 02:19:22 ----A---- C:\WINDOWS\system32\usbui.dll
2008-12-04 02:18:30 ----SHD---- C:\WINDOWS\Installer
2008-12-04 02:18:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-04 02:18:29 ----D---- C:\Program Files\Common Files\ODBC
2008-12-04 02:18:29 ----A---- C:\WINDOWS\ODBCINST.INI
2008-12-04 02:18:26 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-12-04 02:18:25 ----RD---- C:\Program Files
2008-12-04 02:18:25 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-04 02:18:25 ----D---- C:\Program Files\Common Files
2008-12-04 02:18:23 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-12-04 02:18:23 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-12-04 02:18:23 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-12-04 02:18:19 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-12-04 02:18:19 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-12-04 02:18:19 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-12-04 02:18:19 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-12-04 02:18:19 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-12-04 02:18:19 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-12-04 02:18:19 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-12-04 02:18:17 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-12-04 02:18:17 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-12-04 02:18:17 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-12-04 02:18:17 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-12-04 02:18:17 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-12-04 02:18:13 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-12-04 02:18:13 ----A---- C:\WINDOWS\system32\irclass.dll
2008-12-04 02:18:13 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-12-04 02:18:13 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-12-04 02:18:13 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-12-04 02:18:11 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-12-04 02:18:11 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-12-04 02:18:10 ----A---- C:\WINDOWS\system32\batt.dll
2008-12-04 02:18:10 ----A---- C:\WINDOWS\notepad.exe
2008-12-04 02:18:09 ----A---- C:\WINDOWS\system32\storprop.dll
2008-12-04 02:18:03 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-12-04 02:18:01 ----RA---- C:\WINDOWS\SET8.tmp
2008-12-04 02:17:57 ----RA---- C:\WINDOWS\SET4.tmp
2008-12-04 02:17:56 ----RA---- C:\WINDOWS\SET3.tmp
2008-12-04 02:17:51 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-04 02:17:51 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-04 02:17:46 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-04 02:17:25 ----A---- C:\WINDOWS\setuplog.txt
2008-12-04 02:17:23 ----SHD---- C:\System Volume Information
2008-12-04 02:17:23 ----D---- C:\Documents and Settings
2008-12-04 02:16:20 ----RASH---- C:\boot.ini
2008-12-04 02:11:21 ----SHDC---- C:\WINDOWS\system32\dllcache
2008-12-04 02:11:21 ----RSD---- C:\WINDOWS\Fonts
2008-12-04 02:11:21 ----RD---- C:\WINDOWS\Web
2008-12-04 02:11:21 ----HD---- C:\WINDOWS\inf
2008-12-04 02:11:21 ----D---- C:\WINDOWS\WinSxS
2008-12-04 02:11:21 ----D---- C:\WINDOWS\twain_32
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Temp
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\wins
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\wbem
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\usmt
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\spool
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\ShellExt
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\Setup
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\ras
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\oobe
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\npp
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\mui
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\IME
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\icsxml
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\ias
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\export
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\drivers
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\dhcp
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\config
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\3com_dmi
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\3076
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\2052
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\1054
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\1042
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\1041
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\1037
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\1033
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\1031
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\1028
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\1025
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system
2008-12-04 02:11:21 ----D---- C:\WINDOWS\security
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Resources
2008-12-04 02:11:21 ----D---- C:\WINDOWS\repair
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Provisioning
2008-12-04 02:11:21 ----D---- C:\WINDOWS\PeerNet
2008-12-04 02:11:21 ----D---- C:\WINDOWS\pchealth
2008-12-04 02:11:21 ----D---- C:\WINDOWS\mui
2008-12-04 02:11:21 ----D---- C:\WINDOWS\msapps
2008-12-04 02:11:21 ----D---- C:\WINDOWS\msagent
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Media
2008-12-04 02:11:21 ----D---- C:\WINDOWS\java
2008-12-04 02:11:21 ----D---- C:\WINDOWS\ime
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Help
2008-12-04 02:11:21 ----D---- C:\WINDOWS\ehome
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Driver Cache
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Debug
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Cursors
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Connection Wizard
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Config
2008-12-04 02:11:21 ----D---- C:\WINDOWS\AppPatch
2008-12-04 02:11:21 ----D---- C:\WINDOWS\addins
2008-12-04 02:11:21 ----D---- C:\WINDOWS
2008-12-03 22:57:27 ----D---- C:\WINDOWS\Minidump
2008-12-03 22:30:59 ----D---- C:\Program Files\MYGAME Launcher
2008-12-03 22:05:29 ----D---- C:\Program Files\Common Files\INCA Shared
2008-12-03 21:41:18 ----D---- C:\Program Files\e-Games
2008-12-03 21:39:18 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2008-12-03 21:37:48 ----A---- C:\WINDOWS\IsUninst.exe
2008-12-03 21:34:15 ----D---- C:\ATI
2008-12-03 21:33:55 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-12-03 21:33:55 ----A---- C:\WINDOWS\system32\x3daudio1_2.dll
2008-12-03 21:33:54 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-12-03 21:33:54 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-12-03 21:33:54 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-12-03 21:33:53 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-12-03 21:33:53 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-12-03 21:33:52 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-12-03 21:33:52 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-12-03 21:33:51 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-12-03 21:33:50 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-12-03 21:33:50 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-12-03 21:33:50 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-12-03 21:33:49 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-12-03 21:33:49 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-12-03 21:33:49 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-12-03 21:33:49 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-12-03 21:33:49 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-12-03 21:33:48 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-12-03 21:33:48 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-12-03 21:33:48 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-12-03 21:33:43 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-12-03 21:33:43 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-12-03 21:33:43 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-12-03 21:33:43 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-12-03 21:33:42 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-12-03 21:33:42 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-12-03 21:33:42 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-12-03 21:33:42 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-12-03 21:33:41 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-12-03 21:33:41 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-12-03 21:31:57 ----D---- C:\Program Files\Dragonfly
2008-12-03 21:28:13 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2008-12-03 21:28:09 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-03 20:56:46 ----D---- C:\Program Files\uTorrent
2008-12-03 20:56:42 ----D---- C:\Documents and Settings\jackpatan\Application Data\uTorrent
2008-12-03 20:52:57 ----D---- C:\SAVE
2008-12-03 20:51:18 ----D---- C:\Documents and Settings\jackpatan\Application Data\Yahoo!
2008-12-03 20:51:18 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-12-03 20:51:12 ----A---- C:\WINDOWS\system32\unrar.dll
2008-12-03 20:51:12 ----A---- C:\WINDOWS\avisplitter.ini
2008-12-03 20:51:11 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-12-03 20:51:11 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-12-03 20:51:10 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-12-03 20:51:10 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-12-03 20:51:10 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-12-03 20:51:10 ----A---- C:\WINDOWS\system32\divx.dll
2008-12-03 20:51:09 ----D---- C:\Program Files\K-Lite Codec Pack
2008-12-03 20:51:09 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-12-03 20:51:09 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-12-03 20:50:16 ----D---- C:\Program Files\Java
2008-12-03 20:50:15 ----D---- C:\Program Files\Common Files\Java
2008-12-03 20:48:05 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-12-03 20:47:35 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-03 20:47:30 ----D---- C:\Program Files\Common Files\Adobe
2008-12-03 20:47:30 ----D---- C:\Program Files\Adobe
2008-12-03 20:46:00 ----D---- C:\Program Files\Microsoft Works
2008-12-03 20:45:48 ----D---- C:\Program Files\Microsoft Visual Studio
2008-12-03 20:45:48 ----D---- C:\Program Files\Common Files\DESIGNER
2008-12-03 20:45:20 ----D---- C:\Program Files\Microsoft.NET
2008-12-03 20:43:49 ----D---- C:\WINDOWS\SHELLNEW
2008-12-03 20:43:30 ----D---- C:\Program Files\Microsoft Office
2008-12-03 20:43:29 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-03 20:43:13 ----RHD---- C:\MSOCache
2008-12-03 20:41:08 ----D---- C:\Program Files\WinRAR
2008-12-03 20:39:34 ----D---- C:\Documents and Settings\jackpatan\Application Data\AVG7
2008-12-03 20:39:26 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-12-03 20:39:26 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-12-03 20:39:17 ----D---- C:\Program Files\Grisoft
2008-12-03 20:39:17 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-12-03 20:39:17 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
2008-12-03 20:34:44 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-12-03 20:33:46 ----A---- C:\YServer.txt
2008-12-03 20:33:41 ----D---- C:\Program Files\Yahoo!
2008-12-03 20:23:42 ----D---- C:\Program Files\Garena
2008-12-03 20:15:10 ----D---- C:\Program Files\Webzen
2008-12-03 19:58:59 ----A---- C:\WINDOWS\War3Unin.exe
2008-12-03 19:58:12 ----D---- C:\Program Files\Warcraft III
2008-12-03 19:04:26 ----D---- C:\Documents and Settings\jackpatan\Application Data\Macromedia
2008-12-03 19:04:25 ----D---- C:\Documents and Settings\jackpatan\Application Data\Adobe
2008-12-03 18:56:28 ----A---- C:\WINDOWS\CD_Start.INI
2008-12-03 18:54:50 ----A---- C:\WINDOWS\system32\libmySQL.dll
2008-12-03 18:54:33 ----D---- C:\Program Files\Sierra On-Line
2008-12-03 18:54:33 ----A---- C:\WINDOWS\sierra.ini
2008-12-03 18:53:54 ----D---- C:\Sierra
2008-12-03 18:49:13 ----D---- C:\WINDOWS\system32\Lang
2008-12-03 18:48:04 ----A---- C:\WINDOWS\system32\ChCfg.exe
2008-12-03 18:48:00 ----D---- C:\WINDOWS\system32\RTCOM
2008-12-03 18:47:56 ----A---- C:\WINDOWS\SoundMan.exe
2008-12-03 18:47:56 ----A---- C:\WINDOWS\SkyTel.exe
2008-12-03 18:47:56 ----A---- C:\WINDOWS\RtlUpd.exe
2008-12-03 18:47:55 ----A---- C:\WINDOWS\RTLCPL.exe
2008-12-03 18:47:53 ----A---- C:\WINDOWS\RTHDCPL.exe
2008-12-03 18:47:53 ----A---- C:\WINDOWS\MicCal.exe
2008-12-03 18:47:53 ----A---- C:\WINDOWS\alcwzrd.exe
2008-12-03 18:47:53 ----A---- C:\WINDOWS\Alcmtr.exe
2008-12-03 18:47:51 ----A---- C:\WINDOWS\RtlExUpd.dll
2008-12-03 18:47:51 ----A---- C:\WINDOWS\HideWin.exe
2008-12-03 18:47:01 ----D---- C:\WINDOWS\OPTIONS
2008-12-03 18:47:01 ----D---- C:\Program Files\Realtek
2008-12-03 18:46:59 ----D---- C:\Documents and Settings\jackpatan\Application Data\InstallShield
2008-12-03 18:46:06 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-03 18:46:06 ----D---- C:\Program Files\Intel
2008-12-03 18:46:06 ----A---- C:\WINDOWS\system32\CSVer.dll
2008-12-03 18:46:03 ----D---- C:\Intel
2008-12-03 18:45:17 ----D---- C:\Documents and Settings\jackpatan\Application Data\ATI
2008-12-03 18:41:07 ----D---- C:\Program Files\Common Files\ATI Technologies
2008-12-03 18:39:42 ----RSD---- C:\WINDOWS\assembly
2008-12-03 18:39:27 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-03 18:38:50 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-03 18:38:41 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-12-03 18:38:18 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-12-03 18:38:09 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-12-03 18:38:08 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2008-12-03 18:37:33 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2008-12-03 18:37:31 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2008-12-03 18:37:28 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2008-12-03 18:37:18 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-03 18:37:10 ----D---- C:\Program Files\ATI Technologies
2008-12-03 18:37:05 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-03 18:36:49 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-03 18:32:43 ----D---- C:\Documents and Settings\jackpatan\Application Data\Identities
2008-12-03 18:32:42 ----HD---- C:\Program Files\Uninstall Information
2008-12-03 18:32:37 ----SD---- C:\Documents and Settings\jackpatan\Application Data\Microsoft
2008-12-03 18:32:37 ----ASH---- C:\Documents and Settings\jackpatan\Application Data\desktop.ini
2008-12-03 18:31:56 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-03 18:31:54 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-03 18:31:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-03 18:27:23 ----D---- C:\WINDOWS\system32\xircom
2008-12-03 18:27:23 ----D---- C:\Program Files\xerox
2008-12-03 18:27:23 ----D---- C:\Program Files\microsoft frontpage
2008-12-03 18:27:10 ----A---- C:\WINDOWS\control.ini
2008-12-03 18:27:10 ----A---- C:\AUTOEXEC.BAT
2008-12-03 18:27:02 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-03 18:26:59 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-12-03 18:26:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-03 18:26:22 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-03 18:26:22 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-12-03 18:26:18 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-03 18:26:14 ----HD---- C:\Program Files\WindowsUpdate
2008-12-03 18:26:00 ----D---- C:\WINDOWS\system32\DirectX
2008-12-03 18:25:46 ----A---- C:\WINDOWS\system32\atrace.dll
2008-12-03 18:25:44 ----A---- C:\WINDOWS\system32\desktop.ini
2008-12-03 18:25:44 ----A---- C:\WINDOWS\desktop.ini
2008-12-03 18:25:39 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-12-03 18:25:39 ----A---- C:\WINDOWS\system32\acctres.dll
2008-12-03 18:25:38 ----D---- C:\Program Files\Common Files\Services
2008-12-03 18:25:36 ----SD---- C:\WINDOWS\Tasks
2008-12-03 18:25:36 ----D---- C:\Program Files\Common Files\MSSoap
2008-12-03 18:25:36 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-12-03 18:25:33 ----D---- C:\WINDOWS\srchasst
2008-12-03 18:25:32 ----D---- C:\WINDOWS\system32\Macromed
2008-12-03 18:25:30 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-12-03 18:25:30 ----A---- C:\WINDOWS\system32\wups.dll
2008-12-03 18:25:30 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-12-03 18:25:30 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-12-03 18:25:30 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-12-03 18:25:30 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-12-03 18:25:29 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-12-03 18:25:29 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-12-03 18:25:29 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-12-03 18:25:29 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-12-03 18:25:29 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-12-03 18:25:29 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-12-03 18:25:29 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-12-03 18:25:26 ----D---- C:\Program Files\Movie Maker
2008-12-03 18:25:23 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-12-03 18:25:23 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-12-03 18:25:23 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-12-03 18:25:23 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-12-03 18:25:21 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-12-03 18:25:21 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-12-03 18:25:20 ----D---- C:\WINDOWS\system32\Restore
2008-12-03 18:25:20 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-12-03 18:25:20 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-12-03 18:25:20 ----A---- C:\WINDOWS\system32\srclient.dll
2008-12-03 18:25:20 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-12-03 18:25:20 ----A---- C:\WINDOWS\system32\ils.dll
2008-12-03 18:25:19 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-12-03 18:25:19 ----A---- C:\WINDOWS\system32\msconf.dll
2008-12-03 18:25:19 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-12-03 18:25:19 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-12-03 18:25:17 ----D---- C:\Program Files\NetMeeting
2008-12-03 18:25:17 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-12-03 18:25:17 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-12-03 18:25:16 ----A---- C:\WINDOWS\system32\inetres.dll
2008-12-03 18:25:16 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-12-03 18:25:15 ----D---- C:\Program Files\Outlook Express
2008-12-03 18:25:15 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-12-03 18:25:15 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-12-03 18:25:15 ----A---- C:\WINDOWS\system32\mstask.dll
2008-12-03 18:25:14 ----A---- C:\WINDOWS\system32\isign32.dll
2008-12-03 18:25:14 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-12-03 18:25:14 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-12-03 18:25:14 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-12-03 18:25:10 ----D---- C:\Program Files\Internet Explorer
2008-12-03 18:25:10 ----D---- C:\Program Files\Common Files\System
2008-12-03 18:24:45 ----D---- C:\Program Files\ComPlus Applications
2008-12-03 18:24:43 ----A---- C:\WINDOWS\vbaddin.ini
2008-12-03 18:24:43 ----A---- C:\WINDOWS\vb.ini
2008-12-03 18:24:39 ----D---- C:\WINDOWS\Registration
2008-12-03 18:24:34 ----D---- C:\Program Files\Online Services
2008-12-03 18:24:33 ----D---- C:\Program Files\Windows Media Player
2008-12-03 18:24:29 ----D---- C:\Program Files\Messenger
2008-12-03 18:24:26 ----D---- C:\Program Files\MSN Gaming Zone
2008-12-03 18:24:26 ----A---- C:\WINDOWS\system32\write.exe
2008-12-03 18:24:20 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-12-03 18:24:20 ----A---- C:\WINDOWS\system32\hticons.dll
2008-12-03 18:24:20 ----A---- C:\WINDOWS\system32\avwav.dll
2008-12-03 18:24:20 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-12-03 18:24:20 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-12-03 18:24:19 ----A---- C:\WINDOWS\system32\winchat.exe
2008-12-03 18:24:15 ----A---- C:\WINDOWS\system32\getuname.dll
2008-12-03 18:24:15 ----A---- C:\WINDOWS\system32\charmap.exe
2008-12-03 18:24:14 ----A---- C:\WINDOWS\system32\winmine.exe
2008-12-03 18:24:14 ----A---- C:\WINDOWS\system32\sol.exe
2008-12-03 18:24:14 ----A---- C:\WINDOWS\system32\reset.exe
2008-12-03 18:24:14 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-12-03 18:24:14 ----A---- C:\WINDOWS\system32\freecell.exe
2008-12-03 18:24:14 ----A---- C:\WINDOWS\system32\calc.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\tskill.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\tscon.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\shadow.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\regini.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\msg.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\logoff.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-12-03 18:24:12 ----A---- C:\WINDOWS\system32\stclient.dll
2008-12-03 18:24:12 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-12-03 18:24:12 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-12-03 18:24:12 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-12-03 18:24:12 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-12-03 18:24:12 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-12-03 18:24:12 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-12-03 18:24:11 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-12-03 18:24:08 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-12-03 18:23:54 ----D---- C:\Program Files\MSN
2008-12-03 18:23:53 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-12-03 18:23:53 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-12-03 18:23:52 ----D---- C:\Program Files\Windows NT
2008-12-03 18:23:52 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-12-03 18:23:52 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-12-03 18:23:52 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-12-03 18:23:51 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-12-03 18:23:51 ----A---- C:\WINDOWS\system32\spider.exe
2008-12-03 18:23:51 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-12-03 18:23:50 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-12-03 18:23:50 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-12-03 18:23:50 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-12-03 18:23:50 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-12-03 18:23:50 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-12-03 18:23:50 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-12-03 18:23:50 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-12-03 18:23:49 ----D---- C:\WINDOWS\system32\MsDtc
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-12-03 18:23:48 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-12-03 18:23:48 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-12-03 18:23:48 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-12-03 18:23:48 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-12-03 18:23:47 ----D---- C:\WINDOWS\system32\Com
2008-12-03 18:23:47 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-12-03 18:23:47 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-12-03 18:23:47 ----A---- C:\WINDOWS\system32\colbact.dll
2008-12-03 18:23:46 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-12-03 18:23:46 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-12-03 18:23:46 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-12-03 18:23:46 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-12-03 18:23:45 ----A---- C:\WINDOWS\system32\comuid.dll
2008-12-03 18:23:45 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-12-03 18:23:45 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-12-03 18:23:39 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-12-03 18:23:39 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-12-03 18:23:39 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-12-03 18:23:39 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2008-12-16 02:12:52 ----A---- C:\WINDOWS\system.ini
2008-12-13 14:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-03 18:27:09 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2008-12-03 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2008-12-03 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2008-12-03 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-12-06 10760]
R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2008-12-03 4960]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-10-29 3341824]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-29 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-16 4615168]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-07-20 2108952]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-07-20 2141848]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2007-07-19 41112]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-07-19 1277464]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-10-29 585728]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2008-12-03 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2008-12-03 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2008-12-06 406528]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-06 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-10-18 79136]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-07-20 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-07-20 137752]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-10 602392]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-10-28 593920]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-07-20 141848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-06 138168]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-11-15 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2008-12-20 20:22:35

