Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

bestantivirusscanner popups & Monder virus after AVG removed virus


  • This topic is locked This topic is locked
19 replies to this topic

#1 tortoise

tortoise

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 11 January 2009 - 09:56 AM

Hi,
AVG recently (9th Jan) detected & removed the following
Trojan horse clicker.VZM c:\windows\system32\prunnet.exe
Trojan horse generic12.AQDY c:\windows\system32\cbXQiFya.dll (random name)

The following day I started getting popups trying to lure me to
bestantivirusscanner.com

Kaspersky also report Monder virus

I have other PCs in my home that dont seem to be affected, but I am concerned to make sure I make those PCs secure too. All our PCs have current antivirus software & run windows update automaticaly. Some on XP and some on Vista.

Thank you for you time reading this.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, January 11, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, January 11, 2009 12:49:12
Records in database: 1602482
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Hinson\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 76669
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:17:27


File name / Threat name / Threats count
C:\WINDOWS\system32\iiffFuRk.dll Infected: Trojan.Win32.Monder.alpv 1

The selected area was scanned.

######################################################

DDS (Ver_09-01-07.01) - NTFSx86
Run by Hinson at 12:48:00.17 on 11/01/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.767.272 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Temp\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {4be43647-f7a1-4203-9136-514b15727cdb} - c:\windows\system32\mezinoma.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\projectx\jre\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\projectx\jre\bin\jp2ssv.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [SunJavaUpdateSched] "c:\program files\projectx\jre\bin\jusched.exe"
mRun: [zakesasori] Rundll32.exe "c:\windows\system32\hizuriki.dll",s
mRun: [CPM23817d64] Rundll32.exe "c:\windows\system32\jobavito.dll",a
mRun: [20b24ef8] rundll32.exe "c:\windows\system32\yujitana.dll",b
dRunOnce: [RunNarrator] Narrator.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: adobe.com\www
Trusted Zone: creative.com\www
Trusted Zone: openstreetmap.org\www
Trusted Zone: topf.org\geo
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: ssqRJdeb - ssqRJdeb.dll
AppInit_DLLs: avgrsstx.dll c:\windows\system32\beziyefu.dll c:\windows\system32\jobavito.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jobavito.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\jobavito.dll
SEH: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - No File
LSA: Notification Packages = scecli c:\windows\system32\beziyefu.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-20 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-12-26 26824]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-20 231704]
S3 FILEMON;FILEMON;\??\c:\windows\system32\drivers\filem.sys --> c:\windows\system32\drivers\FILEM.SYS [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-12-2 28672]
S3 PentaxUsb;PENTAX Optio 60 on USB;c:\windows\system32\drivers\CoachUsb.sys [2004-11-24 50976]
S3 tablet;Serial Tablet Driver;c:\windows\system32\drivers\tablet.sys --> c:\windows\system32\drivers\tablet.sys [?]
S3 tbfilter;Tablet Filter Driver;c:\windows\system32\drivers\tbfilter.sys --> c:\windows\system32\drivers\tbfilter.sys [?]
S3 TFBULK;Topfield USB client driver;c:\windows\system32\drivers\TfBulk.SYS [2007-5-31 13312]
S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [2008-3-9 23040]

