Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde


  • This topic is locked This topic is locked
7 replies to this topic

#1 senzaku

senzaku

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 29 December 2008 - 07:02 PM

Hey, I believe that I have a Virtumonde virus currently on my computer, I'm not 100% sure but I'm leaning towards it. About every 5 minutes or so my internet will open itself up and bring me to a random page. Usually dealing with downloading an anti-virus program or some kinda dating website, It also sets my privacy settings to the lowest settings (Under internet options) And it is also disabling my Auto updates for my computer. Already I've ran Vundofix (In both normal and safe mode) And I've also run VirtumundoBeGone but neither have seemed to work. Below is my log from the DDS thing. If anyone would help it would be greatly appriciated.

DDS Log:
DDS (Version 1.1.0) - NTFSx86
Run by HP_Administrator at 18:20:40.26 on Mon 12/29/2008
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.381 [GMT -5:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\GetModule\GetModule32.exe
C:\Program Files\GetPack\GetPack26.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {c2f77577-c71f-18b9-1704-45fed3ef58c5}: {5c85fe3d-ef54-4071-9b81-f17c77577f2c} - c:\windows\system32\wpdxjj.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {84a2c00b-0d49-4126-bd75-e8f371c68912} - c:\windows\system32\urqPjHbc.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [GetModule32] c:\program files\getmodule\GetModule32.exe
uRun: [GetPack26] "c:\program files\getpack\GetPack26.exe"
uRunOnce: [MISPInst] "c:\docume~1\hp_adm~1\locals~1\temp\mcinstalltemp\Install.exe" /Resume /Restart
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [fc10f3a4] rundll32.exe "c:\windows\system32\ldqskslw.dll",b
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\imvu.lnk - c:\program files\imvu\IMVUClient.exe
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\roller~1.lnk - c:\documents and settings\hp_administrator\local settings\temp\{0b6bf43b-e69f-4ba1-ad06-6b4306d392cc}\{907b4640-266b-4a21-92fb-cd1a86cd0f63}\ATR1.exe
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\roller~2.lnk - c:\documents and settings\hp_administrator\local settings\temp\{6a289b43-0845-4fb4-b23f-b7c66ef3c993}\{45653847-497f-47bb-a878-46fbde34a3e0}\ATR1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google updater\GoogleUpdater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
Trusted Zone: trymedia.com
AppInit_DLLs: wpdxjj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\urqPjHbc

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;\??\c:\program files\avira\antivir personaledition classic\avgio.sys [2008-12-7 11840]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;"c:\program files\avira\antivir personaledition classic\sched.exe" [2008-12-7 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;"c:\program files\avira\antivir personaledition classic\avguard.exe" [2008-12-7 151297]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 WUSB54Gv42SVC;WUSB54Gv42SVC;"c:\program files\linksys wireless-g usb wireless network monitor\WLService.exe" "WUSB54Gv42.exe" [2008-12-7 53307]
R3 avgntflt;avgntflt;\??\c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-12-7 52032]