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
AVG 7.5-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CABAL Online (PH) 1.0-->C:\Program Files\e-Games\CABAL Online (PH)\uninst.exe
Canon CanoScan Toolbox 4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\Setup.exe" -l0x9 anything
Canon PIXUS 950i-->C:\WINDOWS\system32\CNMCP4e.exe "-PRINTERNAMECanon PIXUS 950i" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXUS 950i Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXUS 950i Installer\Inst2\cnmi0409.dll"
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
EA SPORTS™ NBA LIVE 08-->MsiExec.exe /X{39C8EFBA-042B-11DC-A860-0EE955D89593}
Garena-->C:\Program Files\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GrandChase-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1FD7E29-0710-40A7-B0D1-A821B89249A1}\Setup.exe"
Half-Life: Counter-Strike-->C:\Sierra\COUNTE~1\UNWISE.EXE C:\Sierra\COUNTE~1\INSTALL.LOG
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 4.1.7 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LightScribe System Software 1.10.19.1-->MsiExec.exe /X{59046D29-2E6B-4224-BF0D-64F3E7A93F7B}
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Logicool Qcam-->MsiExec.exe /X{63AE7E8A-81CB-433E-B13E-7E08D4AF50C6}
Logicool® Camera Driver-->"C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
MYGAME Launcher(Remove Only)-->C:\Program Files\MYGAME Launcher\uninst.exe
Nero 8 Essentials-->MsiExec.exe /X{65A54DC3-5FF6-4C75-906E-3EA1A3B71033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PowerDirector Express-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDE721EC-870A-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
ServerGuard-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\ServerGuard\ST6UNST.LOG"
Special Force-->C:\Program Files\InstallShield Installation Information\{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}\setup.exe -runfromtemp -l0x0009 -removeonly
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Suggest Add-on for IE7-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AV: AVG 7.5.552

System event log

Computer Name: SERVER
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the stopped state.

Record Number: 930
Source Name: Service Control Manager
Time Written: 20081208162223.000000+480
Event Type: information
User:

Computer Name: SERVER
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the running state.

Record Number: 929
Source Name: Service Control Manager
Time Written: 20081208162217.000000+480
Event Type: information
User:

Computer Name: SERVER
Event Code: 7035
Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.

Record Number: 928
Source Name: Service Control Manager
Time Written: 20081208162217.000000+480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: SERVER
Event Code: 59
Message: Generate Activation Context failed for C:\Program Files\Common Files\Nero\AudioPlugins\MSAxp.dll.
Reference error message: The operation completed successfully.
.

Record Number: 927
Source Name: SideBySide
Time Written: 20081208161057.000000+480
Event Type: error
User:

Computer Name: SERVER
Event Code: 58
Message: Syntax error in manifest or policy file "C:\Program Files\Common Files\Nero\AudioPlugins\MSAxp.dll" on line 10.

Record Number: 926
Source Name: SideBySide
Time Written: 20081208161057.000000+480
Event Type: error
User:

Application event log

Computer Name: SERVER
Event Code: 4
Message: The LightScribe Service started successfully.

Record Number: 1651
Source Name: LightScribeService
Time Written: 20081213191808.000000+480
Event Type: information
User:

Computer Name: SERVER
Event Code: 1
Message:
Record Number: 1650
Source Name: Bonjour Service
Time Written: 20081213191808.000000+480
Event Type: information
User:

Computer Name: SERVER
Event Code: 1
Message: Service started

Record Number: 1649
Source Name: Avg7UpdSvc
Time Written: 20081213191806.000000+480
Event Type: information
User:

Computer Name: SERVER
Event Code: 105
Message: The service was started.

Record Number: 1648
Source Name: ATI Smart
Time Written: 20081213191806.000000+480
Event Type: information
User:

Computer Name: SERVER
Event Code: 1517
Message: Windows saved user SERVER\jackpatan registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 1647
Source Name: Userenv
Time Written: 20081213191543.000000+480
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem;C:\WINNT\twain_32\CNQLxx
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0d
"QTJAVA"=C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------


i ran kaspersky as wel..nothing was listed on the report..i assume my system is clean of malwares and so.

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:10 AM

Posted 21 December 2008 - 09:28 AM

Hello! :thumbsup:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Also post a new RSIT log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 nayr1925

nayr1925
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 22 December 2008 - 08:08 AM

hi sam..i would like to apologize for my post. i must have misunderstood kaspersky. i ran d program agin..and found out my unit is infected. the log are as follows...

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, December 21, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 21, 2008 11:45:10
Records in database: 1495553
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\jackpatan\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 64767
Threat name: 4
Infected objects: 24
Suspicious objects: 1
Duration of the scan: 00:51:21


File name / Threat name / Threats count
C:\WINDOWS\system32\fool0.dll/C:\WINDOWS\system32\fool0.dll Infected: Packed.Win32.Krap.b 20
C:\WINDOWS\system32\ieso0.dll/C:\WINDOWS\system32\ieso0.dll Infected: not-a-virus:AdWare.Win32.BBT.cp 1
C:\WINDOWS\auto.vbs Suspicious: Type_Script 1
C:\WINDOWS\system32\fool0.dll Infected: Packed.Win32.Krap.b 1
C:\WINDOWS\system32\ieso0.dll Infected: not-a-virus:AdWare.Win32.BBT.cp 1
C:\WINDOWS\system32\kxvo.exe Infected: Trojan.Win32.Inject.dnm 1

The selected area was scanned.


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 22, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 21, 2008 11:45:10
Records in database: 1495553
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 79305
Threat name: 11
Infected objects: 49
Suspicious objects: 1
Duration of the scan: 01:25:58


File name / Threat name / Threats count
C:\WINDOWS\system32\fool0.dll/C:\WINDOWS\system32\fool0.dll Infected: Packed.Win32.Krap.b 23
C:\WINDOWS\system32\ieso0.dll/C:\WINDOWS\system32\ieso0.dll Infected: not-a-virus:AdWare.Win32.BBT.cp 2
C:\autorun.inf Infected: Worm.Win32.AutoRun.ejl 1
C:\Documents and Settings\jackpatan\My Documents\FrostWire\Incomplete\T-3515162-megedeath - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\jackpatan\My Documents\FrostWire\Incomplete\T-3877632-pagdating ng panahon aiza.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Documents and Settings\jackpatan\My Documents\FrostWire\Incomplete\T-4542054-i believe charmaine fionna ong MTV.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
C:\Documents and Settings\jackpatan\My Documents\LimeWire\Saved\Carmen Fenk - Dance with my Father.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\big big man.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\can we talk for a minute - greatest hits.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\crazy bone its so good.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\invincible christian bautista.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\migraine moonstar 88.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\moments og love janno gibbs - greatest hits.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\NSYNC - It's gonna be me.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\pasko na naman ariel rivera.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\shawty t pain.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\slapshock agent orange.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\stick around.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\tattoed on my mind.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\usher superstar MTV.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\where is she.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\no.com Infected: Trojan.Win32.Inject.dnm 1
C:\Qoobox\Quarantine\C\WINDOWS\Cursors\Boom.vbs.vir Infected: Trojan.VBS.Runner.be 1
C:\WINDOWS\auto.vbs Suspicious: Type_Script 1
C:\WINDOWS\system32\fool0.dll Infected: Packed.Win32.Krap.b 1
C:\WINDOWS\system32\ieso0.dll Infected: not-a-virus:AdWare.Win32.BBT.cp 1
C:\WINDOWS\system32\kxvo.exe Infected: Trojan.Win32.Inject.dnm 1

The selected area was scanned.