=============== Created Last 30 ================

2009-01-11 12:21 368,922 a------- c:\temp\dds.scr
2009-01-11 12:01 1,217,037 ---sh--- c:\windows\system32\anatijuy.ini
2009-01-09 16:46 46,080 a------- c:\windows\system32\iiffFuRk.dll
2009-01-05 23:33 <DIR> --d----- c:\program files\VideoReDoTVSuite
2009-01-05 23:33 <DIR> --d----- c:\docume~1\hinson\applic~1\VideoReDo-TVSuite
2009-01-05 23:31 13,791,400 a------- c:\temp\VideoReDoTVS-3-1-5-564.exe
2009-01-05 18:28 82,387 a------- c:\temp\LightExplorer_1_6_dll.zip
2009-01-05 18:28 82,371 a------- c:\temp\SearchInFiles_1_12_dll.zip
2009-01-05 18:27 106,647 a------- c:\temp\HexEditor_0_9_2_dll.zip
2009-01-05 18:23 101,349 a------- c:\temp\Explorer_1_8_1_dll.zip
2009-01-05 18:15 2,434,782 a------- c:\temp\npp.5.1.3.Installer.exe
2009-01-05 00:11 0 a------- c:\windows\system32\RENBD.tmp
2009-01-05 00:11 0 a------- c:\windows\system32\RENBC.tmp
2009-01-05 00:11 0 a------- c:\windows\system32\RENBB.tmp
2009-01-05 00:10 209,816 a------- c:\temp\jre-6u11-windows-i586-p-iftw-k.exe
2009-01-05 00:10 0 a------- c:\windows\system32\REN9F.tmp
2009-01-05 00:10 0 a------- c:\windows\system32\REN9E.tmp
2009-01-05 00:10 0 a------- c:\windows\system32\REN9D.tmp
2009-01-05 00:09 16,168,344 a------- c:\temp\jre-6u11-windows-i586-p.exe
2009-01-04 23:49 0 a------- c:\windows\system32\REN8E.tmp
2009-01-04 23:49 0 a------- c:\windows\system32\REN8D.tmp
2009-01-04 23:49 0 a------- c:\windows\system32\REN8C.tmp
2009-01-04 23:49 16,319,896 a------- c:\temp\jre-6u11-windows-i586-p-s.exe
2009-01-04 23:44 0 a------- c:\windows\system32\REN68.tmp
2009-01-04 23:44 0 a------- c:\windows\system32\REN67.tmp
2009-01-04 23:44 0 a------- c:\windows\system32\REN66.tmp
2009-01-04 23:41 0 a------- c:\windows\system32\REN60.tmp
2009-01-04 23:41 0 a------- c:\windows\system32\REN5F.tmp
2009-01-04 23:41 0 a------- c:\windows\system32\REN5E.tmp
2009-01-04 22:19 0 a------- c:\windows\system32\REN55.tmp
2009-01-04 22:19 0 a------- c:\windows\system32\REN54.tmp
2009-01-04 22:19 0 a------- c:\windows\system32\REN53.tmp
2009-01-04 22:14 15,951,256 a------- c:\temp\jre-6u6-windows-i586-p-s.exe
2009-01-04 14:24 <DIR> --d----- c:\docume~1\hinson\applic~1\HandBrake
2009-01-04 14:12 6,529,156 a------- c:\temp\HandBrake-0.9.3-Win_GUI.exe
2009-01-03 12:56 <DIR> --d----- c:\program files\Sun
2009-01-03 12:56 0 a------- c:\windows\system32\REN77.tmp
2009-01-03 12:56 0 a------- c:\windows\system32\REN76.tmp
2009-01-03 12:56 0 a------- c:\windows\system32\REN75.tmp
2009-01-03 12:55 0 a------- c:\windows\system32\REN4F.tmp
2009-01-03 12:55 0 a------- c:\windows\system32\REN4E.tmp
2009-01-03 12:55 0 a------- c:\windows\system32\REN4D.tmp
2009-01-03 12:53 0 a------- c:\windows\system32\REN3F.tmp