=============== Created Last 30 ================

2008-12-29 15:42 <DIR> --d----- C:\VundoFix Backups
2008-12-29 14:15 <DIR> --d----- c:\program files\Magic Swf2Avi 2008
2008-12-28 19:20 129,024 a------- c:\windows\system32\wpdxjj.dll
2008-12-28 19:20 129,024 a------- c:\windows\system32\ovyujivx.dll
2008-12-28 19:17 1,306,974 ---sh--- c:\windows\system32\wlsksqdl.ini
2008-12-28 19:17 72,704 a------- c:\windows\system32\ldqskslw.dll
2008-12-28 19:14 747,319 a--sh--- c:\windows\system32\cbHjPqru.ini2
2008-12-28 19:14 747,319 a--sh--- c:\windows\system32\cbHjPqru.ini
2008-12-28 19:14 302,592 a------- c:\windows\system32\urqPjHbc.dll
2008-12-28 19:11 <DIR> --d----- c:\program files\GetPack
2008-12-28 19:09 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\GetModule
2008-12-28 19:09 <DIR> --d----- c:\program files\GetModule
2008-12-28 19:09 <DIR> --d----- c:\program files\iCheck
2008-12-28 19:09 198,716 a------- c:\windows\system32\wpv781229907513.cpx
2008-12-28 19:08 34,816 a------- c:\windows\system32\geBtSJcy.dll.vir
2008-12-28 19:08 22,016 a------- c:\windows\system32\~.exe
2008-12-19 14:16 <DIR> --d----- c:\windows\system32\CatRoot_bak
2008-12-17 14:29 8,704 a------- c:\windows\system32\kbdjpn.dll
2008-12-17 14:29 8,704 a------- c:\windows\system32\dllcache\kbdjpn.dll
2008-12-17 14:29 8,192 a------- c:\windows\system32\kbdkor.dll
2008-12-17 14:29 8,192 a------- c:\windows\system32\dllcache\kbdkor.dll
2008-12-17 14:29 6,144 a------- c:\windows\system32\kbd106.dll
2008-12-17 14:29 6,144 a------- c:\windows\system32\kbd101c.dll
2008-12-17 14:29 6,144 a------- c:\windows\system32\dllcache\kbd106.dll
2008-12-17 14:29 6,144 a------- c:\windows\system32\dllcache\kbd101c.dll
2008-12-17 14:29 5,632 a------- c:\windows\system32\kbd103.dll
2008-12-17 14:29 5,632 a------- c:\windows\system32\dllcache\kbd103.dll
2008-12-17 14:29 6,144 a------- c:\windows\system32\kbd101b.dll
2008-12-17 14:29 6,144 a------- c:\windows\system32\dllcache\kbd101b.dll
2008-12-11 14:42 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\BitTorrent
2008-12-09 06:24 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\LimeWire
2008-12-08 21:38 272,128 -------- c:\windows\system32\drivers\bthport.sys
2008-12-08 21:38 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2008-12-08 21:36 2,136,064 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-08 21:36 2,180,352 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-08 21:36 2,057,728 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-08 21:36 2,015,744 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-08 21:20 <DIR> --d----- c:\windows\system32\PreInstall
2008-12-08 11:18 268,648 a------- c:\windows\system32\mucltui.dll
2008-12-08 11:18 208,744 a------- c:\windows\system32\muweb.dll
2008-12-08 11:18 27,496 a------- c:\windows\system32\mucltui.dll.mui
2008-12-07 16:16 <DIR> --d----- c:\documents and settings\hp_administrator\Contacts
2008-12-07 14:37 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2008-12-07 13:10 20,747 a------- c:\windows\system32\drivers\AegisP.sys
2008-12-07 13:10 374,752 a------- c:\windows\system32\WUSBGXP.sys
2008-12-07 13:10 339,488 a------- c:\windows\system32\WUSB20XP.sys
2008-12-07 13:10 245,376 a------- c:\windows\system32\rt2500usb.sys
2008-12-07 13:10 8,090 a------- c:\windows\system32\WUSB54G.cat
2008-12-07 13:10 8,022 a------- c:\windows\system32\rt2500usb.cat
2008-12-07 13:10 7,846 a------- c:\windows\system32\WUSB54GV2.cat
2008-12-07 13:10 1,668 a------- c:\windows\system32\WLAN.INI
2008-12-07 12:54 <DIR> --d----- c:\windows\system32\LogFiles
2008-12-07 12:12 <DIR> --d----- c:\program files\Avira
2008-12-07 12:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2008-12-07 09:44 <DIR> --d----- c:\windows\system32\appmgmt
2008-12-06 22:59 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\HPQ
2008-12-06 21:56 94,208 a------- c:\windows\system32\GTW32N50.dll
2008-12-06 21:56 31,930 a------- c:\windows\system32\GTNDIS3.VXD
2008-12-06 21:56 15,872 a------- c:\windows\system32\GTNDIS5.sys
2008-12-06 21:56 17,992 a------- c:\windows\system32\drivers\bcm42rly.sys
2008-12-06 21:56 17,992 a------- c:\windows\system32\bcm42rly.sys
2008-12-06 21:53 <DIR> --dshr-- C:\cmdcons
2008-12-06 21:50 1,909 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_RJ181AA-ABA a1600n_YC_0Pavi_QMXF644_E64NAemMPA4_48_INODUSM3_SASUSTek Computer INC._V1.05_B3.07_T060802_WXP2_L409_M959_J200_7AMD_8Athlon 64 X2 Dual Core_92_#061224_N_Z14F12F20_G10DE0241.MRK
2008-12-06 21:47 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Intuit
2008-12-06 21:47 <DIR> --d----- c:\documents and settings\hp_administrator\WINDOWS
2008-12-06 21:47 <DIR> --d----- c:\documents and settings\HP_Administrator
2008-12-06 21:36 21,504 a------- c:\windows\system32\hidserv.dll
2008-12-06 21:36 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2008-12-06 21:36 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2008-12-06 21:35 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
2008-12-06 21:03 <DIR> --dshr-- c:\windows\system32\dllcache
2008-12-06 18:23 1,989 a------- c:\windows\uninstall_nmon.vbs
2008-12-06 18:23 <DIR> --d----- c:\temp\tn3
2008-12-06 18:23 <DIR> --dsh--- c:\windows\IA
2008-12-06 18:23 <DIR> --d----- c:\temp\DIV55
2008-12-06 18:23 <DIR> --d----- c:\temp\1cb
2008-12-02 21:42 <DIR> --d----- c:\program files\Werk
2008-12-02 14:34 0 a------- c:\windows\ynh.dx