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 22, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 22, 2008 07:53:03
Records in database: 1499212
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Folder:
C:\

Scan statistics:
Files scanned: 87017
Threat name: 11
Infected objects: 24
Suspicious objects: 1
Duration of the scan: 01:37:46


File name / Threat name / Threats count
C:\autorun.inf Infected: Worm.Win32.AutoRun.ejl 1
C:\Documents and Settings\jackpatan\My Documents\FrostWire\Incomplete\T-3515162-megedeath - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\jackpatan\My Documents\FrostWire\Incomplete\T-3877632-pagdating ng panahon aiza.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Documents and Settings\jackpatan\My Documents\FrostWire\Incomplete\T-4542054-i believe charmaine fionna ong MTV.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\big big man.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\can we talk for a minute - greatest hits.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\Carmen Fenk - Dance with my Father.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\crazy bone its so good.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\invincible christian bautista.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\migraine moonstar 88.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\moments og love janno gibbs - greatest hits.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\NSYNC - It's gonna be me.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\pasko na naman ariel rivera.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\shawty t pain.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\slapshock agent orange.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\stick around.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\tattoed on my mind.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\usher superstar MTV.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\where is she.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\no.com Infected: Trojan.Win32.Inject.dnm 1
C:\Qoobox\Quarantine\C\WINDOWS\Cursors\Boom.vbs.vir Infected: Trojan.VBS.Runner.be 1
C:\WINDOWS\auto.vbs Suspicious: Type_Script 1
C:\WINDOWS\system32\fool0.dll Infected: Packed.Win32.Krap.b 1
C:\WINDOWS\system32\ieso0.dll Infected: not-a-virus:AdWare.Win32.BBT.cp 1
C:\WINDOWS\system32\kxvo.exe Infected: Trojan.Win32.Inject.dnm 1

The selected area was scanned.


....hoping for your help regarding this matter. thank you so much

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:10 AM

Posted 22 December 2008 - 10:22 AM

Yes, I could see the infected files in the log that you posted. All Kaspersky does is confirm that for us. Please proceed with the instructions that I posted and we'll go from there.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 nayr1925

nayr1925
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 23 December 2008 - 12:23 AM

the log for mbam.....

Malwarebytes' Anti-Malware 1.31
Database version: 1534
Windows 5.1.2600 Service Pack 3

12/23/2008 1:22:41 PM
mbam-log-2008-12-23 (13-22-35).txt

Scan type: Quick Scan
Objects scanned: 62298
Time elapsed: 8 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 15
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ieso0.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\fool0.dll (Worm.OnlineG) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\iehlprobj.iehlprobj.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{ce7c3ce2-4b15-11d1-abed-709549c10000} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ce7c3cef-4b15-11d1-abed-709549c10000} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kxva (Spyware.OnlineGames) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ieso0.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.
C:\WINDOWS\system32\kxvo.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\fool0.dll (Worm.OnlineG) -> No action taken.
C:\end (Trojan.FakeAlert) -> No action taken.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:10 AM

Posted 23 December 2008 - 11:28 AM

I see that Malwarebytes detected quite a bit, but the log indicates "No action taken".
Did you remove these items with Malwarebytes?

Also post a new RSIT log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 nayr1925

nayr1925
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 23 December 2008 - 11:56 PM

yes i did..i then tried running malware 2x...2 infections seems to be"unremovable"..

Malwarebytes' Anti-Malware 1.31
Database version: 1534
Windows 5.1.2600 Service Pack 3

12/24/2008 12:55:58 PM
mbam-log-2008-12-24 (12-55-54).txt

Scan type: Quick Scan
Objects scanned: 57221
Time elapsed: 6 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




the log for rsit...

Logfile of random's system information tool 1.05 (written by random/random)
Run by jackpatan at 2008-12-24 12:45:36
Microsoft Windows XP Professional Service Pack 3
System drive C: has 90 GB (59%) free of 153 GB
Total RAM: 2047 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:39 PM, on 12/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logicool\Qcam\Qcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ServerGuard\ServerGuard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\jackpatan\Desktop\RSIT.exe
C:\Program Files\trend micro\jackpatan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ati.amd.com/support/driver.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logicool\Qcam\Qcam.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [autoMe] wscript.exe "C:\WINDOWS\auto.vbs"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logicool Co., Ltd - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logicool Co., Ltd - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logicool Co., Ltd - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9781 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2008-11-21 911600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A263CF7-56A6-4D68-A8CF-345BE45BC911}]
Yahoo! IE Suggest - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll [2008-01-15 233472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-06 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-12-06 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-06 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-06 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2008-11-21 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2008-11-21 911600]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-12-06 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-16 16855552]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-10-11 1826816]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-12-06 590848]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-06 136600]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-07-25 562960]
"LogitechQuickCamRibbon"=C:\Program Files\Logicool\Qcam\Qcam.exe [2007-07-25 2026768]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"autoMe"=wscript.exe C:\WINDOWS\auto.vbs []
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-06-28 32768]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-10-18 455968]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-16 342848]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2008-12-03 270128]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

C:\Documents and Settings\jackpatan\Start Menu\Programs\Startup
FrostWire On Startup.lnk - C:\Program Files\FrostWire\FrostWire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-10-29 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=128
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{120364fb-cb5c-11dd-9b88-00e04da3033d}]
shell\AutoRun\command - wscript.exe auto.vbs
shell\Open\command - wscript.exe auto.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14ac292d-ca7e-11dd-9b85-00e04da3033d}]
shell\AutoRun\command - wscript.exe auto.vbs
shell\Open\command - wscript.exe auto.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14ac292e-ca7e-11dd-9b85-00e04da3033d}]
shell\AutoRun\command - wscript.exe auto.vbs
shell\Open\command - wscript.exe auto.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e854cf0-c58e-11dd-9b64-00e04da3033d}]
shell\AutoRun\command - SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe
shell\open\command - SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23b63b27-c9ab-11dd-9b7e-00e04da3033d}]
shell\AutoRun\command - wscript.exe auto.vbs
shell\Open\command - wscript.exe auto.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{359e9618-ce76-11dd-9b97-00e04da3033d}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{554760bb-cf0c-11dd-9b99-00e04da3033d}]
shell\AutoRun\command - E:\no.com
shell\explore\command - E:\no.com
shell\open\command - E:\no.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{554760bc-cf0c-11dd-9b99-00e04da3033d}]
shell\AutoRun\command - wscript.exe auto.vbs
shell\Open\command - wscript.exe auto.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57bf7416-c9ce-11dd-9b80-00e04da3033d}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MS-DOS.com
shell\Explore\command - E:\MS-DOS.com
shell\Open\command - E:\MS-DOS.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bd8a819-cdd6-11dd-9b93-00e04da3033d}]
shell\AutoRun\command - wscript.exe auto.vbs
shell\Open\command - wscript.exe auto.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72447fe5-c6c1-11dd-9b6c-00e04da3033d}]
shell\AutoRun\command - wscript.exe auto.vbs
shell\Open\command - wscript.exe auto.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c86bada-ce44-11dd-9b95-00e04da3033d}]
shell\AutoRun\command - E:\
shell\explore\command - RECYCLER\INFO.exe
shell\open\command - RECYCLER\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d28311c0-c998-11dd-9b7d-00e04da3033d}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MS-DOS.com
shell\Explore\command - E:\MS-DOS.com
shell\Open\command - E:\MS-DOS.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddd39078-c2be-11dd-9b5a-00e04da3033d}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddd39079-c2be-11dd-9b5a-00e04da3033d}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MS-DOS.com
shell\Explore\command - F:\MS-DOS.com
shell\Open\command - F:\MS-DOS.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea1cb76a-ce51-11dd-9b96-00e04da3033d}]
shell\AutoRun\command - wscript.exe auto.vbs
shell\Open\command - wscript.exe auto.vbs