2009-01-03 12:53 0 a------- c:\windows\system32\REN3E.tmp
2009-01-03 12:53 0 a------- c:\windows\system32\REN3D.tmp
2009-01-03 10:42 0 a------- c:\windows\system32\REN83.tmp
2009-01-03 10:42 0 a------- c:\windows\system32\REN82.tmp
2009-01-03 10:42 0 a------- c:\windows\system32\REN81.tmp
2009-01-03 10:41 0 a------- c:\windows\system32\REN7B.tmp
2009-01-03 10:41 0 a------- c:\windows\system32\REN7A.tmp
2009-01-03 10:41 0 a------- c:\windows\system32\REN79.tmp
2009-01-03 10:40 0 a------- c:\windows\system32\REN73.tmp
2009-01-03 10:40 0 a------- c:\windows\system32\REN72.tmp
2009-01-03 10:40 0 a------- c:\windows\system32\REN71.tmp
2009-01-03 10:38 0 a------- c:\windows\system32\REN6B.tmp
2009-01-03 10:38 0 a------- c:\windows\system32\REN6A.tmp
2009-01-03 10:38 0 a------- c:\windows\system32\REN69.tmp
2009-01-03 10:37 0 a------- c:\windows\system32\REN63.tmp
2009-01-03 10:37 0 a------- c:\windows\system32\REN62.tmp
2009-01-03 10:37 0 a------- c:\windows\system32\REN61.tmp
2009-01-03 10:36 0 a------- c:\windows\system32\REN5B.tmp
2009-01-03 10:36 0 a------- c:\windows\system32\REN5A.tmp
2009-01-03 10:36 0 a------- c:\windows\system32\REN59.tmp
2009-01-03 10:35 0 a------- c:\windows\system32\REN52.tmp
2009-01-03 10:35 0 a------- c:\windows\system32\REN51.tmp
2009-01-03 10:35 0 a------- c:\windows\system32\REN50.tmp
2009-01-03 10:34 0 a------- c:\windows\system32\REN4C.tmp
2009-01-03 10:34 0 a------- c:\windows\system32\REN4B.tmp
2009-01-03 10:34 0 a------- c:\windows\system32\REN4A.tmp
2009-01-03 10:32 0 a------- c:\windows\system32\REN44.tmp
2009-01-03 10:32 0 a------- c:\windows\system32\REN43.tmp
2009-01-03 10:32 0 a------- c:\windows\system32\REN42.tmp
2009-01-03 10:23 0 a------- c:\windows\system32\REN3C.tmp
2009-01-03 10:23 0 a------- c:\windows\system32\REN3B.tmp
2009-01-03 10:23 0 a------- c:\windows\system32\REN3A.tmp
2009-01-03 10:09 2,515 a------- C:\FRAGLIST.LUAR
2009-01-03 00:03 <DIR> --d----- c:\program files\Trend Micro
2009-01-03 00:03 812,344 a------- c:\temp\HJTInstall.exe
2009-01-02 23:35 <DIR> --d----- c:\temp\StoryTV_data
2008-12-30 14:19 <DIR> --d----- c:\temp\SubTitle_Testing
2008-12-30 14:16 <DIR> --d----- c:\program files\ProjectX_Subtitle_Mod
2008-12-30 14:06 19,692,042 a------- c:\temp\Sit2_Count42_20081223a.zip
2008-12-19 15:01 <DIR> --d----- c:\program files\Messenger Plus! Live
2008-12-19 14:59 4,887,376 a------- c:\temp\MsgPlusLive-470.exe
2008-12-19 14:53 1,935,345 a------- c:\temp\installer-32-messenger-plus-live-uk.exe
2008-12-15 23:18 94,208 a------- c:\windows\system32\rawread.dll
2008-12-15 23:18 20,480 a------- c:\windows\system32\RAWIO32.dll
2008-12-15 23:18 12,992 a------- c:\windows\system32\RAWIO16.DLL
2008-12-15 23:17 2,615,922 a------- c:\temp\ProjectX-Complete_090400b27_with_JRE.zip