==================== Find3M ====================

2008-12-12 12:27 3,067,392 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 22:19 1,850 a------- c:\windows\mozver.dat
2008-12-06 18:52 10,752 a------- c:\windows\brastk.exe
2008-12-06 18:52 6,144 a------- c:\windows\karna.dat
2008-10-24 06:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-23 08:01 283,648 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-15 11:57 332,800 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 09:18 18,432 -------- c:\windows\system32\dllcache\iedw.exe
2008-10-03 05:15 247,326 -------- c:\windows\system32\strmdll.dll
2008-10-03 05:15 247,326 -------- c:\windows\system32\dllcache\strmdll.dll

============= FINISH: 18:21:53.32 ===============
Sorry for the huge log.

Thanks again if anyone helps.
Also sorry if I did something incorrect in the posting. I believe I followed the guide correctly.

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 05 January 2009 - 06:16 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 senzaku

senzaku
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 06 January 2009 - 03:54 PM

Here would be the first log asked to be post from Malwarebytes

Log:
Malwarebytes' Anti-Malware 1.32
Database version: 1619
Windows 5.1.2600 Service Pack 2

1/6/2009 2:17:47 PM
mbam-log-2009-01-06 (14-17-46).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 354314
Time elapsed: 16 hour(s), 25 minute(s), 21 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 7
Registry Keys Infected: 36
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 32
Files Infected: 110

Memory Processes Infected:
C:\Program Files\GetModule\GetModule32.exe (Adware.Agent) -> Unloaded process successfully.
C:\Program Files\GetPack\GetPack26.exe (Adware.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\urqPjHbc.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wxnbvkgg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ebvuia.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mexfdokv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\sdymkswv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pvebyh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jyplkw.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53ca952d-4837-46ae-a219-c26fe50b75bb} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{53ca952d-4837-46ae-a219-c26fe50b75bb} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a4acdf8-8b4b-4f71-889c-fc89715b86ea} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6a4acdf8-8b4b-4f71-889c-fc89715b86ea} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{53ca952d-4837-46ae-a219-c26fe50b75bb} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6a4acdf8-8b4b-4f71-889c-fc89715b86ea} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\grandbar.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{bb112471-9094-471b-92b0-931a40c42b98} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{17bfcf1a-b579-48a7-9849-719ddd11d340} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{17bfcf1a-b579-48a7-9849-719ddd11d340} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84ba8988-33e1-4c89-a150-bf428e8d3213} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{84ba8988-33e1-4c89-a150-bf428e8d3213} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84ba8988-33e1-4c89-a150-bf428e8d3213} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\grandbar.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\grandpack (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GrandPack (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\grandbar.band (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\grandbar.band.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GetPack (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_globaladsolution (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{160c1902-88ed-1b9f-032d-6fad3e6573d9} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{160c1902-88ed-1b9f-032d-6fad3e6573d9} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4002dffd-54bb-3268-1d2c-a0d6bb2fd2da} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4002dffd-54bb-3268-1d2c-a0d6bb2fd2da} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fc10f3a4 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getmodule32 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getpack26 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rvssusocnrzhvtbp (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\urqpjhbc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqpjhbc -> Delete on reboot.