======File associations======

.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2008-12-23 12:54:45 ----D---- C:\Documents and Settings\jackpatan\Application Data\Malwarebytes
2008-12-23 12:54:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-23 12:54:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-21 23:59:38 ----D---- C:\Program Files\Chuzzle Deluxe
2008-12-21 22:35:51 ----DC---- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-12-21 22:32:25 ----D---- C:\a921f54a453777f90f9e
2008-12-21 22:28:48 ----SHD---- C:\Config.Msi
2008-12-21 22:07:11 ----RHD---- C:\AHCache
2008-12-21 19:30:44 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-12-21 19:30:37 ----D---- C:\Program Files\Yahoo! Games
2008-12-21 03:00:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-21 03:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-20 23:11:47 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2008-12-20 19:05:41 ----D---- C:\Program Files\trend micro
2008-12-20 19:05:40 ----D---- C:\rsit
2008-12-20 11:50:10 ----D---- C:\WINDOWS\Prefetch
2008-12-20 11:47:38 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-20 11:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-20 11:47:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-20 11:47:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-20 11:47:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-20 11:47:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-20 11:47:11 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-20 11:47:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-20 11:47:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-20 11:46:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-20 11:46:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-20 11:46:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-20 11:46:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-20 11:46:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-20 11:46:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-20 11:46:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-20 11:46:30 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-20 11:46:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-20 11:43:45 ----D---- C:\WINDOWS\system32\scripting
2008-12-20 11:43:45 ----D---- C:\WINDOWS\l2schemas
2008-12-20 11:43:44 ----D---- C:\WINDOWS\system32\en
2008-12-20 11:43:44 ----D---- C:\WINDOWS\system32\bits
2008-12-20 11:42:01 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-20 11:40:06 ----D---- C:\WINDOWS\network diagnostic
2008-12-20 11:36:51 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-20 11:31:11 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-20 11:31:03 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-12-20 02:26:27 ----D---- C:\Documents and Settings\All Users\Application Data\PopCap
2008-12-18 03:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-12-18 03:03:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-12-18 03:03:30 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-12-18 03:03:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-12-18 03:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2008-12-18 03:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-18 03:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-18 03:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-18 03:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-12-18 03:02:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-12-18 03:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-12-18 03:02:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-12-18 03:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-12-18 03:02:10 ----D---- C:\Program Files\MSXML 6.0
2008-12-18 03:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2008-12-18 03:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-12-18 03:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-12-18 03:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-12-18 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-12-18 03:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-12-18 03:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-12-18 03:01:07 ----D---- C:\WINDOWS\ie7updates
2008-12-18 03:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-12-18 03:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2008-12-18 03:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-12-18 03:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-12-18 03:00:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2008-12-18 03:00:38 ----D---- C:\Program Files\MSXML 4.0
2008-12-17 19:28:17 ----RSH---- C:\no.com
2008-12-17 18:14:22 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-17 18:14:20 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-17 17:34:48 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-17 17:21:50 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-17 14:45:43 ----RHD---- C:\Documents and Settings\jackpatan\Application Data\SecuROM
2008-12-17 14:45:43 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-12-17 14:37:45 ----D---- C:\Program Files\EA SPORTS
2008-12-16 13:40:26 ----SHD---- C:\RECYCLER
2008-12-16 02:13:19 ----A---- C:\ComboFix.txt
2008-12-16 02:10:09 ----D---- C:\ComboFix
2008-12-15 14:41:23 ----A---- C:\Boot.bak
2008-12-15 14:41:19 ----RASHD---- C:\cmdcons
2008-12-15 14:38:55 ----A---- C:\WINDOWS\zip.exe
2008-12-15 14:38:55 ----A---- C:\WINDOWS\VFIND.exe
2008-12-15 14:38:55 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-15 14:38:55 ----A---- C:\WINDOWS\SWSC.exe
2008-12-15 14:38:55 ----A---- C:\WINDOWS\SWREG.exe
2008-12-15 14:38:55 ----A---- C:\WINDOWS\sed.exe
2008-12-15 14:38:55 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-15 14:38:55 ----A---- C:\WINDOWS\grep.exe
2008-12-15 14:38:55 ----A---- C:\WINDOWS\fdsv.exe
2008-12-15 14:38:51 ----D---- C:\WINDOWS\ERDNT
2008-12-15 14:38:51 ----AD---- C:\Qoobox
2008-12-15 12:40:38 ----D---- C:\Documents and Settings\jackpatan\Application Data\2K Sports
2008-12-15 12:26:50 ----D---- C:\Program Files\NBA 2K9
2008-12-14 22:32:51 ----D---- C:\Level Up! Games
2008-12-14 22:28:04 ----D---- C:\Program Files\XoftSpySE
2008-12-14 21:05:58 ----D---- C:\Program Files\MSBuild
2008-12-14 21:03:49 ----D---- C:\WINDOWS\system32\XPSViewer
2008-12-14 21:03:18 ----D---- C:\Program Files\Reference Assemblies
2008-12-14 21:02:59 ----N---- C:\WINDOWS\system32\spmsg2.dll
2008-12-14 21:02:39 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2008-12-14 18:16:58 ----D---- C:\Program Files\Canon
2008-12-14 17:54:53 ----D---- C:\Program Files\YouTube Downloader
2008-12-11 22:33:42 ----HD---- C:\WINDOWS\msdownld.tmp
2008-12-11 22:33:34 ----D---- C:\WINDOWS\WBEM
2008-12-11 22:33:34 ----D---- C:\WINDOWS\system32\en-US
2008-12-11 22:32:26 ----HDC---- C:\WINDOWS\ie7
2008-12-11 22:32:13 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-12-11 22:31:58 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-12-11 22:31:30 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-12-11 22:31:26 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-12-11 00:43:28 ----D---- C:\Documents and Settings\jackpatan\Application Data\Canon
2008-12-10 19:49:25 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-10 19:36:07 ----A---- C:\WINDOWS\CSTBox.INI
2008-12-10 19:27:54 ----HD---- C:\CanoScan
2008-12-10 19:27:54 ----A---- C:\WINDOWS\system32\UCS32P.DLL
2008-12-10 19:27:54 ----A---- C:\WINDOWS\system32\CNQU71.DLL
2008-12-10 19:27:54 ----A---- C:\WINDOWS\system32\CNQL1208.dll
2008-12-10 12:28:02 ----D---- C:\Documents and Settings\jackpatan\Application Data\CyberLink
2008-12-10 12:20:09 ----D---- C:\MyWorks
2008-12-10 12:20:02 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-12-10 12:19:48 ----D---- C:\Program Files\CyberLink
2008-12-10 12:05:01 ----RASH---- C:\WINDOWS\auto.vbs
2008-12-09 08:41:19 ----RHD---- C:\$VAULT$.AVG
2008-12-08 21:17:35 ----D---- C:\Documents and Settings\jackpatan\Application Data\LimeWire
2008-12-08 21:17:14 ----D---- C:\Program Files\LimeWire
2008-12-08 20:17:04 ----A---- C:\WINDOWS\system32\ptpusb.dll
2008-12-08 20:17:03 ----A---- C:\WINDOWS\system32\ptpusd.dll
2008-12-08 09:10:55 ----D---- C:\WINDOWS\Sun
2008-12-06 22:49:01 ----HD---- C:\BJPrinter
2008-12-06 22:45:30 ----A---- C:\WINDOWS\system32\CNMVS4e.DLL
2008-12-06 22:45:30 ----A---- C:\WINDOWS\system32\CNMLM4e.DLL
2008-12-06 22:45:29 ----RA---- C:\WINDOWS\system32\CNMCP4e.exe
2008-12-06 17:43:03 ----D---- C:\Documents and Settings\jackpatan\Application Data\Google
2008-12-06 17:20:48 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-06 17:20:45 ----D---- C:\Program Files\Google
2008-12-06 13:29:22 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-12-06 11:51:32 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-06 11:51:32 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-06 11:51:32 ----A---- C:\WINDOWS\system32\java.exe
2008-12-06 11:51:32 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-06 01:20:10 ----D---- C:\Documents and Settings\jackpatan\Application Data\U3
2008-12-06 00:49:24 ----D---- C:\Ntreev
2008-12-05 23:27:27 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-05 22:15:54 ----D---- C:\Documents and Settings\jackpatan\Application Data\FrostWire
2008-12-05 21:37:39 ----D---- C:\Program Files\DNA
2008-12-05 21:37:39 ----D---- C:\Documents and Settings\jackpatan\Application Data\DNA
2008-12-05 21:25:47 ----D---- C:\Documents and Settings\jackpatan\Application Data\Sun
2008-12-05 21:10:41 ----D---- C:\Documents and Settings\jackpatan\Application Data\Apple Computer
2008-12-05 21:10:37 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-12-05 21:10:23 ----D---- C:\Program Files\iPod
2008-12-05 21:10:21 ----D---- C:\Program Files\iTunes
2008-12-05 21:10:21 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-05 21:10:10 ----D---- C:\Program Files\Bonjour
2008-12-05 21:09:49 ----D---- C:\Program Files\QuickTime
2008-12-05 21:09:49 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-12-05 21:09:41 ----D---- C:\Program Files\Apple Software Update
2008-12-05 21:09:06 ----D---- C:\Program Files\Common Files\Apple
2008-12-05 21:09:06 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-12-05 19:22:03 ----A---- C:\WINDOWS\ODBC.INI
2008-12-05 19:21:53 ----D---- C:\Program Files\ServerGuard
2008-12-05 19:21:32 ----N---- C:\WINDOWS\Setup1.exe
2008-12-05 19:21:31 ----A---- C:\WINDOWS\ST6UNST.EXE
2008-12-05 17:16:04 ----D---- C:\Documents and Settings\jackpatan\Application Data\Nero
2008-12-05 17:16:04 ----D---- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-12-05 17:13:12 ----D---- C:\Program Files\Common Files\LightScribe
2008-12-05 17:07:57 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2008-12-05 17:06:30 ----D---- C:\Program Files\Nero
2008-12-05 17:06:30 ----D---- C:\Program Files\Common Files\Nero
2008-12-05 17:06:30 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-12-05 17:01:26 ----D---- C:\WINDOWS\RegisteredPackages
2008-12-05 16:18:23 ----HDC---- C:\WINDOWS\$NtUninstallKB916089$
2008-12-05 15:22:22 ----RA---- C:\WINDOWS\system32\LVUI2RC.dll
2008-12-05 15:22:22 ----RA---- C:\WINDOWS\system32\LVUI2.dll
2008-12-05 15:22:22 ----RA---- C:\WINDOWS\system32\lvcoinst.ini
2008-12-05 15:22:22 ----RA---- C:\WINDOWS\system32\lvcodec2.dll
2008-12-05 15:22:22 ----RA---- C:\WINDOWS\system32\lvci1110.dll
2008-12-05 15:22:22 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-12-05 15:14:33 ----D---- C:\Documents and Settings\All Users\Application Data\Logicool
2008-12-05 15:14:31 ----D---- C:\Program Files\Logicool
2008-12-05 15:14:31 ----D---- C:\Program Files\Common Files\LogiShrd
2008-12-05 15:14:00 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-12-04 02:22:53 ----A---- C:\WINDOWS\system32\h323log.txt
2008-12-04 02:19:22 ----A---- C:\WINDOWS\system32\usbui.dll
2008-12-04 02:18:32 ----A---- C:\WINDOWS\imsins.BAK
2008-12-04 02:18:30 ----SHD---- C:\WINDOWS\Installer
2008-12-04 02:18:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-04 02:18:29 ----D---- C:\Program Files\Common Files\ODBC
2008-12-04 02:18:29 ----A---- C:\WINDOWS\ODBCINST.INI
2008-12-04 02:18:26 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-12-04 02:18:25 ----RD---- C:\Program Files
2008-12-04 02:18:25 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-04 02:18:25 ----D---- C:\Program Files\Common Files
2008-12-04 02:18:23 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-12-04 02:18:23 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-12-04 02:18:23 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-12-04 02:18:19 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-12-04 02:18:19 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-12-04 02:18:19 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-12-04 02:18:19 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-12-04 02:18:19 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-12-04 02:18:19 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-12-04 02:18:19 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-12-04 02:18:17 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-12-04 02:18:17 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-12-04 02:18:17 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-12-04 02:18:17 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-12-04 02:18:17 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-12-04 02:18:13 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-12-04 02:18:13 ----A---- C:\WINDOWS\system32\irclass.dll
2008-12-04 02:18:13 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-12-04 02:18:13 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-12-04 02:18:13 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-12-04 02:18:11 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-12-04 02:18:10 ----A---- C:\WINDOWS\system32\batt.dll
2008-12-04 02:18:10 ----A---- C:\WINDOWS\notepad.exe
2008-12-04 02:18:09 ----A---- C:\WINDOWS\system32\storprop.dll
2008-12-04 02:18:03 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-12-04 02:17:51 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-04 02:17:51 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-04 02:17:46 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-04 02:17:25 ----A---- C:\WINDOWS\setuplog.txt
2008-12-04 02:17:23 ----SHD---- C:\System Volume Information
2008-12-04 02:17:23 ----D---- C:\Documents and Settings
2008-12-04 02:16:20 ----RASH---- C:\boot.ini
2008-12-04 02:11:21 ----SHDC---- C:\WINDOWS\system32\dllcache
2008-12-04 02:11:21 ----RSD---- C:\WINDOWS\Fonts
2008-12-04 02:11:21 ----RD---- C:\WINDOWS\Web
2008-12-04 02:11:21 ----HD---- C:\WINDOWS\inf
2008-12-04 02:11:21 ----D---- C:\WINDOWS\WinSxS
2008-12-04 02:11:21 ----D---- C:\WINDOWS\twain_32
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Temp
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\wins
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\wbem
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\usmt
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\spool
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\ShellExt
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\Setup
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\ras
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\oobe
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\npp
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\mui
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\IME
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\icsxml
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\ias
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\export
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\drivers
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\dhcp
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\config
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\3com_dmi
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\3076
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\2052
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\1054
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\1042
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\1041
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\1037
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\1033
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\1031
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\1028
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\1025
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system
2008-12-04 02:11:21 ----D---- C:\WINDOWS\security
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Resources
2008-12-04 02:11:21 ----D---- C:\WINDOWS\repair
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Provisioning
2008-12-04 02:11:21 ----D---- C:\WINDOWS\PeerNet
2008-12-04 02:11:21 ----D---- C:\WINDOWS\pchealth
2008-12-04 02:11:21 ----D---- C:\WINDOWS\mui
2008-12-04 02:11:21 ----D---- C:\WINDOWS\msapps
2008-12-04 02:11:21 ----D---- C:\WINDOWS\msagent
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Media
2008-12-04 02:11:21 ----D---- C:\WINDOWS\java
2008-12-04 02:11:21 ----D---- C:\WINDOWS\ime
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Help
2008-12-04 02:11:21 ----D---- C:\WINDOWS\ehome
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Driver Cache
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Debug
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Cursors
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Connection Wizard
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Config
2008-12-04 02:11:21 ----D---- C:\WINDOWS\AppPatch
2008-12-04 02:11:21 ----D---- C:\WINDOWS\addins
2008-12-04 02:11:21 ----D---- C:\WINDOWS
2008-12-03 22:57:27 ----D---- C:\WINDOWS\Minidump
2008-12-03 22:30:59 ----D---- C:\Program Files\MYGAME Launcher
2008-12-03 22:05:29 ----D---- C:\Program Files\Common Files\INCA Shared
2008-12-03 21:41:18 ----D---- C:\Program Files\e-Games
2008-12-03 21:39:18 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2008-12-03 21:37:48 ----A---- C:\WINDOWS\IsUninst.exe
2008-12-03 21:34:15 ----D---- C:\ATI
2008-12-03 21:33:55 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-12-03 21:33:55 ----A---- C:\WINDOWS\system32\x3daudio1_2.dll
2008-12-03 21:33:54 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-12-03 21:33:54 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-12-03 21:33:54 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-12-03 21:33:53 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-12-03 21:33:53 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-12-03 21:33:52 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-12-03 21:33:52 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-12-03 21:33:51 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-12-03 21:33:50 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-12-03 21:33:50 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-12-03 21:33:50 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-12-03 21:33:49 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-12-03 21:33:49 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-12-03 21:33:49 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-12-03 21:33:49 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-12-03 21:33:49 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-12-03 21:33:48 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-12-03 21:33:48 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-12-03 21:33:48 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-12-03 21:33:43 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-12-03 21:33:43 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-12-03 21:33:43 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-12-03 21:33:43 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-12-03 21:33:42 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-12-03 21:33:42 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-12-03 21:33:42 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-12-03 21:33:42 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-12-03 21:33:41 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-12-03 21:33:41 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-12-03 21:31:57 ----D---- C:\Program Files\Dragonfly
2008-12-03 21:28:13 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2008-12-03 21:28:09 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-03 20:56:46 ----D---- C:\Program Files\uTorrent
2008-12-03 20:56:42 ----D---- C:\Documents and Settings\jackpatan\Application Data\uTorrent
2008-12-03 20:52:57 ----D---- C:\SAVE
2008-12-03 20:51:18 ----D---- C:\Documents and Settings\jackpatan\Application Data\Yahoo!
2008-12-03 20:51:18 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-12-03 20:51:12 ----A---- C:\WINDOWS\system32\unrar.dll
2008-12-03 20:51:12 ----A---- C:\WINDOWS\avisplitter.ini
2008-12-03 20:51:11 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-12-03 20:51:11 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-12-03 20:51:10 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-12-03 20:51:10 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-12-03 20:51:10 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-12-03 20:51:10 ----A---- C:\WINDOWS\system32\divx.dll
2008-12-03 20:51:09 ----D---- C:\Program Files\K-Lite Codec Pack
2008-12-03 20:51:09 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-12-03 20:51:09 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-12-03 20:50:16 ----D---- C:\Program Files\Java
2008-12-03 20:50:15 ----D---- C:\Program Files\Common Files\Java
2008-12-03 20:48:05 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-12-03 20:47:35 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-03 20:47:30 ----D---- C:\Program Files\Common Files\Adobe
2008-12-03 20:47:30 ----D---- C:\Program Files\Adobe
2008-12-03 20:46:00 ----D---- C:\Program Files\Microsoft Works
2008-12-03 20:45:48 ----D---- C:\Program Files\Microsoft Visual Studio
2008-12-03 20:45:48 ----D---- C:\Program Files\Common Files\DESIGNER
2008-12-03 20:45:20 ----D---- C:\Program Files\Microsoft.NET
2008-12-03 20:43:49 ----D---- C:\WINDOWS\SHELLNEW
2008-12-03 20:43:30 ----D---- C:\Program Files\Microsoft Office
2008-12-03 20:43:29 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-03 20:43:13 ----RHD---- C:\MSOCache
2008-12-03 20:41:08 ----D---- C:\Program Files\WinRAR
2008-12-03 20:39:34 ----D---- C:\Documents and Settings\jackpatan\Application Data\AVG7
2008-12-03 20:39:26 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-12-03 20:39:26 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-12-03 20:39:17 ----D---- C:\Program Files\Grisoft
2008-12-03 20:39:17 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-12-03 20:39:17 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
2008-12-03 20:34:44 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-12-03 20:33:46 ----A---- C:\YServer.txt
2008-12-03 20:33:41 ----D---- C:\Program Files\Yahoo!
2008-12-03 20:23:42 ----D---- C:\Program Files\Garena
2008-12-03 20:15:10 ----D---- C:\Program Files\Webzen
2008-12-03 19:58:59 ----A---- C:\WINDOWS\War3Unin.exe
2008-12-03 19:58:12 ----D---- C:\Program Files\Warcraft III
2008-12-03 19:04:26 ----D---- C:\Documents and Settings\jackpatan\Application Data\Macromedia
2008-12-03 19:04:25 ----D---- C:\Documents and Settings\jackpatan\Application Data\Adobe
2008-12-03 18:56:28 ----A---- C:\WINDOWS\CD_Start.INI
2008-12-03 18:54:50 ----A---- C:\WINDOWS\system32\libmySQL.dll
2008-12-03 18:54:33 ----D---- C:\Program Files\Sierra On-Line
2008-12-03 18:54:33 ----A---- C:\WINDOWS\sierra.ini
2008-12-03 18:53:54 ----D---- C:\Sierra
2008-12-03 18:49:13 ----D---- C:\WINDOWS\system32\Lang
2008-12-03 18:48:04 ----A---- C:\WINDOWS\system32\ChCfg.exe
2008-12-03 18:48:00 ----D---- C:\WINDOWS\system32\RTCOM
2008-12-03 18:47:56 ----A---- C:\WINDOWS\SoundMan.exe
2008-12-03 18:47:56 ----A---- C:\WINDOWS\SkyTel.exe
2008-12-03 18:47:56 ----A---- C:\WINDOWS\RtlUpd.exe
2008-12-03 18:47:55 ----A---- C:\WINDOWS\RTLCPL.exe
2008-12-03 18:47:53 ----A---- C:\WINDOWS\RTHDCPL.exe
2008-12-03 18:47:53 ----A---- C:\WINDOWS\MicCal.exe
2008-12-03 18:47:53 ----A---- C:\WINDOWS\alcwzrd.exe
2008-12-03 18:47:53 ----A---- C:\WINDOWS\Alcmtr.exe
2008-12-03 18:47:51 ----A---- C:\WINDOWS\RtlExUpd.dll
2008-12-03 18:47:51 ----A---- C:\WINDOWS\HideWin.exe
2008-12-03 18:47:01 ----D---- C:\WINDOWS\OPTIONS
2008-12-03 18:47:01 ----D---- C:\Program Files\Realtek
2008-12-03 18:46:59 ----D---- C:\Documents and Settings\jackpatan\Application Data\InstallShield
2008-12-03 18:46:06 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-03 18:46:06 ----D---- C:\Program Files\Intel
2008-12-03 18:46:06 ----A---- C:\WINDOWS\system32\CSVer.dll
2008-12-03 18:46:03 ----D---- C:\Intel
2008-12-03 18:45:17 ----D---- C:\Documents and Settings\jackpatan\Application Data\ATI
2008-12-03 18:41:07 ----D---- C:\Program Files\Common Files\ATI Technologies
2008-12-03 18:39:42 ----RSD---- C:\WINDOWS\assembly
2008-12-03 18:39:27 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-03 18:38:50 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-03 18:38:41 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-12-03 18:38:18 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-12-03 18:38:09 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-12-03 18:38:08 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2008-12-03 18:37:33 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2008-12-03 18:37:31 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2008-12-03 18:37:28 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2008-12-03 18:37:18 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-03 18:37:10 ----D---- C:\Program Files\ATI Technologies
2008-12-03 18:37:05 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-03 18:36:49 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-03 18:32:43 ----D---- C:\Documents and Settings\jackpatan\Application Data\Identities
2008-12-03 18:32:42 ----HD---- C:\Program Files\Uninstall Information
2008-12-03 18:32:37 ----SD---- C:\Documents and Settings\jackpatan\Application Data\Microsoft
2008-12-03 18:32:37 ----ASH---- C:\Documents and Settings\jackpatan\Application Data\desktop.ini
2008-12-03 18:31:56 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-03 18:31:54 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-03 18:31:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-03 18:27:23 ----D---- C:\WINDOWS\system32\xircom
2008-12-03 18:27:23 ----D---- C:\Program Files\xerox
2008-12-03 18:27:23 ----D---- C:\Program Files\microsoft frontpage
2008-12-03 18:27:10 ----A---- C:\WINDOWS\control.ini
2008-12-03 18:27:10 ----A---- C:\AUTOEXEC.BAT
2008-12-03 18:27:02 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-03 18:26:59 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-12-03 18:26:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-03 18:26:22 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-03 18:26:22 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-12-03 18:26:18 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-03 18:26:14 ----HD---- C:\Program Files\WindowsUpdate
2008-12-03 18:26:00 ----D---- C:\WINDOWS\system32\DirectX
2008-12-03 18:25:46 ----A---- C:\WINDOWS\system32\atrace.dll
2008-12-03 18:25:44 ----A---- C:\WINDOWS\system32\desktop.ini
2008-12-03 18:25:44 ----A---- C:\WINDOWS\desktop.ini
2008-12-03 18:25:39 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-12-03 18:25:39 ----A---- C:\WINDOWS\system32\acctres.dll
2008-12-03 18:25:38 ----D---- C:\Program Files\Common Files\Services
2008-12-03 18:25:36 ----SD---- C:\WINDOWS\Tasks
2008-12-03 18:25:36 ----D---- C:\Program Files\Common Files\MSSoap
2008-12-03 18:25:36 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-12-03 18:25:33 ----D---- C:\WINDOWS\srchasst
2008-12-03 18:25:32 ----D---- C:\WINDOWS\system32\Macromed
2008-12-03 18:25:30 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-12-03 18:25:30 ----A---- C:\WINDOWS\system32\wups.dll
2008-12-03 18:25:30 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-12-03 18:25:30 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-12-03 18:25:30 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-12-03 18:25:30 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-12-03 18:25:29 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-12-03 18:25:29 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-12-03 18:25:29 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-12-03 18:25:29 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-12-03 18:25:29 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-12-03 18:25:29 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-12-03 18:25:29 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-12-03 18:25:26 ----D---- C:\Program Files\Movie Maker
2008-12-03 18:25:23 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-12-03 18:25:23 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-12-03 18:25:23 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-12-03 18:25:23 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-12-03 18:25:21 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-12-03 18:25:21 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-12-03 18:25:20 ----D---- C:\WINDOWS\system32\Restore
2008-12-03 18:25:20 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-12-03 18:25:20 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-12-03 18:25:20 ----A---- C:\WINDOWS\system32\srclient.dll
2008-12-03 18:25:20 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-12-03 18:25:20 ----A---- C:\WINDOWS\system32\ils.dll
2008-12-03 18:25:19 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-12-03 18:25:19 ----A---- C:\WINDOWS\system32\msconf.dll
2008-12-03 18:25:19 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-12-03 18:25:19 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-12-03 18:25:17 ----D---- C:\Program Files\NetMeeting
2008-12-03 18:25:17 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-12-03 18:25:17 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-12-03 18:25:16 ----A---- C:\WINDOWS\system32\inetres.dll
2008-12-03 18:25:16 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-12-03 18:25:15 ----D---- C:\Program Files\Outlook Express
2008-12-03 18:25:15 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-12-03 18:25:15 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-12-03 18:25:15 ----A---- C:\WINDOWS\system32\mstask.dll
2008-12-03 18:25:14 ----A---- C:\WINDOWS\system32\isign32.dll
2008-12-03 18:25:14 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-12-03 18:25:14 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-12-03 18:25:14 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-12-03 18:25:10 ----D---- C:\Program Files\Internet Explorer
2008-12-03 18:25:10 ----D---- C:\Program Files\Common Files\System
2008-12-03 18:24:45 ----D---- C:\Program Files\ComPlus Applications
2008-12-03 18:24:43 ----A---- C:\WINDOWS\vbaddin.ini
2008-12-03 18:24:43 ----A---- C:\WINDOWS\vb.ini
2008-12-03 18:24:39 ----D---- C:\WINDOWS\Registration
2008-12-03 18:24:34 ----D---- C:\Program Files\Online Services
2008-12-03 18:24:33 ----D---- C:\Program Files\Windows Media Player
2008-12-03 18:24:29 ----D---- C:\Program Files\Messenger
2008-12-03 18:24:26 ----D---- C:\Program Files\MSN Gaming Zone
2008-12-03 18:24:26 ----A---- C:\WINDOWS\system32\write.exe
2008-12-03 18:24:20 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-12-03 18:24:20 ----A---- C:\WINDOWS\system32\hticons.dll
2008-12-03 18:24:20 ----A---- C:\WINDOWS\system32\avwav.dll
2008-12-03 18:24:20 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-12-03 18:24:20 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-12-03 18:24:19 ----A---- C:\WINDOWS\system32\winchat.exe
2008-12-03 18:24:15 ----A---- C:\WINDOWS\system32\getuname.dll
2008-12-03 18:24:15 ----A---- C:\WINDOWS\system32\charmap.exe
2008-12-03 18:24:14 ----A---- C:\WINDOWS\system32\winmine.exe
2008-12-03 18:24:14 ----A---- C:\WINDOWS\system32\sol.exe
2008-12-03 18:24:14 ----A---- C:\WINDOWS\system32\reset.exe
2008-12-03 18:24:14 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-12-03 18:24:14 ----A---- C:\WINDOWS\system32\freecell.exe
2008-12-03 18:24:14 ----A---- C:\WINDOWS\system32\calc.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\tskill.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\tscon.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\shadow.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\regini.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\msg.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\logoff.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-12-03 18:24:12 ----A---- C:\WINDOWS\system32\stclient.dll
2008-12-03 18:24:12 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-12-03 18:24:12 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-12-03 18:24:12 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-12-03 18:24:12 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-12-03 18:24:12 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-12-03 18:24:12 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-12-03 18:24:11 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-12-03 18:24:08 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-12-03 18:23:54 ----D---- C:\Program Files\MSN
2008-12-03 18:23:53 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-12-03 18:23:53 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-12-03 18:23:52 ----D---- C:\Program Files\Windows NT
2008-12-03 18:23:52 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-12-03 18:23:52 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-12-03 18:23:52 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-12-03 18:23:51 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-12-03 18:23:51 ----A---- C:\WINDOWS\system32\spider.exe
2008-12-03 18:23:51 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-12-03 18:23:50 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-12-03 18:23:50 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-12-03 18:23:50 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-12-03 18:23:50 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-12-03 18:23:50 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-12-03 18:23:50 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-12-03 18:23:50 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-12-03 18:23:49 ----D---- C:\WINDOWS\system32\MsDtc
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-12-03 18:23:48 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-12-03 18:23:48 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-12-03 18:23:48 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-12-03 18:23:48 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-12-03 18:23:47 ----D---- C:\WINDOWS\system32\Com
2008-12-03 18:23:47 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-12-03 18:23:47 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-12-03 18:23:47 ----A---- C:\WINDOWS\system32\colbact.dll
2008-12-03 18:23:46 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-12-03 18:23:46 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-12-03 18:23:46 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-12-03 18:23:46 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-12-03 18:23:45 ----A---- C:\WINDOWS\system32\comuid.dll
2008-12-03 18:23:45 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-12-03 18:23:45 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-12-03 18:23:39 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-12-03 18:23:39 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-12-03 18:23:39 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-12-03 18:23:39 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2008-12-16 02:12:52 ----A---- C:\WINDOWS\system.ini
2008-12-13 14:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-03 18:27:09 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2008-12-03 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2008-12-03 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2008-12-03 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-12-06 10760]
R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2008-12-03 4960]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-10-29 3341824]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-29 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-16 4615168]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-07-20 2108952]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-07-20 2141848]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2007-07-19 41112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-07-19 1277464]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-10-29 585728]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2008-12-03 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2008-12-03 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2008-12-06 406528]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-06 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-10-18 79136]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-07-20 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-07-20 137752]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-10 602392]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-10-28 593920]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-07-20 141848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-06 138168]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-11-15 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:10 AM