==================== Find3M ====================

2009-01-11 12:01 91,193 a--sh--- c:\windows\system32\yujitana.dll
2009-01-11 12:01 103,047 a--sh--- c:\windows\system32\jobavito.dll
2009-01-11 12:00 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-01-10 18:07 91,373 a--sh--- c:\windows\system32\yesileya.dll
2009-01-10 18:07 101,160 a--sh--- c:\windows\system32\ledahofo.dll
2009-01-07 10:45 41,656 a------- c:\docume~1\hinson\applic~1\GDIPFONTCACHEV1.DAT
2008-10-23 12:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 a------- c:\windows\system32\wininet.dll
2007-02-18 15:41 52 a------- c:\documents and settings\hinson\tt.bat
2004-10-01 15:00 40,960 a------- c:\program files\Uninstall_CDS.exe
2001-03-28 11:02 122,880 a------- c:\windows\inf\agfa\message.exe
1601-01-01 00:12 65,664 a--sh--- c:\windows\system32\beziyefu.dll
2006-05-03 09:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
1601-01-01 00:12 65,664 a--sh--- c:\windows\system32\hizuriki.dll
1601-01-01 00:12 65,664 a--sh--- c:\windows\system32\mezinoma.dll
2007-02-21 10:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-09-21 09:37 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092120080922\index.dat

============= FINISH: 12:49:45.26 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 12 January 2009 - 02:47 PM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 tortoise

tortoise
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 13 January 2009 - 07:23 AM

Hi, thank you very much with your help with this problem, I do appreciate the time you have given me today.

#################################

Malwarebytes' Anti-Malware 1.32
Database version: 1647
Windows 5.1.2600 Service Pack 3

13/01/2009 12:00:28
mbam-log-2009-01-13 (12-00-27).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 308135
Time elapsed: 2 hour(s), 13 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 26
Registry Values Infected: 6
Registry Data Items Infected: 5
Folders Infected: 49
Files Infected: 1233

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\barijatu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\reforola.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\rzbvjj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tadezuzu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vamegeye.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\rumerubo.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{4be43647-f7a1-4203-9136-514b15727cdb} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5e798dc9-6509-4d2d-8c75-57662bf37979} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4be43647-f7a1-4203-9136-514b15727cdb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5e798dc9-6509-4d2d-8c75-57662bf37979} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4be43647-f7a1-4203-9136-514b15727cdb} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e798dc9-6509-4d2d-8c75-57662bf37979} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/updater,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\20b24ef8 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm23817d64 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zakesasori (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\rumerubo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\rumerubo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\barijatu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\barijatu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\barijatu.dll -> Delete on reboot.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\2817 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\2817\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\3461 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\3461\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\3461\resources\gid329 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\3461\resources\gid329\cid1124 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\3461\resources\gid329\cid1124\bebo03 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\3461\resources\gid329\cid1124\bebo03\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\4060 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\4060\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\4060\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\4060\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\4060\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\4060\resources\gid329 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\4060\resources\gid329\cid1124 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\4060\resources\gid329\cid1124\bebo03 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\4060\resources\gid329\cid1124\bebo03\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\4152 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\4152\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\4152\resources\gid329 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Updater\2663 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Updater\4458 (Adware.VideoEgg) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark_1.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinson\Application Data\VideoEgg\Data\R

#4 tortoise

tortoise
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 13 January 2009 - 07:26 AM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Hinson at 2009-01-13 12:17:30
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 12 GB (4%) free of 305 GB
Total RAM: 767 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:43, on 13/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Temp\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Hinson.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\ProjectX\jre\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\ProjectX\jre\bin\jp2ssv.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\ProjectX\jre\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [zakesasori] Rundll32.exe "C:\WINDOWS\system32\jusirodo.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://www.creative.com
O15 - Trusted Zone: http://www.openstreetmap.org
O15 - Trusted Zone: http://geo.topf.org
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DBFECB3F-B78F-442E-AE46-4952E6F17545} (Bonusprint Image Uploader Version 3.5) - http://webalbum.bonusprint.com/UK/download...geUploader3.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll rzbvjj.dll
O20 - Winlogon Notify: ssqRJdeb - ssqRJdeb.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe

--
End of file - 8167 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\tpptcbpc.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-29 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\ProjectX\jre\bin\ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-04 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\ProjectX\jre\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-04 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"=C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [2006-06-26 243248]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2006-06-26 614960]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [2006-06-26 497200]
"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2005-12-08 16384]
"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe [2008-12-29 548864]
"QuickTime Task"=C:\Program Files\QuickTime Alternative\qttask.exe [2007-12-11 286720]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-03-12 663552]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-01-26 65536]
"SunJavaUpdateSched"=C:\Program Files\ProjectX\jre\bin\jusched.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll rzbvjj.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-10-12 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqRJdeb]
ssqRJdeb.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Media Player Classic\mplayerc.exe"="C:\Program Files\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\TomTom HOME\TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe:*:Enabled:TomTom HOME"
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\ftp4t\ftp4t.exe"="C:\Program Files\ftp4t\ftp4t.exe:*:Enabled:FTP Server for Topfield V1.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Disabled:RTC App Sharing"
"C:\Program Files\SimSig\Waterloo.exe"="C:\Program Files\SimSig\Waterloo.exe:*:Enabled:Waterloo"
"C:\Program Files\SimSig\Royston.exe"="C:\Program Files\SimSig\Royston.exe:*:Enabled:Royston"
"C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\Documents and Settings\Hinson\My Documents\BB Testing\MS4PC_0.0.71.exe"="C:\Documents and Settings\Hinson\My Documents\BB Testing\MS4PC_0.0.71.exe:*:Enabled:MS4PC_0.0.71"
"C:\Mike\Toppy\Bawbag\MS4PC_0.0.7.30rl.exe"="C:\Mike\Toppy\Bawbag\MS4PC_0.0.7.30rl.exe:*:Enabled:MS4PC_0.0.7.30rl"
"C:\Mike\Toppy\Bawbag.MS4PC_0.0.7.38rl\MS4PC_0.0.7.38rl.exe"="C:\Mike\Toppy\Bawbag.MS4PC_0.0.7.38rl\MS4PC_0.0.7.38rl.exe:*:Enabled:MS4PC_0.0.7.38rl"
"C:\Mike\Toppy\Bawbag.MS4PC_0.0.7.38rl.071130\MS4PC_0.0.7.38rl.exe"="C:\Mike\Toppy\Bawbag.MS4PC_0.0.7.38rl.071130\MS4PC_0.0.7.38rl.exe:*:Enabled:MS4PC_0.0.7.38rl"
"C:\Program Files\Microsoft Office\Office10\EXCEL.EXE"="C:\Program Files\Microsoft Office\Office10\EXCEL.EXE:*:Enabled:Microsoft Excel"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Mike\Toppy\BB MS4TVB\MS4TVB.exe"="C:\Mike\Toppy\BB MS4TVB\MS4TVB.exe:*:Enabled:MS4TVB"
"C:\Mike\Toppy\Bawbag.MS4PC_0.0.7.38rl.080109\ms4pc.exe"="C:\Mike\Toppy\Bawbag.MS4PC_0.0.7.38rl.080109\ms4pc.exe:*:Enabled:MyStuff for PC Companion"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\FileZilla Server\FileZilla server.exe"="C:\Program Files\FileZilla Server\FileZilla server.exe:*:Enabled:FileZilla server.exe"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Disabled:File Transfer Program"
"C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe:*:Disabled:FileZilla Server Interface"
"C:\Program Files\FileZilla\FileZilla.exe"="C:\Program Files\FileZilla\FileZilla.exe:*:Enabled:FileZilla"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe"="C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe:*:Enabled:WLLoginProxy"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{464883b3-3998-11db-9fd1-0007e9ee0a1e}]
shell\AutoRun\command - E:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69946537-ed09-11dc-9c56-0007e9ee0a1e}]
shell\AutoRun\command - K:\LaunchU3.exe -a


======File associations======

.ini - open - "C:\Program Files\UltraEdit\uedit32.exe" "%1"