Folders Infected:
C:\WA7P (Unknown.Vundo.Related) -> Quarantined and deleted successfully.
C:\WA7P\Quar (Unknown.Vundo.Related) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.0.26 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingTool (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Program Files\GrandPack (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetPack (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\NewDotNet (Adware.NewDotNet) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Captin King\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Captin King\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Captin King\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Captin King\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Captin King\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Captin King\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\urqPjHbc.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\cbHjPqru.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\cbHjPqru.ini2 (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pvebyh.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\quoojgnh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hngjoouq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sasgvqly.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ylqvgsas.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wxnbvkgg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ggkvbnxw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ebvuia.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\GetModule\GetModule32.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetPack\GetPack26.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mexfdokv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\sdymkswv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jyplkw.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\GrandPack\GrandPack2.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingTool\BrowsingTool-2.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\GrandPack\qdrloader.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\svchost.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\sronmaecxw.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\userinit.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP27\A0007437.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28\A0007591.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28\A0007592.dll (Adware.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28\A0009657.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28\A0009694.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28\A0009705.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP30\A0011847.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\a.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovyujivx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBtSJcy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpdxjj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpv781229907513.cpx (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yyiujysv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\services.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingTool\BrowsingTool.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingTool\pcre3.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingTool\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Program Files\GrandPack\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetPack\dictame.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetPack\trgtame.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\NewDotNet\nncore.dll (Adware.NewDotNet) -> Quarantined and deleted successfully.
C:\Program Files\NewDotNet\readme.html (Adware.NewDotNet) -> Quarantined and deleted successfully.
C:\Program Files\NewDotNet\uninstall.exe (Adware.NewDotNet) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Captin King\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Captin King\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Captin King\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Captin King\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Captin King\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\Tem85.tmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\screensaver.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\starware_toolbar_icon.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\images\walertXP.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\GetModule\ofadik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65\ProfileReg.dat (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\BitDownload\BitDownload Downloads.lnk (Trojan.Lop) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mmkjxcgowzmviubej.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cont_globaladsolution-remove.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nst75.dll (Adware.BHO) -> Quarantined and deleted successfully.

#4 senzaku

senzaku
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 06 January 2009 - 03:55 PM

Here would be the RSIT log.txt

Log:
Logfile of random's system information tool 1.05 (written by random/random)
Run by HP_Administrator at 2009-01-06 14:56:27
Microsoft Windows XP Professional Service Pack 2
System drive C: has 39 GB (22%) free of 182 GB
Total RAM: 958 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:56:31 PM, on 1/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\system32\dumprep.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{0B6BF43B-E69F-4BA1-AD06-6B4306D392CC}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: RollerCoaster Tycoon 3_ Wild Registration.lnk = C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{6A289B43-0845-4FB4-B23F-B7C66EF3C993}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O20 - AppInit_DLLs: pvebyh.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 7410 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-12-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-12-19 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"ftutil2"=C:\WINDOWS\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-13 16239616]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-03 77312]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-05-09 7311360]
"nwiz"=nwiz.exe /install []
"DMAScheduler"=c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-04-13 90112]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-23 237568]
""= []
"PCDrProfiler"= []
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-16 249856]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-02-17 49152]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-08-17 180269]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
IMVU.lnk - C:\Program Files\IMVU\IMVUClient.exe
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe
PowerReg Scheduler V3.exe
RollerCoaster Tycoon 3 Registration.lnk - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{0B6BF43B-E69F-4BA1-AD06-6B4306D392CC}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
RollerCoaster Tycoon 3_ Wild Registration.lnk - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{6A289B43-0845-4FB4-B23F-B7C66EF3C993}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="pvebyh.dll"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Lights\CRUCIS FATAL FAKE\data\FF2.exe"="C:\Program Files\Lights\CRUCIS FATAL FAKE\data\FF2.exe:*:Enabled:CRUCIS FATAL FAKE"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 3 months======