Posted 24 December 2008 - 11:40 AM

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please click OTMoveIt3 and then click >> run.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
    C:\no.com
    F:\MS-DOS.com
    E:\MS-DOS.com
    E:\no.com
    C:\WINDOWS\system32\fool0.dll
    C:\WINDOWS\system32\ieso0.dll
    C:\WINDOWS\auto.vbs 
    C:\WINDOWS\system32\fool0.dll 
    C:\WINDOWS\system32\ieso0.dll 
    C:\WINDOWS\system32\kxvo.exe
    
    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea1cb76a-ce51-11dd-9b96-00e04da3033d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddd39079-c2be-11dd-9b5a-00e04da3033d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d28311c0-c998-11dd-9b7d-00e04da3033d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c86bada-ce44-11dd-9b95-00e04da3033d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bd8a819-cdd6-11dd-9b93-00e04da3033d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57bf7416-c9ce-11dd-9b80-00e04da3033d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{554760bc-cf0c-11dd-9b99-00e04da3033d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{554760bb-cf0c-11dd-9b99-00e04da3033d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23b63b27-c9ab-11dd-9b7e-00e04da3033d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e854cf0-c58e-11dd-9b64-00e04da3033d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14ac292e-ca7e-11dd-9b85-00e04da3033d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14ac292d-ca7e-11dd-9b85-00e04da3033d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{120364fb-cb5c-11dd-9b88-00e04da3033d}]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableRegistryTools"=0
    "DisableTaskMgr"=0
    
    
    
    
    :Commands
    [EmptyTemp]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



===============



Download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.



Also post a new log from RSIT.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 nayr1925

nayr1925
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 25 December 2008 - 09:35 AM

move it log.....