======List of files/folders created in the last 3 months======

2009-01-13 12:17:30 ----D---- C:\rsit
2009-01-13 09:39:03 ----D---- C:\Documents and Settings\Hinson\Application Data\Malwarebytes
2009-01-13 09:38:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-13 09:38:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-08 22:06:27 ----D---- C:\Program Files\Microsoft Works
2009-01-05 23:33:12 ----D---- C:\Program Files\VideoReDoTVSuite
2009-01-05 23:33:12 ----D---- C:\Documents and Settings\Hinson\Application Data\VideoReDo-TVSuite
2009-01-05 18:17:04 ----D---- C:\Program Files\Notepad++
2009-01-05 00:11:03 ----A---- C:\WINDOWS\system32\RENBD.tmp
2009-01-05 00:11:03 ----A---- C:\WINDOWS\system32\RENBC.tmp
2009-01-05 00:11:03 ----A---- C:\WINDOWS\system32\RENBB.tmp
2009-01-05 00:10:06 ----A---- C:\WINDOWS\system32\REN9F.tmp
2009-01-05 00:10:06 ----A---- C:\WINDOWS\system32\REN9E.tmp
2009-01-05 00:10:06 ----A---- C:\WINDOWS\system32\REN9D.tmp
2009-01-04 23:49:59 ----A---- C:\WINDOWS\system32\REN8E.tmp
2009-01-04 23:49:59 ----A---- C:\WINDOWS\system32\REN8D.tmp
2009-01-04 23:49:59 ----A---- C:\WINDOWS\system32\REN8C.tmp
2009-01-04 23:49:42 ----D---- C:\Program Files\Java
2009-01-04 23:44:34 ----A---- C:\WINDOWS\system32\REN68.tmp
2009-01-04 23:44:34 ----A---- C:\WINDOWS\system32\REN67.tmp
2009-01-04 23:44:34 ----A---- C:\WINDOWS\system32\REN66.tmp
2009-01-04 23:41:41 ----A---- C:\WINDOWS\system32\REN60.tmp
2009-01-04 23:41:41 ----A---- C:\WINDOWS\system32\REN5F.tmp
2009-01-04 23:41:41 ----A---- C:\WINDOWS\system32\REN5E.tmp
2009-01-04 22:19:35 ----A---- C:\WINDOWS\system32\REN55.tmp
2009-01-04 22:19:35 ----A---- C:\WINDOWS\system32\REN54.tmp
2009-01-04 22:19:35 ----A---- C:\WINDOWS\system32\REN53.tmp
2009-01-04 14:24:35 ----D---- C:\Documents and Settings\Hinson\Application Data\HandBrake
2009-01-03 12:56:59 ----D---- C:\Program Files\Sun
2009-01-03 12:56:44 ----A---- C:\WINDOWS\system32\REN77.tmp
2009-01-03 12:56:44 ----A---- C:\WINDOWS\system32\REN76.tmp
2009-01-03 12:56:44 ----A---- C:\WINDOWS\system32\REN75.tmp
2009-01-03 12:55:49 ----A---- C:\WINDOWS\system32\REN4F.tmp
2009-01-03 12:55:49 ----A---- C:\WINDOWS\system32\REN4E.tmp
2009-01-03 12:55:49 ----A---- C:\WINDOWS\system32\REN4D.tmp
2009-01-03 12:53:10 ----A---- C:\WINDOWS\system32\REN3F.tmp
2009-01-03 12:53:10 ----A---- C:\WINDOWS\system32\REN3E.tmp
2009-01-03 12:53:10 ----A---- C:\WINDOWS\system32\REN3D.tmp
2009-01-03 10:42:38 ----A---- C:\WINDOWS\system32\REN83.tmp
2009-01-03 10:42:38 ----A---- C:\WINDOWS\system32\REN82.tmp
2009-01-03 10:42:38 ----A---- C:\WINDOWS\system32\REN81.tmp
2009-01-03 10:41:37 ----A---- C:\WINDOWS\system32\REN7B.tmp
2009-01-03 10:41:37 ----A---- C:\WINDOWS\system32\REN7A.tmp
2009-01-03 10:41:37 ----A---- C:\WINDOWS\system32\REN79.tmp
2009-01-03 10:40:09 ----A---- C:\WINDOWS\system32\REN73.tmp
2009-01-03 10:40:09 ----A---- C:\WINDOWS\system32\REN72.tmp
2009-01-03 10:40:09 ----A---- C:\WINDOWS\system32\REN71.tmp
2009-01-03 10:38:26 ----A---- C:\WINDOWS\system32\REN6B.tmp
2009-01-03 10:38:26 ----A---- C:\WINDOWS\system32\REN6A.tmp
2009-01-03 10:38:26 ----A---- C:\WINDOWS\system32\REN69.tmp
2009-01-03 10:37:31 ----A---- C:\WINDOWS\system32\REN63.tmp
2009-01-03 10:37:31 ----A---- C:\WINDOWS\system32\REN62.tmp
2009-01-03 10:37:31 ----A---- C:\WINDOWS\system32\REN61.tmp
2009-01-03 10:36:39 ----A---- C:\WINDOWS\system32\REN5B.tmp
2009-01-03 10:36:39 ----A---- C:\WINDOWS\system32\REN5A.tmp
2009-01-03 10:36:39 ----A---- C:\WINDOWS\system32\REN59.tmp
2009-01-03 10:35:44 ----A---- C:\WINDOWS\system32\REN52.tmp
2009-01-03 10:35:44 ----A---- C:\WINDOWS\system32\REN51.tmp
2009-01-03 10:35:44 ----A---- C:\WINDOWS\system32\REN50.tmp
2009-01-03 10:34:45 ----A---- C:\WINDOWS\system32\REN4C.tmp
2009-01-03 10:34:45 ----A---- C:\WINDOWS\system32\REN4B.tmp
2009-01-03 10:34:45 ----A---- C:\WINDOWS\system32\REN4A.tmp
2009-01-03 10:32:40 ----A---- C:\WINDOWS\system32\REN44.tmp
2009-01-03 10:32:40 ----A---- C:\WINDOWS\system32\REN43.tmp
2009-01-03 10:32:40 ----A---- C:\WINDOWS\system32\REN42.tmp
2009-01-03 10:23:23 ----A---- C:\WINDOWS\system32\REN3C.tmp
2009-01-03 10:23:23 ----A---- C:\WINDOWS\system32\REN3B.tmp
2009-01-03 10:23:23 ----A---- C:\WINDOWS\system32\REN3A.tmp
2009-01-03 00:03:52 ----D---- C:\Program Files\Trend Micro
2008-12-30 14:16:56 ----D---- C:\Program Files\ProjectX_Subtitle_Mod
2008-12-19 15:01:31 ----D---- C:\Program Files\Windows Live
2008-12-19 15:01:30 ----D---- C:\Program Files\Messenger Plus! Live
2008-12-15 23:18:46 ----A---- C:\WINDOWS\system32\rawread.dll
2008-12-15 23:18:46 ----A---- C:\WINDOWS\system32\RAWIO32.dll
2008-12-15 23:18:46 ----A---- C:\WINDOWS\system32\RAWIO16.DLL
2008-12-11 22:41:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 22:32:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 22:32:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 22:32:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-19 21:39:41 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-11-19 21:39:39 ----D---- C:\Program Files\DVD Shrink
2008-11-15 19:15:18 ----D---- C:\Program Files\ProjectX
2008-11-12 22:27:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 22:27:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 22:27:15 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-24 23:09:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-16 23:20:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 23:20:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 23:20:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 23:19:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 23:19:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-14 20:11:43 ----D---- C:\Program Files\ProjectX_new