2009-01-06 14:55:58 ----D---- C:\rsit
2009-01-06 14:55:58 ----D---- C:\Program Files\trend micro
2009-01-05 19:17:02 ----ASH---- C:\WINDOWS\system32\kvykwpue.ini
2009-01-05 19:17:01 ----A---- C:\WINDOWS\system32\eupwkyvk.dll
2009-01-05 14:27:35 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2009-01-05 14:27:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-05 14:27:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-04 17:35:36 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-30 14:22:44 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\vlc
2008-12-30 13:50:37 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\MxBoost
2008-12-30 13:49:11 ----D---- C:\Program Files\Maxthon2
2008-12-29 21:05:34 ----ASH---- C:\WINDOWS\system32\ebbvdspr.ini
2008-12-29 19:11:25 ----A---- C:\WINDOWS\system32\ikghdgppcwg.exe
2008-12-29 15:42:28 ----D---- C:\VundoFix Backups
2008-12-29 15:42:28 ----A---- C:\VundoFix.txt
2008-12-29 15:13:04 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-29 14:15:02 ----D---- C:\Program Files\Magic Swf2Avi 2008
2008-12-29 08:25:33 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2008-12-29 08:21:51 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Lavasoft
2008-12-28 19:17:21 ----ASH---- C:\WINDOWS\system32\wlsksqdl.ini
2008-12-28 19:15:26 ----A---- C:\WINDOWS\system32\f73337da-.txt
2008-12-26 15:56:43 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Sun
2008-12-19 17:51:29 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Google
2008-12-19 14:16:20 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-12-19 03:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-17 14:29:31 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-12-17 14:29:31 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-12-17 14:29:31 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-12-17 14:29:31 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-12-17 14:29:31 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-12-17 14:29:28 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-12-12 06:33:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 06:33:44 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 06:33:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-12 06:33:15 ----HDC---- C:\WINDOWS\$NtUninstallKB926251$
2008-12-12 06:32:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 06:31:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 22:19:49 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2008-12-11 20:41:53 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
2008-12-11 14:43:25 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\WinRAR
2008-12-11 14:42:33 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent
2008-12-10 14:42:25 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\CyberLink
2008-12-09 06:32:51 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2008-12-09 06:24:49 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-12-09 06:24:43 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-12-09 06:24:03 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-12-08 21:20:21 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-08 11:18:40 ----A---- C:\WINDOWS\system32\muweb.dll
2008-12-08 11:18:40 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-12-08 11:18:40 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-12-07 16:15:32 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-07 14:37:27 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-07 13:56:36 ----A---- C:\WINDOWS\system32\LuResult.txt
2008-12-07 13:10:19 ----A---- C:\WINDOWS\system32\WLAN.INI
2008-12-07 12:54:20 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-07 12:12:57 ----D---- C:\Program Files\Avira
2008-12-07 12:12:57 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-12-07 12:05:54 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
2008-12-07 09:44:12 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-06 22:59:37 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\HPQ
2008-12-06 21:56:57 ----A---- C:\WINDOWS\system32\results.txt
2008-12-06 21:56:50 ----A---- C:\WINDOWS\system32\GTW32N50.dll
2008-12-06 21:54:10 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Skype
2008-12-06 21:53:09 ----RSHD---- C:\cmdcons
2008-12-06 21:47:52 ----ASH---- C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini
2008-12-06 21:47:47 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2008-12-06 21:47:47 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Identities
2008-12-06 21:47:46 ----SD---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
2008-12-06 21:47:46 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Real
2008-12-06 21:36:08 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-12-06 21:03:40 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-06 18:23:42 ----SHD---- C:\WINDOWS\IA
2008-12-02 21:42:50 ----D---- C:\Program Files\Werk
2008-11-14 20:45:05 ----D---- C:\Program Files\Lights
2008-11-13 18:23:45 ----A---- C:\DV.txt
2008-11-12 03:02:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:01:52 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-24 02:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 13:54:38 ----HD---- C:\WINDOWS\msdownld.tmp
2008-10-16 13:54:34 ----D---- C:\WINDOWS\Logs
2008-10-15 02:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 02:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 02:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 02:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 02:01:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 02:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$