========== FILES ==========
C:\no.com moved successfully.
File/Folder F:\MS-DOS.com not found.
File/Folder E:\MS-DOS.com not found.
File/Folder E:\no.com not found.
File/Folder C:\WINDOWS\system32\fool0.dll not found.
File/Folder C:\WINDOWS\system32\ieso0.dll not found.
C:\WINDOWS\auto.vbs moved successfully.
File/Folder C:\WINDOWS\system32\fool0.dll not found.
File/Folder C:\WINDOWS\system32\ieso0.dll not found.
File/Folder C:\WINDOWS\system32\kxvo.exe not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea1cb76a-ce51-11dd-9b96-00e04da3033d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddd39079-c2be-11dd-9b5a-00e04da3033d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d28311c0-c998-11dd-9b7d-00e04da3033d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c86bada-ce44-11dd-9b95-00e04da3033d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bd8a819-cdd6-11dd-9b93-00e04da3033d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57bf7416-c9ce-11dd-9b80-00e04da3033d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{554760bc-cf0c-11dd-9b99-00e04da3033d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{554760bb-cf0c-11dd-9b99-00e04da3033d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23b63b27-c9ab-11dd-9b7e-00e04da3033d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e854cf0-c58e-11dd-9b64-00e04da3033d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14ac292e-ca7e-11dd-9b85-00e04da3033d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14ac292d-ca7e-11dd-9b85-00e04da3033d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{120364fb-cb5c-11dd-9b88-00e04da3033d}\\ deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\"DisableRegistryTools"|0 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\"DisableTaskMgr"|0 /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\JACKPA~1\LOCALS~1\Temp\JET6.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JACKPA~1\LOCALS~1\Temp\~DFB5B7.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_918.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12252008_222051




Rsit log

Logfile of random's system information tool 1.05 (written by random/random)
Run by jackpatan at 2008-12-25 22:34:33
Microsoft Windows XP Professional Service Pack 3
System drive C: has 90 GB (59%) free of 153 GB
Total RAM: 2047 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:36 PM, on 12/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logicool\Qcam\Qcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ServerGuard\ServerGuard.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\jackpatan\Desktop\RSIT.exe
C:\Program Files\trend micro\jackpatan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ati.amd.com/support/driver.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logicool\Qcam\Qcam.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [autoMe] wscript.exe "C:\WINDOWS\auto.vbs"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logicool Co., Ltd - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logicool Co., Ltd - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logicool Co., Ltd - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9908 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2008-11-21 911600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A263CF7-56A6-4D68-A8CF-345BE45BC911}]
Yahoo! IE Suggest - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll [2008-01-15 233472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-06 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-12-06 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-06 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-06 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2008-11-21 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2008-11-21 911600]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-12-06 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-16 16855552]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-10-11 1826816]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-12-06 590848]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-06 136600]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-07-25 562960]
"LogitechQuickCamRibbon"=C:\Program Files\Logicool\Qcam\Qcam.exe [2007-07-25 2026768]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"autoMe"=wscript.exe C:\WINDOWS\auto.vbs []
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-06-28 32768]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-10-18 455968]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-16 342848]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2008-12-03 270128]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

C:\Documents and Settings\jackpatan\Start Menu\Programs\Startup
FrostWire On Startup.lnk - C:\Program Files\FrostWire\FrostWire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-10-29 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDrives"=0
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{359e9618-ce76-11dd-9b97-00e04da3033d}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72447fe5-c6c1-11dd-9b6c-00e04da3033d}]
shell\AutoRun\command - wscript.exe auto.vbs
shell\Open\command - wscript.exe auto.vbs