======List of files/folders modified in the last 3 months======

2009-01-13 12:17:43 ----D---- C:\WINDOWS\Temp
2009-01-13 12:17:25 ----D---- C:\WINDOWS\Prefetch
2009-01-13 12:17:09 ----RD---- C:\Temp
2009-01-13 12:14:10 ----D---- C:\WINDOWS\system32
2009-01-13 12:08:36 ----D---- C:\Program Files\lg_fwupdate
2009-01-13 12:08:32 ----A---- C:\WINDOWS\lgfwup.ini
2009-01-13 12:07:23 ----D---- C:\WINDOWS\system32\drivers
2009-01-13 12:06:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-13 12:06:46 ----A---- C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000004-10031102}.BAK
2009-01-13 09:38:57 ----RD---- C:\Program Files
2009-01-11 20:30:40 ----D---- C:\WINDOWS
2009-01-11 15:07:54 ----HD---- C:\$AVG8.VAULT$
2009-01-11 12:42:33 ----A---- C:\WINDOWS\uedit32.INI
2009-01-10 18:07:51 ----ASH---- C:\WINDOWS\system32\yesileya.dll
2009-01-10 18:07:49 ----ASH---- C:\WINDOWS\system32\ledahofo.dll
2009-01-10 13:21:00 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-09 17:19:53 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-01-09 16:46:27 ----SD---- C:\WINDOWS\Tasks
2009-01-08 22:06:28 ----SHD---- C:\WINDOWS\Installer
2009-01-06 19:26:41 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-05 20:28:00 ----D---- C:\Program Files\rec2dvd
2009-01-04 23:44:46 ----D---- C:\Program Files\Common Files
2009-01-04 14:19:03 ----D---- C:\Program Files\Handbrake
2009-01-04 13:39:39 ----A---- C:\WINDOWS\Altair.INI
2009-01-03 13:07:46 ----D---- C:\WINDOWS\system
2009-01-03 12:53:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-03 12:53:19 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-02 23:51:31 ----SH---- C:\boot.ini
2009-01-02 23:51:31 ----A---- C:\WINDOWS\win.ini
2009-01-02 23:51:31 ----A---- C:\WINDOWS\system.ini
2009-01-02 23:44:16 ----D---- C:\Program Files\Yahoo!
2009-01-02 23:43:00 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-02 23:43:00 ----D---- C:\Program Files\TomTom HOME
2009-01-02 23:41:47 ----HD---- C:\WINDOWS\inf
2009-01-02 23:41:47 ----AD---- C:\WINDOWS\udtablet
2009-01-02 23:41:33 ----D---- C:\Program Files\NCH Swift Sound
2009-01-02 23:33:03 ----D---- C:\Program Files\Skype
2009-01-02 23:33:02 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-01-02 23:32:28 ----D---- C:\Program Files\SimSig
2009-01-02 23:26:05 ----D---- C:\Program Files\CyberLink DVD Solution
2009-01-02 23:13:06 ----D---- C:\WINDOWS\twain_32
2009-01-02 23:04:01 ----RD---- C:\Mike
2008-12-19 15:01:31 ----D---- C:\Program Files\MSN Messenger
2008-12-18 23:58:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 23:58:00 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-13 06:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 22:41:35 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 22:40:56 ----D---- C:\Program Files\Internet Explorer
2008-11-20 07:29:25 ----D---- C:\WINDOWS\Help
2008-11-16 20:11:58 ----D---- C:\Program Files\Rec2Any
2008-11-16 00:18:53 ----D---- C:\Program Files\rec2mpg
2008-11-12 22:26:30 ----D---- C:\WINDOWS\WinSxS
2008-11-06 09:01:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-02 09:39:21 ----D---- C:\Program Files\FileZilla Server
2008-10-23 12:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 10:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-18 14:13:37 ----D---- C:\Documents and Settings\Hinson\Application Data\foobar2000
2008-10-16 21:48:42 ----D---- C:\Program Files\Winamp
2008-10-16 20:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 20:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 20:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 20:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 20:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 20:38:39 ----A---- C:\WINDOWS\system32\occache.dll
2008-10-16 20:38:39 ----A---- C:\WINDOWS\system32\mstime.dll
2008-10-16 20:38:38 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 20:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 20:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 20:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 20:38:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 20:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 20:38:37 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 20:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 20:38:35 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 20:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 20:38:35 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 20:38:35 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 20:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 20:38:35 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 20:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 20:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 20:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 13:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-16 13:11:09 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-15 16:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 07:04:53 ----A---- C:\WINDOWS\system32\ieakui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-29 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-04 26824]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-03-07 9336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-03-07 9464]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-10-15 17153]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-10-12 1777152]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2005-12-08 501760]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2005-12-08 439296]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2005-12-08 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2005-12-08 142336]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-01-20 140288]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2005-12-08 77824]
R3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2006-06-22 20272]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2005-12-08 754176]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2005-12-08 154112]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 Lvckap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2006-06-26 1587632]
R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2006-06-26 1952816]
R3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2006-06-22 1413424]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\drivers\LVPr2Mon.sys [2006-06-26 23472]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2006-06-22 38960]
R3 LVUVC;Logitech QuickCam Fusion(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2006-06-22 961072]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-06 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2005-12-08 114688]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 seneka;seneka; C:\WINDOWS\system32\drivers\senekaturbqfvi.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 a94zavq5;a94zavq5; C:\WINDOWS\system32\drivers\a94zavq5.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 FILEMON;FILEMON; \??\C:\WINDOWS\system32\drivers\FILEM.SYS []
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver; C:\WINDOWS\system32\DRIVERS\GcKernel.sys [2008-04-13 59136]
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-03-08 8320]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2005-12-08 179712]
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver; C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1; C:\WINDOWS\system32\DRIVERS\libusb0.sys [2007-03-20 28672]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2008-02-12 26112]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PentaxUsb;PENTAX Optio 60 on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-11-24 50976]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tablet;Serial Tablet Driver; C:\WINDOWS\system32\DRIVERS\tablet.sys []
S3 tbfilter;Tablet Filter Driver; C:\WINDOWS\system32\DRIVERS\tbfilter.sys []
S3 TFBULK;Topfield USB client driver; C:\WINDOWS\system32\drivers\TfBulk.sys [2007-05-31 13312]
S3 ultradfg;ultradfg; C:\WINDOWS\System32\DRIVERS\ultradfg.sys [2008-03-09 23040]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-10-12 430080]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2006-06-26 99888]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-10-11 520192]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe [2006-06-26 91696]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-10-21 72704]
S4 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-09-09 102400]
S4 FileZilla Server;FileZilla Server FTP server; C:\Program Files\FileZilla Server\FileZilla Server.exe [2008-07-30 587776]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-12-11 504104]
S4 KService;KService; C:\Program Files\Kontiki\KService.exe [2008-02-27 3072184]
S4 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.05 2009-01-13 12:17:47