======List of files/folders modified in the last 3 months======

2009-01-06 14:56:06 ----D---- C:\WINDOWS\Prefetch
2009-01-06 14:55:58 ----AD---- C:\Program Files
2009-01-06 14:32:17 ----AD---- C:\WINDOWS
2009-01-06 14:30:29 ----D---- C:\WINDOWS\Temp
2009-01-06 14:24:34 ----D---- C:\WINDOWS\Registration
2009-01-06 14:24:05 ----D---- C:\WINDOWS\system32
2009-01-06 14:24:04 ----D---- C:\WINDOWS\system32\drivers
2009-01-06 14:23:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-04 17:35:48 ----D---- C:\WINDOWS\Debug
2009-01-03 21:41:16 ----SHD---- C:\WINDOWS\Installer
2009-01-03 21:40:57 ----HD---- C:\WINDOWS\inf
2009-01-03 21:40:51 ----D---- C:\Program Files\Internet Explorer
2009-01-03 21:03:26 ----D---- C:\WINDOWS\WinSxS
2009-01-03 19:16:00 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-30 14:24:42 ----D---- C:\Program Files\Maxthon
2008-12-29 15:32:09 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-29 15:28:28 ----D---- C:\Program Files\Yahoo!
2008-12-29 13:41:44 ----D---- C:\Program Files\LimeWire
2008-12-28 23:25:41 ----D---- C:\Program Files\Mozilla Firefox
2008-12-28 17:10:43 ----D---- C:\Program Files\Total Video Converter
2008-12-21 10:59:15 ----D---- C:\WINDOWS\system32\Macromed
2008-12-19 17:51:11 ----D---- C:\Program Files\Google
2008-12-19 17:50:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-19 14:32:42 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-19 03:00:26 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-12 12:27:54 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 06:33:17 ----D---- C:\Program Files\Windows Media Player
2008-12-11 14:41:26 ----D---- C:\Program Files\WinRAR
2008-12-09 15:25:05 ----D---- C:\Documents and Settings
2008-12-09 06:53:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-09 06:48:31 ----D---- C:\WINDOWS\msagent
2008-12-09 06:48:31 ----D---- C:\Program Files\Common Files\System
2008-12-09 06:47:34 ----D---- C:\WINDOWS\security
2008-12-09 06:41:49 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-12-09 06:41:40 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2008-12-09 06:41:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-09 06:41:22 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2008-12-09 06:41:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-09 06:41:04 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2008-12-09 06:40:57 ----D---- C:\Program Files\Messenger
2008-12-09 06:40:56 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-09 06:40:38 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2008-12-09 06:40:26 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2008-12-09 06:40:17 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2008-12-09 06:40:09 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2008-12-09 06:40:01 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-12-09 06:39:54 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-12-09 06:39:47 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2008-12-09 06:39:39 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2008-12-09 06:39:14 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2008-12-09 06:39:06 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-12-09 06:38:57 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2008-12-09 06:38:48 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2008-12-09 06:38:41 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2008-12-09 06:38:30 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2008-12-09 06:38:24 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-12-09 06:38:15 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2008-12-09 06:38:06 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2008-12-09 06:37:58 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2008-12-09 06:37:51 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2008-12-09 06:37:43 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2008-12-09 06:37:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-09 06:37:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-09 06:37:06 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2008-12-09 06:36:42 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2008-12-09 06:36:20 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2008-12-09 06:36:12 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2008-12-09 06:36:02 ----HDC---- C:\WINDOWS\$NtUninstallKB913800$
2008-12-09 06:34:32 ----D---- C:\Program Files\Outlook Express
2008-12-09 06:34:31 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2008-12-09 06:34:22 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2008-12-09 06:34:08 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2008-12-09 06:32:44 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2008-12-09 06:32:36 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2008-12-09 06:32:25 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2008-12-09 06:32:19 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-12-09 06:32:01 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2008-12-09 06:31:52 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-12-09 06:31:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-09 06:31:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-09 06:31:14 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-12-09 06:30:58 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2008-12-09 06:30:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-09 06:30:40 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2008-12-09 06:30:30 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2008-12-09 06:30:22 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2008-12-09 06:30:13 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-12-09 06:30:04 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
2008-12-09 06:29:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-09 06:29:46 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-12-09 06:29:36 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2008-12-09 06:29:23 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$
2008-12-09 06:29:16 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2008-12-09 06:29:08 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2008-12-09 06:28:59 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2008-12-09 06:28:51 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2008-12-09 06:28:42 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2008-12-09 06:28:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-09 06:28:07 ----HDC---- C:\WINDOWS\$NtUninstallKB930494$
2008-12-09 06:27:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-12-09 06:27:21 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-09 06:27:14 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-12-09 06:26:57 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-12-09 06:25:58 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-12-09 06:25:42 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2008-12-09 06:25:35 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2008-12-09 06:25:25 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2008-12-09 06:25:17 ----HDC---- C:\WINDOWS\$NtUninstallKB953356$
2008-12-09 06:25:09 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2008-12-09 06:24:41 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2008-12-09 06:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-12-09 06:23:33 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2008-12-08 21:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-08 21:15:58 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-07 16:12:14 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-12-07 14:37:36 ----D---- C:\WINDOWS\Help
2008-12-07 13:56:01 ----SD---- C:\WINDOWS\Tasks
2008-12-07 13:53:51 ----D---- C:\WINDOWS\Minidump
2008-12-07 13:10:53 ----D---- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2008-12-07 12:03:02 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-07 12:02:19 ----D---- C:\Program Files\Common Files
2008-12-07 09:36:28 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-06 22:47:52 ----SHD---- C:\RECYCLER
2008-12-06 22:03:16 ----HD---- C:\hp
2008-12-06 22:03:13 ----D---- C:\Program Files\PC-Doctor 5 for Windows
2008-12-06 22:01:33 ----D---- C:\USERDATA
2008-12-06 21:54:10 ----RASH---- C:\boot.ini
2008-12-06 21:53:09 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-12-06 21:50:24 ----AD---- C:\WINDOWS\system32\pcintro
2008-12-06 21:46:04 ----D---- C:\WINDOWS\system32\config
2008-12-06 21:45:07 ----RASH---- C:\BOOT.BAK
2008-12-06 21:38:50 ----A---- C:\WINDOWS\system.ini
2008-12-06 21:24:38 ----D---- C:\WINDOWS\system
2008-12-06 21:24:24 ----D---- C:\WINDOWS\I386
2008-12-06 21:21:49 ----RSD---- C:\WINDOWS\Fonts
2008-12-06 21:21:47 ----RD---- C:\WINDOWS\Web
2008-12-06 21:21:47 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-06 21:21:46 ----RSD---- C:\WINDOWS\assembly
2008-12-06 18:36:25 ----D---- C:\Program Files\AntiVir PersonalEdition Classic
2008-12-05 21:08:09 ----D---- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-12-02 14:53:29 ----D---- C:\Program Files\DNA
2008-12-02 14:53:20 ----D---- C:\Program Files\Incomplete
2008-10-23 08:01:36 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-22 04:47:07 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-10-17 17:20:02 ----D---- C:\Program Files\The Weather Channel FW
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 05:20:53 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 05:20:52 ----A---- C:\WINDOWS\system32\browseui.dll
2008-10-16 05:20:51 ----A---- C:\WINDOWS\system32\shlwapi.dll
2008-10-16 05:20:50 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 05:20:50 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 05:20:49 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 05:20:48 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-10-16 05:20:46 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 05:20:46 ----A---- C:\WINDOWS\system32\mstime.dll
2008-10-16 05:20:46 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 05:20:46 ----A---- C:\WINDOWS\system32\inseng.dll
2008-10-16 05:20:46 ----A---- C:\WINDOWS\system32\iepeers.dll
2008-10-16 05:20:46 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 05:20:45 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 05:20:45 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 05:20:45 ----A---- C:\WINDOWS\system32\danim.dll
2008-10-16 05:20:42 ----A---- C:\WINDOWS\system32\cdfview.dll
2008-10-15 11:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 09:00:41 ----A---- C:\WINDOWS\system32\xpsp3res.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-12-07 20747]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-03 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-03 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-03 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-03 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-03 10112]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-08 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-14 4299264]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-05-09 3535680]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-03-31 27008]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-09 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-09 26496]
R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
R3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-10-17 245376]
S3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-09 20480]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-03-03 18944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-03 58880]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-06-21 49152]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-05-09 131139]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]
S2 WUSB54Gv42SVC;WUSB54Gv42SVC; C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [2005-07-04 53307]
S3 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-09 267776]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-19 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-09 14336]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