======File associations======

.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2008-12-25 22:20:51 ----D---- C:\_OTMoveIt
2008-12-23 12:54:45 ----D---- C:\Documents and Settings\jackpatan\Application Data\Malwarebytes
2008-12-23 12:54:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-23 12:54:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-21 23:59:38 ----D---- C:\Program Files\Chuzzle Deluxe
2008-12-21 22:35:51 ----DC---- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-12-21 22:32:25 ----D---- C:\a921f54a453777f90f9e
2008-12-21 22:07:11 ----RHD---- C:\AHCache
2008-12-21 19:30:44 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-12-21 19:30:37 ----D---- C:\Program Files\Yahoo! Games
2008-12-21 03:00:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-21 03:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-20 23:11:47 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2008-12-20 19:05:41 ----D---- C:\Program Files\trend micro
2008-12-20 19:05:40 ----D---- C:\rsit
2008-12-20 11:50:10 ----D---- C:\WINDOWS\Prefetch
2008-12-20 11:47:38 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-20 11:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-20 11:47:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-20 11:47:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-20 11:47:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-20 11:47:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-20 11:47:11 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-20 11:47:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-20 11:47:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-20 11:46:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-20 11:46:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-20 11:46:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-20 11:46:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-20 11:46:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-20 11:46:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-20 11:46:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-20 11:46:30 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-20 11:46:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-20 11:43:45 ----D---- C:\WINDOWS\system32\scripting
2008-12-20 11:43:45 ----D---- C:\WINDOWS\l2schemas
2008-12-20 11:43:44 ----D---- C:\WINDOWS\system32\en
2008-12-20 11:43:44 ----D---- C:\WINDOWS\system32\bits
2008-12-20 11:42:01 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-20 11:40:06 ----D---- C:\WINDOWS\network diagnostic
2008-12-20 11:36:51 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-20 11:31:11 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-20 11:31:03 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-12-20 02:26:27 ----D---- C:\Documents and Settings\All Users\Application Data\PopCap
2008-12-18 03:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-12-18 03:03:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-12-18 03:03:30 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-12-18 03:03:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-12-18 03:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2008-12-18 03:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-18 03:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-18 03:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-18 03:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-12-18 03:02:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-12-18 03:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-12-18 03:02:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-12-18 03:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-12-18 03:02:10 ----D---- C:\Program Files\MSXML 6.0
2008-12-18 03:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2008-12-18 03:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-12-18 03:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-12-18 03:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-12-18 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-12-18 03:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-12-18 03:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-12-18 03:01:07 ----D---- C:\WINDOWS\ie7updates
2008-12-18 03:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-12-18 03:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2008-12-18 03:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-12-18 03:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-12-18 03:00:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2008-12-18 03:00:38 ----D---- C:\Program Files\MSXML 4.0
2008-12-17 18:14:22 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-17 18:14:20 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-17 17:34:48 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-17 17:21:50 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-17 14:45:43 ----RHD---- C:\Documents and Settings\jackpatan\Application Data\SecuROM
2008-12-17 14:45:43 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-12-17 14:37:45 ----D---- C:\Program Files\EA SPORTS
2008-12-16 13:40:26 ----SHD---- C:\RECYCLER
2008-12-16 02:13:19 ----A---- C:\ComboFix.txt
2008-12-16 02:10:09 ----D---- C:\ComboFix
2008-12-15 14:41:23 ----A---- C:\Boot.bak
2008-12-15 14:41:19 ----RASHD---- C:\cmdcons
2008-12-15 14:38:55 ----A---- C:\WINDOWS\zip.exe
2008-12-15 14:38:55 ----A---- C:\WINDOWS\VFIND.exe
2008-12-15 14:38:55 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-15 14:38:55 ----A---- C:\WINDOWS\SWSC.exe
2008-12-15 14:38:55 ----A---- C:\WINDOWS\SWREG.exe
2008-12-15 14:38:55 ----A---- C:\WINDOWS\sed.exe
2008-12-15 14:38:55 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-15 14:38:55 ----A---- C:\WINDOWS\grep.exe
2008-12-15 14:38:55 ----A---- C:\WINDOWS\fdsv.exe
2008-12-15 14:38:51 ----D---- C:\WINDOWS\ERDNT
2008-12-15 14:38:51 ----AD---- C:\Qoobox
2008-12-15 12:40:38 ----D---- C:\Documents and Settings\jackpatan\Application Data\2K Sports
2008-12-15 12:26:50 ----D---- C:\Program Files\NBA 2K9
2008-12-14 22:32:51 ----D---- C:\Level Up! Games
2008-12-14 22:28:04 ----D---- C:\Program Files\XoftSpySE
2008-12-14 21:05:58 ----D---- C:\Program Files\MSBuild
2008-12-14 21:03:49 ----D---- C:\WINDOWS\system32\XPSViewer
2008-12-14 21:03:18 ----D---- C:\Program Files\Reference Assemblies
2008-12-14 21:02:59 ----N---- C:\WINDOWS\system32\spmsg2.dll
2008-12-14 21:02:39 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2008-12-14 18:16:58 ----D---- C:\Program Files\Canon
2008-12-14 17:54:53 ----D---- C:\Program Files\YouTube Downloader
2008-12-11 22:33:42 ----HD---- C:\WINDOWS\msdownld.tmp
2008-12-11 22:33:34 ----D---- C:\WINDOWS\WBEM
2008-12-11 22:33:34 ----D---- C:\WINDOWS\system32\en-US
2008-12-11 22:32:26 ----HDC---- C:\WINDOWS\ie7
2008-12-11 22:32:13 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-12-11 22:31:58 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-12-11 22:31:30 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-12-11 22:31:26 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-12-11 00:43:28 ----D---- C:\Documents and Settings\jackpatan\Application Data\Canon
2008-12-10 19:49:25 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-10 19:36:07 ----A---- C:\WINDOWS\CSTBox.INI
2008-12-10 19:27:54 ----HD---- C:\CanoScan
2008-12-10 19:27:54 ----A---- C:\WINDOWS\system32\UCS32P.DLL
2008-12-10 19:27:54 ----A---- C:\WINDOWS\system32\CNQU71.DLL
2008-12-10 19:27:54 ----A---- C:\WINDOWS\system32\CNQL1208.dll
2008-12-10 12:28:02 ----D---- C:\Documents and Settings\jackpatan\Application Data\CyberLink
2008-12-10 12:20:09 ----D---- C:\MyWorks
2008-12-10 12:20:02 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-12-10 12:19:48 ----D---- C:\Program Files\CyberLink
2008-12-09 08:41:19 ----RHD---- C:\$VAULT$.AVG
2008-12-08 21:17:35 ----D---- C:\Documents and Settings\jackpatan\Application Data\LimeWire
2008-12-08 21:17:14 ----D---- C:\Program Files\LimeWire
2008-12-08 20:17:04 ----A---- C:\WINDOWS\system32\ptpusb.dll
2008-12-08 20:17:03 ----A---- C:\WINDOWS\system32\ptpusd.dll
2008-12-08 09:10:55 ----D---- C:\WINDOWS\Sun
2008-12-06 22:49:01 ----HD---- C:\BJPrinter
2008-12-06 22:45:30 ----A---- C:\WINDOWS\system32\CNMVS4e.DLL
2008-12-06 22:45:30 ----A---- C:\WINDOWS\system32\CNMLM4e.DLL
2008-12-06 22:45:29 ----RA---- C:\WINDOWS\system32\CNMCP4e.exe
2008-12-06 17:43:03 ----D---- C:\Documents and Settings\jackpatan\Application Data\Google
2008-12-06 17:20:48 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-06 17:20:45 ----D---- C:\Program Files\Google
2008-12-06 13:29:22 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-12-06 11:51:32 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-06 11:51:32 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-06 11:51:32 ----A---- C:\WINDOWS\system32\java.exe
2008-12-06 11:51:32 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-06 01:20:10 ----D---- C:\Documents and Settings\jackpatan\Application Data\U3
2008-12-06 00:49:24 ----D---- C:\Ntreev
2008-12-05 23:27:27 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-05 22:15:54 ----D---- C:\Documents and Settings\jackpatan\Application Data\FrostWire
2008-12-05 21:37:39 ----D---- C:\Program Files\DNA
2008-12-05 21:37:39 ----D---- C:\Documents and Settings\jackpatan\Application Data\DNA
2008-12-05 21:25:47 ----D---- C:\Documents and Settings\jackpatan\Application Data\Sun
2008-12-05 21:10:41 ----D---- C:\Documents and Settings\jackpatan\Application Data\Apple Computer
2008-12-05 21:10:37 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-12-05 21:10:23 ----D---- C:\Program Files\iPod
2008-12-05 21:10:21 ----D---- C:\Program Files\iTunes
2008-12-05 21:10:21 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-05 21:10:10 ----D---- C:\Program Files\Bonjour
2008-12-05 21:09:49 ----D---- C:\Program Files\QuickTime
2008-12-05 21:09:49 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-12-05 21:09:41 ----D---- C:\Program Files\Apple Software Update
2008-12-05 21:09:06 ----D---- C:\Program Files\Common Files\Apple
2008-12-05 21:09:06 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-12-05 19:22:03 ----A---- C:\WINDOWS\ODBC.INI
2008-12-05 19:21:53 ----D---- C:\Program Files\ServerGuard
2008-12-05 19:21:32 ----N---- C:\WINDOWS\Setup1.exe
2008-12-05 19:21:31 ----A---- C:\WINDOWS\ST6UNST.EXE
2008-12-05 17:16:04 ----D---- C:\Documents and Settings\jackpatan\Application Data\Nero
2008-12-05 17:16:04 ----D---- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-12-05 17:13:12 ----D---- C:\Program Files\Common Files\LightScribe
2008-12-05 17:07:57 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2008-12-05 17:06:30 ----D---- C:\Program Files\Nero
2008-12-05 17:06:30 ----D---- C:\Program Files\Common Files\Nero
2008-12-05 17:06:30 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-12-05 17:01:26 ----D---- C:\WINDOWS\RegisteredPackages
2008-12-05 16:18:23 ----HDC---- C:\WINDOWS\$NtUninstallKB916089$
2008-12-05 15:22:22 ----RA---- C:\WINDOWS\system32\LVUI2RC.dll
2008-12-05 15:22:22 ----RA---- C:\WINDOWS\system32\LVUI2.dll
2008-12-05 15:22:22 ----RA---- C:\WINDOWS\system32\lvcoinst.ini
2008-12-05 15:22:22 ----RA---- C:\WINDOWS\system32\lvcodec2.dll
2008-12-05 15:22:22 ----RA---- C:\WINDOWS\system32\lvci1110.dll
2008-12-05 15:22:22 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-12-05 15:14:33 ----D---- C:\Documents and Settings\All Users\Application Data\Logicool
2008-12-05 15:14:31 ----D---- C:\Program Files\Logicool
2008-12-05 15:14:31 ----D---- C:\Program Files\Common Files\LogiShrd
2008-12-05 15:14:00 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-12-04 02:22:53 ----A---- C:\WINDOWS\system32\h323log.txt
2008-12-04 02:19:22 ----A---- C:\WINDOWS\system32\usbui.dll
2008-12-04 02:18:32 ----A---- C:\WINDOWS\imsins.BAK
2008-12-04 02:18:30 ----SHD---- C:\WINDOWS\Installer
2008-12-04 02:18:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-04 02:18:29 ----D---- C:\Program Files\Common Files\ODBC
2008-12-04 02:18:29 ----A---- C:\WINDOWS\ODBCINST.INI
2008-12-04 02:18:26 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-12-04 02:18:25 ----RD---- C:\Program Files
2008-12-04 02:18:25 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-04 02:18:25 ----D---- C:\Program Files\Common Files
2008-12-04 02:18:23 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-12-04 02:18:23 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-12-04 02:18:23 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-12-04 02:18:21 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-12-04 02:18:19 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-12-04 02:18:19 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-12-04 02:18:19 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-12-04 02:18:19 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-12-04 02:18:19 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-12-04 02:18:19 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-12-04 02:18:19 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-12-04 02:18:17 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-12-04 02:18:17 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-12-04 02:18:17 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-12-04 02:18:17 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-12-04 02:18:17 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-12-04 02:18:15 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-12-04 02:18:13 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-12-04 02:18:13 ----A---- C:\WINDOWS\system32\irclass.dll
2008-12-04 02:18:13 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-12-04 02:18:13 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-12-04 02:18:13 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-12-04 02:18:11 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-12-04 02:18:10 ----A---- C:\WINDOWS\system32\batt.dll
2008-12-04 02:18:10 ----A---- C:\WINDOWS\notepad.exe
2008-12-04 02:18:09 ----A---- C:\WINDOWS\system32\storprop.dll
2008-12-04 02:18:03 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-12-04 02:17:51 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-04 02:17:51 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-04 02:17:46 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-04 02:17:25 ----A---- C:\WINDOWS\setuplog.txt
2008-12-04 02:17:23 ----SHD---- C:\System Volume Information
2008-12-04 02:17:23 ----D---- C:\Documents and Settings
2008-12-04 02:16:20 ----RASH---- C:\boot.ini
2008-12-04 02:11:21 ----SHDC---- C:\WINDOWS\system32\dllcache
2008-12-04 02:11:21 ----RSD---- C:\WINDOWS\Fonts
2008-12-04 02:11:21 ----RD---- C:\WINDOWS\Web
2008-12-04 02:11:21 ----HD---- C:\WINDOWS\inf
2008-12-04 02:11:21 ----D---- C:\WINDOWS\WinSxS
2008-12-04 02:11:21 ----D---- C:\WINDOWS\twain_32
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Temp
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\wins
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\wbem
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\usmt
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\spool
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\ShellExt
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\Setup
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\ras
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\oobe
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\npp
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\mui
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\IME
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\icsxml
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\ias
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\export
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\drivers
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\dhcp
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\config
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\3com_dmi
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\3076
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\2052
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\1054
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\1042
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\1041
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\1037
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\1033
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\1031
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\1028
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32\1025
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system32
2008-12-04 02:11:21 ----D---- C:\WINDOWS\system
2008-12-04 02:11:21 ----D---- C:\WINDOWS\security
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Resources
2008-12-04 02:11:21 ----D---- C:\WINDOWS\repair
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Provisioning
2008-12-04 02:11:21 ----D---- C:\WINDOWS\PeerNet
2008-12-04 02:11:21 ----D---- C:\WINDOWS\pchealth
2008-12-04 02:11:21 ----D---- C:\WINDOWS\mui
2008-12-04 02:11:21 ----D---- C:\WINDOWS\msapps
2008-12-04 02:11:21 ----D---- C:\WINDOWS\msagent
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Media
2008-12-04 02:11:21 ----D---- C:\WINDOWS\java
2008-12-04 02:11:21 ----D---- C:\WINDOWS\ime
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Help
2008-12-04 02:11:21 ----D---- C:\WINDOWS\ehome
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Driver Cache
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Debug
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Cursors
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Connection Wizard
2008-12-04 02:11:21 ----D---- C:\WINDOWS\Config
2008-12-04 02:11:21 ----D---- C:\WINDOWS\AppPatch
2008-12-04 02:11:21 ----D---- C:\WINDOWS\addins
2008-12-04 02:11:21 ----D---- C:\WINDOWS
2008-12-03 22:57:27 ----D---- C:\WINDOWS\Minidump
2008-12-03 22:30:59 ----D---- C:\Program Files\MYGAME Launcher
2008-12-03 22:05:29 ----D---- C:\Program Files\Common Files\INCA Shared
2008-12-03 21:41:18 ----D---- C:\Program Files\e-Games
2008-12-03 21:39:18 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2008-12-03 21:37:48 ----A---- C:\WINDOWS\IsUninst.exe
2008-12-03 21:34:15 ----D---- C:\ATI
2008-12-03 21:33:55 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-12-03 21:33:55 ----A---- C:\WINDOWS\system32\x3daudio1_2.dll
2008-12-03 21:33:54 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-12-03 21:33:54 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-12-03 21:33:54 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-12-03 21:33:53 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-12-03 21:33:53 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-12-03 21:33:52 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-12-03 21:33:52 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-12-03 21:33:51 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-12-03 21:33:50 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-12-03 21:33:50 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-12-03 21:33:50 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-12-03 21:33:49 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-12-03 21:33:49 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-12-03 21:33:49 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-12-03 21:33:49 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-12-03 21:33:49 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-12-03 21:33:48 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-12-03 21:33:48 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-12-03 21:33:48 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-12-03 21:33:43 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-12-03 21:33:43 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-12-03 21:33:43 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-12-03 21:33:43 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-12-03 21:33:42 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-12-03 21:33:42 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-12-03 21:33:42 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-12-03 21:33:42 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-12-03 21:33:41 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-12-03 21:33:41 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-12-03 21:31:57 ----D---- C:\Program Files\Dragonfly
2008-12-03 21:28:13 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2008-12-03 21:28:09 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-03 20:56:46 ----D---- C:\Program Files\uTorrent
2008-12-03 20:56:42 ----D---- C:\Documents and Settings\jackpatan\Application Data\uTorrent
2008-12-03 20:52:57 ----D---- C:\SAVE
2008-12-03 20:51:18 ----D---- C:\Documents and Settings\jackpatan\Application Data\Yahoo!
2008-12-03 20:51:18 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-12-03 20:51:12 ----A---- C:\WINDOWS\system32\unrar.dll
2008-12-03 20:51:12 ----A---- C:\WINDOWS\avisplitter.ini
2008-12-03 20:51:11 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-12-03 20:51:11 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-12-03 20:51:10 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-12-03 20:51:10 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-12-03 20:51:10 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-12-03 20:51:10 ----A---- C:\WINDOWS\system32\divx.dll
2008-12-03 20:51:09 ----D---- C:\Program Files\K-Lite Codec Pack
2008-12-03 20:51:09 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-12-03 20:51:09 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-12-03 20:50:16 ----D---- C:\Program Files\Java
2008-12-03 20:50:15 ----D---- C:\Program Files\Common Files\Java
2008-12-03 20:48:05 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-12-03 20:47:35 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-03 20:47:30 ----D---- C:\Program Files\Common Files\Adobe
2008-12-03 20:47:30 ----D---- C:\Program Files\Adobe
2008-12-03 20:46:00 ----D---- C:\Program Files\Microsoft Works
2008-12-03 20:45:48 ----D---- C:\Program Files\Microsoft Visual Studio
2008-12-03 20:45:48 ----D---- C:\Program Files\Common Files\DESIGNER
2008-12-03 20:45:20 ----D---- C:\Program Files\Microsoft.NET
2008-12-03 20:43:49 ----D---- C:\WINDOWS\SHELLNEW
2008-12-03 20:43:30 ----D---- C:\Program Files\Microsoft Office
2008-12-03 20:43:29 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-03 20:43:13 ----RHD---- C:\MSOCache
2008-12-03 20:41:08 ----D---- C:\Program Files\WinRAR
2008-12-03 20:39:34 ----D---- C:\Documents and Settings\jackpatan\Application Data\AVG7
2008-12-03 20:39:26 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-12-03 20:39:26 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-12-03 20:39:17 ----D---- C:\Program Files\Grisoft
2008-12-03 20:39:17 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-12-03 20:39:17 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
2008-12-03 20:34:44 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-12-03 20:33:46 ----A---- C:\YServer.txt
2008-12-03 20:33:41 ----D---- C:\Program Files\Yahoo!
2008-12-03 20:23:42 ----D---- C:\Program Files\Garena
2008-12-03 20:15:10 ----D---- C:\Program Files\Webzen
2008-12-03 19:58:59 ----A---- C:\WINDOWS\War3Unin.exe
2008-12-03 19:58:12 ----D---- C:\Program Files\Warcraft III
2008-12-03 19:04:26 ----D---- C:\Documents and Settings\jackpatan\Application Data\Macromedia
2008-12-03 19:04:25 ----D---- C:\Documents and Settings\jackpatan\Application Data\Adobe
2008-12-03 18:56:28 ----A---- C:\WINDOWS\CD_Start.INI
2008-12-03 18:54:50 ----A---- C:\WINDOWS\system32\libmySQL.dll
2008-12-03 18:54:33 ----D---- C:\Program Files\Sierra On-Line
2008-12-03 18:54:33 ----A---- C:\WINDOWS\sierra.ini
2008-12-03 18:53:54 ----D---- C:\Sierra
2008-12-03 18:49:13 ----D---- C:\WINDOWS\system32\Lang
2008-12-03 18:48:04 ----A---- C:\WINDOWS\system32\ChCfg.exe
2008-12-03 18:48:00 ----D---- C:\WINDOWS\system32\RTCOM
2008-12-03 18:47:56 ----A---- C:\WINDOWS\SoundMan.exe
2008-12-03 18:47:56 ----A---- C:\WINDOWS\SkyTel.exe
2008-12-03 18:47:56 ----A---- C:\WINDOWS\RtlUpd.exe
2008-12-03 18:47:55 ----A---- C:\WINDOWS\RTLCPL.exe
2008-12-03 18:47:53 ----A---- C:\WINDOWS\RTHDCPL.exe
2008-12-03 18:47:53 ----A---- C:\WINDOWS\MicCal.exe
2008-12-03 18:47:53 ----A---- C:\WINDOWS\alcwzrd.exe
2008-12-03 18:47:53 ----A---- C:\WINDOWS\Alcmtr.exe
2008-12-03 18:47:51 ----A---- C:\WINDOWS\RtlExUpd.dll
2008-12-03 18:47:51 ----A---- C:\WINDOWS\HideWin.exe
2008-12-03 18:47:01 ----D---- C:\WINDOWS\OPTIONS
2008-12-03 18:47:01 ----D---- C:\Program Files\Realtek
2008-12-03 18:46:59 ----D---- C:\Documents and Settings\jackpatan\Application Data\InstallShield
2008-12-03 18:46:06 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-03 18:46:06 ----D---- C:\Program Files\Intel
2008-12-03 18:46:06 ----A---- C:\WINDOWS\system32\CSVer.dll
2008-12-03 18:46:03 ----D---- C:\Intel
2008-12-03 18:45:17 ----D---- C:\Documents and Settings\jackpatan\Application Data\ATI
2008-12-03 18:41:07 ----D---- C:\Program Files\Common Files\ATI Technologies
2008-12-03 18:39:42 ----RSD---- C:\WINDOWS\assembly
2008-12-03 18:39:27 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-03 18:38:50 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-03 18:38:41 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-12-03 18:38:18 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-12-03 18:38:09 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-12-03 18:38:08 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2008-12-03 18:37:33 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2008-12-03 18:37:31 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2008-12-03 18:37:28 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2008-12-03 18:37:18 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-03 18:37:10 ----D---- C:\Program Files\ATI Technologies
2008-12-03 18:37:05 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-03 18:36:49 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-03 18:32:43 ----D---- C:\Documents and Settings\jackpatan\Application Data\Identities
2008-12-03 18:32:42 ----HD---- C:\Program Files\Uninstall Information
2008-12-03 18:32:37 ----SD---- C:\Documents and Settings\jackpatan\Application Data\Microsoft
2008-12-03 18:32:37 ----ASH---- C:\Documents and Settings\jackpatan\Application Data\desktop.ini
2008-12-03 18:31:56 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-03 18:31:54 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-03 18:31:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-03 18:27:23 ----D---- C:\WINDOWS\system32\xircom
2008-12-03 18:27:23 ----D---- C:\Program Files\xerox
2008-12-03 18:27:23 ----D---- C:\Program Files\microsoft frontpage
2008-12-03 18:27:10 ----A---- C:\WINDOWS\control.ini
2008-12-03 18:27:10 ----A---- C:\AUTOEXEC.BAT
2008-12-03 18:27:02 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-03 18:26:59 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-12-03 18:26:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-03 18:26:22 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-03 18:26:22 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-12-03 18:26:18 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-03 18:26:14 ----HD---- C:\Program Files\WindowsUpdate
2008-12-03 18:26:00 ----D---- C:\WINDOWS\system32\DirectX
2008-12-03 18:25:46 ----A---- C:\WINDOWS\system32\atrace.dll
2008-12-03 18:25:44 ----A---- C:\WINDOWS\system32\desktop.ini
2008-12-03 18:25:44 ----A---- C:\WINDOWS\desktop.ini
2008-12-03 18:25:39 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-12-03 18:25:39 ----A---- C:\WINDOWS\system32\acctres.dll
2008-12-03 18:25:38 ----D---- C:\Program Files\Common Files\Services
2008-12-03 18:25:36 ----SD---- C:\WINDOWS\Tasks
2008-12-03 18:25:36 ----D---- C:\Program Files\Common Files\MSSoap
2008-12-03 18:25:36 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-12-03 18:25:33 ----D---- C:\WINDOWS\srchasst
2008-12-03 18:25:32 ----D---- C:\WINDOWS\system32\Macromed
2008-12-03 18:25:30 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-12-03 18:25:30 ----A---- C:\WINDOWS\system32\wups.dll
2008-12-03 18:25:30 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-12-03 18:25:30 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-12-03 18:25:30 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-12-03 18:25:30 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-12-03 18:25:29 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-12-03 18:25:29 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-12-03 18:25:29 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-12-03 18:25:29 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-12-03 18:25:29 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-12-03 18:25:29 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-12-03 18:25:29 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-12-03 18:25:26 ----D---- C:\Program Files\Movie Maker
2008-12-03 18:25:23 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-12-03 18:25:23 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-12-03 18:25:23 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-12-03 18:25:23 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-12-03 18:25:21 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-12-03 18:25:21 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-12-03 18:25:20 ----D---- C:\WINDOWS\system32\Restore
2008-12-03 18:25:20 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-12-03 18:25:20 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-12-03 18:25:20 ----A---- C:\WINDOWS\system32\srclient.dll
2008-12-03 18:25:20 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-12-03 18:25:20 ----A---- C:\WINDOWS\system32\ils.dll
2008-12-03 18:25:19 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-12-03 18:25:19 ----A---- C:\WINDOWS\system32\msconf.dll
2008-12-03 18:25:19 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-12-03 18:25:19 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-12-03 18:25:17 ----D---- C:\Program Files\NetMeeting
2008-12-03 18:25:17 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-12-03 18:25:17 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-12-03 18:25:16 ----A---- C:\WINDOWS\system32\inetres.dll
2008-12-03 18:25:16 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-12-03 18:25:15 ----D---- C:\Program Files\Outlook Express
2008-12-03 18:25:15 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-12-03 18:25:15 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-12-03 18:25:15 ----A---- C:\WINDOWS\system32\mstask.dll
2008-12-03 18:25:14 ----A---- C:\WINDOWS\system32\isign32.dll
2008-12-03 18:25:14 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-12-03 18:25:14 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-12-03 18:25:14 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-12-03 18:25:10 ----D---- C:\Program Files\Internet Explorer
2008-12-03 18:25:10 ----D---- C:\Program Files\Common Files\System
2008-12-03 18:24:45 ----D---- C:\Program Files\ComPlus Applications
2008-12-03 18:24:43 ----A---- C:\WINDOWS\vbaddin.ini
2008-12-03 18:24:43 ----A---- C:\WINDOWS\vb.ini
2008-12-03 18:24:39 ----D---- C:\WINDOWS\Registration
2008-12-03 18:24:34 ----D---- C:\Program Files\Online Services
2008-12-03 18:24:33 ----D---- C:\Program Files\Windows Media Player
2008-12-03 18:24:29 ----D---- C:\Program Files\Messenger
2008-12-03 18:24:26 ----D---- C:\Program Files\MSN Gaming Zone
2008-12-03 18:24:26 ----A---- C:\WINDOWS\system32\write.exe
2008-12-03 18:24:20 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-12-03 18:24:20 ----A---- C:\WINDOWS\system32\hticons.dll
2008-12-03 18:24:20 ----A---- C:\WINDOWS\system32\avwav.dll
2008-12-03 18:24:20 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-12-03 18:24:20 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-12-03 18:24:19 ----A---- C:\WINDOWS\system32\winchat.exe
2008-12-03 18:24:15 ----A---- C:\WINDOWS\system32\getuname.dll
2008-12-03 18:24:15 ----A---- C:\WINDOWS\system32\charmap.exe
2008-12-03 18:24:14 ----A---- C:\WINDOWS\system32\winmine.exe
2008-12-03 18:24:14 ----A---- C:\WINDOWS\system32\sol.exe
2008-12-03 18:24:14 ----A---- C:\WINDOWS\system32\reset.exe
2008-12-03 18:24:14 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-12-03 18:24:14 ----A---- C:\WINDOWS\system32\freecell.exe
2008-12-03 18:24:14 ----A---- C:\WINDOWS\system32\calc.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\tskill.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\tscon.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\shadow.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\regini.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\msg.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\logoff.exe
2008-12-03 18:24:13 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-12-03 18:24:12 ----A---- C:\WINDOWS\system32\stclient.dll
2008-12-03 18:24:12 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-12-03 18:24:12 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-12-03 18:24:12 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-12-03 18:24:12 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-12-03 18:24:12 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-12-03 18:24:12 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-12-03 18:24:11 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-12-03 18:24:08 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-12-03 18:23:54 ----D---- C:\Program Files\MSN
2008-12-03 18:23:53 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-12-03 18:23:53 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-12-03 18:23:52 ----D---- C:\Program Files\Windows NT
2008-12-03 18:23:52 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-12-03 18:23:52 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-12-03 18:23:52 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-12-03 18:23:51 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-12-03 18:23:51 ----A---- C:\WINDOWS\system32\spider.exe
2008-12-03 18:23:51 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-12-03 18:23:50 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-12-03 18:23:50 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-12-03 18:23:50 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-12-03 18:23:50 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-12-03 18:23:50 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-12-03 18:23:50 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-12-03 18:23:50 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-12-03 18:23:49 ----D---- C:\WINDOWS\system32\MsDtc
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-12-03 18:23:49 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-12-03 18:23:48 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-12-03 18:23:48 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-12-03 18:23:48 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-12-03 18:23:48 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-12-03 18:23:47 ----D---- C:\WINDOWS\system32\Com
2008-12-03 18:23:47 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-12-03 18:23:47 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-12-03 18:23:47 ----A---- C:\WINDOWS\system32\colbact.dll
2008-12-03 18:23:46 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-12-03 18:23:46 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-12-03 18:23:46 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-12-03 18:23:46 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-12-03 18:23:45 ----A---- C:\WINDOWS\system32\comuid.dll
2008-12-03 18:23:45 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-12-03 18:23:45 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-12-03 18:23:39 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-12-03 18:23:39 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-12-03 18:23:39 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-12-03 18:23:39 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2008-12-16 02:12:52 ----A---- C:\WINDOWS\system.ini
2008-12-13 14:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-03 18:27:09 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2008-12-03 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2008-12-03 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2008-12-03 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-12-06 10760]
R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2008-12-03 4960]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-10-29 3341824]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-29 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-16 4615168]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-07-20 2108952]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-07-20 2141848]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2007-07-19 41112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-07-19 1277464]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-10-29 585728]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2008-12-03 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2008-12-03 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2008-12-06 406528]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-06 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-10-18 79136]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-07-20 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-07-20 137752]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-10 602392]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-10-28 593920]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-07-20 141848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-06 138168]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-11-15 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:10 AM