#5 senzaku

senzaku
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 06 January 2009 - 03:56 PM

And here is the RSIT info.txt with the Attachment.

Info:
info.txt logfile of random's system information tool 1.05 2009-01-06 14:57:03

======Uninstall list======

-->"C:\Program Files\HP Games\Airstrike 2 Gulf Thunder\Uninstall.exe"
-->"C:\Program Files\HP Games\Alien Shooter\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Remix\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Garden Dreams\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Mystery Case Files\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Snowy Space Trip\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\WildTangent\Apps\My HP Game Console\Uninstall.exe"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
DISCover-->"C:\Program Files\DISC\uninstall.exe"
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
E.M. Magic Swf2Avi 2008 build 5.2.10.115-->"C:\Program Files\Magic Swf2Avi 2008\unins000.exe"
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB893357)-->"C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB906569)-->"C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB912024)-->"C:\WINDOWS\$NtUninstallKB912024$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP DigitalMedia Archive-->MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart for Media Center PC-->c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Web Helper-->regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
LimeWire 4.12.6-->"C:\Program Files\LimeWire\uninstall.exe"
Linksys Wireless-G USB Network Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maxthon Browser (remove only)-->C:\Program Files\Maxthon\MaxthonUINST.exe
Maxthon2 Browser (remove only)-->C:\Program Files\Maxthon2\MaxthonUINST.exe
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Standard Edition 2003 60 days trial-->c:\hp\bin\cloaker.exe c:\hp\bin\MSOffice\uninst.cmd
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB4740B3-2530-452D-A825-F7AB246CA7DF}\setup.exe" -l0x9
muvee autoProducer unPlugged 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}\setup.exe" -l0x9
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Netscape Browser (remove only)-->"C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Remove WeatherBug Installer-->c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c c:\hp\bin\wbug\clean.bat
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
RON Tool Globaladsolution-->C:\WINDOWS\system32\ikghdgppcwg.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Total Video Converter 3.14 080930-->"C:\Program Files\Total Video Converter\unins001.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB912945)-->"C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB892050-->"C:\WINDOWS\$NtUninstallKB892050$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB912067-->"C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: Avira AntiVir PersonalEdition (disabled)
FW: Norton Internet Worm Protection (disabled)

System event log

Computer Name: YOUR-4DACD0EA75
Event Code: 7036
Message: The Telephony service entered the running state.