Posted 25 December 2008 - 07:08 PM

Copy the text below into OTMoveit3 and click MoveIt just like you did previously.

:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72447fe5-c6c1-11dd-9b6c-00e04da3033d}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"autoMe"=-

:Commands
[EmptyTemp]
[Reboot]



Please run a new scan with Kaspersky and post the resulting log.
How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 nayr1925

nayr1925
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 26 December 2008 - 09:56 AM

hi..well just now, after running move it, the pc hung right after the reboot. i had to restart the unit. it is still processing a bit slow also. the task manager thanks to you has been restored.anyway.. i have 2 logs for move it..the first was this morning's when i was initialy planning to reply.. but then failed to do so.

========== FILES ==========
C:\no.com moved successfully.
File/Folder F:\MS-DOS.com not found.
File/Folder E:\MS-DOS.com not found.
File/Folder E:\no.com not found.
File/Folder C:\WINDOWS\system32\fool0.dll not found.
File/Folder C:\WINDOWS\system32\ieso0.dll not found.
C:\WINDOWS\auto.vbs moved successfully.
File/Folder C:\WINDOWS\system32\fool0.dll not found.
File/Folder C:\WINDOWS\system32\ieso0.dll not found.
File/Folder C:\WINDOWS\system32\kxvo.exe not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea1cb76a-ce51-11dd-9b96-00e04da3033d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddd39079-c2be-11dd-9b5a-00e04da3033d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d28311c0-c998-11dd-9b7d-00e04da3033d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c86bada-ce44-11dd-9b95-00e04da3033d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bd8a819-cdd6-11dd-9b93-00e04da3033d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57bf7416-c9ce-11dd-9b80-00e04da3033d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{554760bc-cf0c-11dd-9b99-00e04da3033d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{554760bb-cf0c-11dd-9b99-00e04da3033d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23b63b27-c9ab-11dd-9b7e-00e04da3033d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e854cf0-c58e-11dd-9b64-00e04da3033d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14ac292e-ca7e-11dd-9b85-00e04da3033d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14ac292d-ca7e-11dd-9b85-00e04da3033d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{120364fb-cb5c-11dd-9b88-00e04da3033d}\\ deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\"DisableRegistryTools"|0 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\"DisableTaskMgr"|0 /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\JACKPA~1\LOCALS~1\Temp\JET6.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JACKPA~1\LOCALS~1\Temp\~DFB5B7.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_918.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12252008_222051

Files moved on Reboot...
File C:\DOCUME~1\JACKPA~1\LOCALS~1\Temp\JET6.tmp not found!
C:\DOCUME~1\JACKPA~1\LOCALS~1\Temp\~DFB5B7.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_918.dat not found!




========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72447fe5-c6c1-11dd-9b6c-00e04da3033d}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\autoMe deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\JACKPA~1\LOCALS~1\Temp\JET1.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JACKPA~1\LOCALS~1\Temp\~DF123E.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1cc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12262008_223619

Files moved on Reboot...
File C:\DOCUME~1\JACKPA~1\LOCALS~1\Temp\JET1.tmp not found!
C:\DOCUME~1\JACKPA~1\LOCALS~1\Temp\~DF123E.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_1cc.dat not found!



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, December 26, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, December 26, 2008 05:06:28
Records in database: 1516111
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 85630
Threat name: 8
Infected objects: 20
Suspicious objects: 1
Duration of the scan: 01:23:19


File name / Threat name / Threats count
C:\Documents and Settings\jackpatan\My Documents\FrostWire\Incomplete\T-3515162-megedeath - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\jackpatan\My Documents\FrostWire\Incomplete\T-3877632-pagdating ng panahon aiza.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Documents and Settings\jackpatan\My Documents\FrostWire\Incomplete\T-4542054-i believe charmaine fionna ong MTV.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\big big man.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\can we talk for a minute - greatest hits.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\Carmen Fenk - Dance with my Father.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\crazy bone its so good.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\invincible christian bautista.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\migraine moonstar 88.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\moments og love janno gibbs - greatest hits.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\NSYNC - It's gonna be me.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\pasko na naman ariel rivera.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\shawty t pain.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\slapshock agent orange.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\stick around.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\tattoed on my mind.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\usher superstar MTV.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\where is she.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Qoobox\Quarantine\C\WINDOWS\Cursors\Boom.vbs.vir Infected: Trojan.VBS.Runner.be 1
C:\_OTMoveIt\MovedFiles\12252008_222051\no.com Infected: Trojan.Win32.Inject.dnm 1
C:\_OTMoveIt\MovedFiles\12252008_222051\WINDOWS\auto.vbs Suspicious: Type_Script 1

The selected area was scanned.



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, December 26, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, December 26, 2008 08:06:24
Records in database: 1516552
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Folder:
C:\

Scan statistics:
Files scanned: 86204
Threat name: 11
Infected objects: 27
Suspicious objects: 1
Duration of the scan: 01:28:28


File name / Threat name / Threats count
C:\autorun.inf Infected: Trojan-GameThief.Win32.Magania.zip 1
C:\Documents and Settings\jackpatan\Local Settings\Temporary Internet Files\Content.IE5\938AIOMS\help[1].rar Infected: Trojan.Win32.RaMag.a 1
C:\Documents and Settings\jackpatan\My Documents\FrostWire\Incomplete\T-3515162-megedeath - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\jackpatan\My Documents\FrostWire\Incomplete\T-3877632-pagdating ng panahon aiza.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Documents and Settings\jackpatan\My Documents\FrostWire\Incomplete\T-4542054-i believe charmaine fionna ong MTV.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\big big man.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\can we talk for a minute - greatest hits.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\Carmen Fenk - Dance with my Father.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\crazy bone its so good.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\invincible christian bautista.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\migraine moonstar 88.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\moments og love janno gibbs - greatest hits.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\NSYNC - It's gonna be me.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\pasko na naman ariel rivera.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\shawty t pain.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\slapshock agent orange.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\stick around.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\tattoed on my mind.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\usher superstar MTV.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\where is she.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\iqe68o.bat Infected: Trojan-GameThief.Win32.Magania.zap 1
C:\Qoobox\Quarantine\C\WINDOWS\Cursors\Boom.vbs.vir Infected: Trojan.VBS.Runner.be 1
C:\RECYCLER\S-1-5-21-606747145-706699826-839522115-1003\Dc3.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\tyktjfww.exe Infected: Trojan-GameThief.Win32.Magania.zap 1
C:\WINDOWS\system32\ckvo.exe Infected: Trojan-GameThief.Win32.Magania.zap 1
C:\WINDOWS\system32\ckvo0.dll Infected: Trojan-GameThief.Win32.Magania.zap 1
C:\_OTMoveIt\MovedFiles\12252008_222051\no.com Infected: Trojan.Win32.Inject.dnm 1
C:\_OTMoveIt\MovedFiles\12252008_222051\WINDOWS\auto.vbs Suspicious: Type_Script 1

The selected area was scanned.

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:10 AM

Posted 26 December 2008 - 10:57 AM

Copy this text into OTMoveIt3 and click Moveit.

:files
C:\autorun.inf 
C:\Documents and Settings\jackpatan\Local Settings\Temporary Internet Files\Content.IE5\938AIOMS\help[1].rar 
C:\Documents and Settings\jackpatan\My Documents\FrostWire\Incomplete\T-3515162-megedeath - greatest hits.wma 
C:\Documents and Settings\jackpatan\My Documents\FrostWire\Incomplete\T-3877632-pagdating ng panahon aiza.mp3 
C:\Documents and Settings\jackpatan\My Documents\FrostWire\Incomplete\T-4542054-i believe charmaine fionna ong MTV.mp3 
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\big big man.mp3 
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\can we talk for a minute - greatest hits.mp3 
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\Carmen Fenk - Dance with my Father.mp3 
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\crazy bone its so good.mp3 
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\invincible christian bautista.mp3 
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\migraine moonstar 88.mp3 
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\moments og love janno gibbs - greatest hits.mp3 
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\NSYNC - It's gonna be me.mp3 
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\pasko na naman ariel rivera.mp3 
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\shawty t pain.mp3 
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\slapshock agent orange.mp3 
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\stick around.mp3 
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\tattoed on my mind.mp3 
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\usher superstar MTV.mp3 
C:\Documents and Settings\jackpatan\My Documents\My Music\iTunes\iTunes Music\where is she.mp3 
C:\iqe68o.bat 
C:\RECYCLER\S-1-5-21-606747145-706699826-839522115-1003\Dc3.mp3 
C:\tyktjfww.exe 
C:\WINDOWS\system32\ckvo.exe 
C:\WINDOWS\system32\ckvo0.dll 

:Commands
[EmptyTemp]
[Reboot]




Download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.




Please post a new log from RSIT along with the resulting log from OTMoveIt.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 nayr1925

nayr1925
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 27 December 2008 - 04:24 AM

i tried running move it..but suddenly it is infected with a trojan virus. avg healed it..but the set up icon was deleted. i then tried downloading it again...twice..everytime it reaches the 99% stage..a window pops up telling that it cannot be opened cause its infected with a trojan virus. and when avg heals it..it closes..and discontinues downloading.

the window says it is write protected by the way.

#14 nayr1925

nayr1925
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 27 December 2008 - 11:28 AM

my task manager once again has been disabled......does that mean that i still have an infection???this morning tmanager was still accessible..but just now...cant access it.. :thumbsup:

#15 nayr1925

nayr1925
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 27 December 2008 - 11:32 AM

is there a way or a program that can permanently block malwares??to avoid further infection?? please don't be annoyed...... :thumbsup: :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users