Record Number: 1728
Source Name: Service Control Manager
Time Written: 20081229081502.000000-300
Event Type: information
User:

Computer Name: YOUR-4DACD0EA75
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{E408FEBD-E8CB-4BF2-9542-72A620A34D2D} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 1727
Source Name: Tcpip
Time Written: 20081229081500.000000-300
Event Type: information
User:

Computer Name: YOUR-4DACD0EA75
Event Code: 7035
Message: The GTNDIS5 NDIS Protocol Driver service was successfully sent a start control.

Record Number: 1726
Source Name: Service Control Manager
Time Written: 20081229081457.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-4DACD0EA75
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{E408FEBD-E8CB-4BF2-9542-72A620A34D2D} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 1725
Source Name: Tcpip
Time Written: 20081229081450.000000-300
Event Type: information
User:

Computer Name: YOUR-4DACD0EA75
Event Code: 7036
Message: The Computer Browser service entered the stopped state.

Record Number: 1724
Source Name: Service Control Manager
Time Written: 20081229081447.000000-300
Event Type: information
User:

Application event log

Computer Name: YOUR-4DACD0EA75
Event Code: 704
Message: MsnMsgr (3036) Online defragmentation of database '\\.\C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Messenger\unrememberedstranger@hotmail.com\SharingMetadata\Working\database_D6FC_1116_FC10_F30B\dfsr.db' was interrupted and terminated. The next time online defragmentation is started on this database, it will resume from the point of interruption.

Record Number: 761
Source Name: ESENT
Time Written: 20090104001845.000000-300
Event Type: information
User:

Computer Name: YOUR-4DACD0EA75
Event Code: 701
Message: MsnMsgr (3036) Online defragmentation has completed a full pass on database '\\.\C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Messenger\unrememberedstranger@hotmail.com\SharingMetadata\Working\database_D6FC_1116_FC10_F30B\dfsr.db'.

Record Number: 760
Source Name: ESENT
Time Written: 20090104000000.000000-300
Event Type: information
User:

Computer Name: YOUR-4DACD0EA75
Event Code: 700
Message: MsnMsgr (3036) Online defragmentation is beginning a full pass on database '\\.\C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Messenger\unrememberedstranger@hotmail.com\SharingMetadata\Working\database_D6FC_1116_FC10_F30B\dfsr.db'.

Record Number: 759
Source Name: ESENT
Time Written: 20090104000000.000000-300
Event Type: information
User:

Computer Name: YOUR-4DACD0EA75
Event Code: 302
Message: MsnMsgr (3036) \\.\C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Messenger\unrememberedstranger@hotmail.com\SharingMetadata\Working\database_D6FC_1116_FC10_F30B\dfsr.db: The database engine has successfully completed recovery steps.

Record Number: 758
Source Name: ESENT
Time Written: 20090103235927.000000-300
Event Type: information
User:

Computer Name: YOUR-4DACD0EA75
Event Code: 301
Message: MsnMsgr (3036) \\.\C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Messenger\unrememberedstranger@hotmail.com\SharingMetadata\Working\database_D6FC_1116_FC10_F30B\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Messenger\unrememberedstranger@hotmail.com\SharingMetadata\Working\database_D6FC_1116_FC10_F30B\fsr.log.

Record Number: 757
Source Name: ESENT
Time Written: 20090103235927.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------

Attached Files



#6 senzaku

senzaku
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 06 January 2009 - 03:59 PM

I'd like to say Thanks for taking your time to give me a hand with this, Hopefully everything will go smoothly.

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 07 January 2009 - 02:14 AM

Please download JavaRa to your desktop and unzip it to its own folder. <<MIRROR>>
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
Then, please download and install the latest Java from HERE



NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)


    :processes
    explorer.exe
    
    :services
    
    :files
    C:\WINDOWS\system32\kvykwpue.ini
    C:\WINDOWS\system32\eupwkyvk.dll
    C:\WINDOWS\system32\ebbvdspr.ini
    C:\WINDOWS\system32\ikghdgppcwg.exe
    C:\WINDOWS\system32\wlsksqdl.ini
    C:\WINDOWS\system32\f73337da-.txt
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]

  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again.. Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 12 January 2009 - 03:16 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users