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec.exe /I{C98E5F1B-5C2B-4FD1-BDF9-F3779DCAAA16}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
ActivePerl 5.6.1 Build 638-->MsiExec.exe /I{D048A3AD-31D3-44A5-9D12-C4ADD3253B00}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop Elements 4.0-->msiexec /I {EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}
Adobe Premiere Elements 2.0-->msiexec /I {11C98E1A-EC91-4B38-B44C-C562292D8453}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{F85B3B0A-E302-4B67-9220-6B57F075B311}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Audacity 1.3.5 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
Auto Gordian Knot 2.45-->C:\Program Files\AutoGK\uninst.exe
AutoIt v3.2.10.0-->C:\Program Files\AutoIt3\Uninstall.exe
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Avidemux 2.4-->C:\Program Files\Avidemux 2.4\uninstall.exe
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
BBC iPlayer Download Manager-->MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF}
Blaze Media Pro-->"C:\Documents and Settings\All Users\Application Data\{AE0BC752-61D9-47F3-849E-867386B3C499}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
Blaze Media Pro-->C:\Documents and Settings\All Users\Application Data\{AE0BC752-61D9-47F3-849E-867386B3C499}\setup_blazemp.exe
Bonusprint Pix-->C:\PROGRA~1\BONUSP~1\UNWISE.EXE C:\PROGRA~1\BONUSP~1\INSTALL.LOG
Brother MFL-Pro Suite-->"C:\Program Files\InstallShield Installation Information\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}\Setup.exe" -runfromtemp -l0x0009 Brunin03.dll -removeonly
Canon i965-->C:\WINDOWS\system32\CNMCP5n.exe "-PRINTERNAMECanon i965" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i965 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i965 Installer\Inst2\cnmi0409.dll"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
CDCheck-->"C:\Program Files\CDCheck\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivxToDVD 0.5.2-->"C:\Program Files\vso\DivxToDVD\unins000.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVD Solution-->"C:\Program Files\Uninstall_CDS.exe"
Easy CD & DVD Creator 6-->MsiExec.exe /I{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}
ExamDiff Pro 4.0-->"C:\Program Files\ExamDiff Pro\unins000.exe"
FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"
FileZilla Server (remove only)-->"C:\Program Files\FileZilla Server\uninstall.exe"
Flickr Uploadr 2.3-->"C:\Program Files\Flickr Uploadr\uninstall.exe"
foobar2000 v0.9.1-->"C:\Program Files\foobar2000\uninstall.exe"
FTP - Server for Topfield 1.18-->"C:\Program Files\ftp4t\unins000.exe"
Garmin Atlantic (European) Basemap-->C:\Garmin\Basemap\UNWISE.EXE C:\Garmin\Basemap\INSTALL.LOG
Garmin Communicator Plugin-->MsiExec.exe /X{8131E9E7-BA33-472D-99AE-231457F5027F}
Garmin MapSource-->MsiExec.exe /X{5AB07385-ECE4-4CC6-886F-90669F2CB796}
Garmin POI Loader-->MsiExec.exe /X{DFA1E2C8-A9DE-4B99-8B3C-866664B5F67C}
Garmin Trip and Waypoint Manager v4-->MsiExec.exe /X{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}
GIMP 2.4.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
GPS TrackMaker-->MsiExec.exe /X{79ED0EE7-098C-465F-A853-B17F6FC6CDD8}
GPSU version 4.87-->"C:\Program Files\GPS Utility\unins000.exe"
Gtk+ Development Environment for Windows 2.10.11-1-->C:\GTK\uninst.exe
GUI for dvdauthor 1.07-->C:\Program Files\GUI for dvdauthor\uninst.exe
HandBrake 0.9.3-->C:\Program Files\Handbrake\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ImgBurn (Remove Only)-->"C:\Program Files\ImgBurn\uninstall.exe"
Inkscape 0.44.1-->"C:\Program Files\Inkscape\uninst.exe"
InstallSpy 2.00-->"C:\Program Files\MJLSoftware\InstallSpy\unins000.exe"
Intel® PRO Ethernet Adapter and Software-->Prounstl.exe
iTunes-->MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
LADSPA_plugins-win-0.4.15-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\Plug-Ins\Plug-Ins\unins000.exe"
LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam-->MsiExec.exe /X{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}
Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MeGUI modern media encoder (remove only)-->"C:\Program Files\megui\megui-uninstall.exe"
Memory-Map OS Edition Version 5-->MsiExec.exe /X{B3FB6B55-C271-44FC-BA03-BBD8B2EA6EEF}
Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C# 2005 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual C# 2005 Express Edition - ENU\setup.exe
Microsoft Visual C# 2005 Express Edition - ENU-->MsiExec.exe /X{7E7D7935-B0C8-4032-80BA-2CDC9E43C3B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 6-9 Converter-->MsiExec.exe /X{172423F9-522A-483A-AD65-03600CE4CA4F}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MyStuff_Extended_Info-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\MyStuff_Extended_Info\ST6UNST.LOG"
NCH Toolbox-->C:\Program Files\NCH Swift Sound\ToolBox\uninst.exe
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Opera 9.0-->MsiExec.exe /X{98D5E0C9-2BF1-4FD0-B745-3EBE4C737654}
OziExplorer 3.95-->"c:\Program Files\OziExplorer\unins000.exe"
PaperPort Image Printer-->MsiExec.exe /X{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}
PENTAX USB DISK Device-->MsiExec.exe /X{AEE9ABDF-CFFD-4CC2-8519-E8ECEB5A2AAF}
PHP 5.2.0-->MsiExec.exe /I{A062A356-1B4E-4367-8E5B-26363021051B}
Pontifex Demo-->C:\Program Files\Pontifex Demo\uninstall.exe
ProjectX 0.90.4.00.b27-->"C:\Program Files\ProjectX\unins000.exe"
ProjectX 0.90.4.00-->C:\Program Files\ProjectX\Uninstall.exe
Python 2.5 pycairo-1.2.6-->"C:\Python25\Removepycairo.exe" -u "C:\Python25\pycairo-wininst.log"
Python 2.5 pygobject-2.12.3-->"C:\Python25\Removepygobject.exe" -u "C:\Python25\pygobject-wininst.log"
Python 2.5 pygtk-2.10.6-->"C:\Python25\Removepygtk.exe" -u "C:\Python25\pygtk-wininst.log"
Python 2.5.1-->MsiExec.exe /I{31800004-6386-4999-A519-518F2D78D8F0}
QuickTime Alternative 1.69-->"C:\Program Files\QuickTime Alternative\unins000.exe"
QuickTime-->MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
Real Alternative 1.48-->"C:\Program Files\Real Alternative\unins000.exe"
ScanSoft PaperPort 11-->MsiExec.exe /I{B6C89654-A6A2-477C-873B-724EC1C56407}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sibelius Scorch (ActiveX Only)-->MsiExec.exe /I{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}
Simple Sudoku 4.2-->"C:\Program Files\Simple Sudoku\unins000.exe"
SpamBayes 1.0.4-->"C:\Program Files\SpamBayes\unins000.exe"
SUPER © Version 2007.bld.23 (July 4, 2007)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SyncBack-->"C:\Program Files\SyncBack\unins000.exe"
TapulatorInstall-->MsiExec.exe /I{CB2F7789-F7B5-4211-860E-055155A2351D}
The Rosetta Stone-->C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
The Sims 2 Nightlife-->C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets-->C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
TMPGEnc DVD Author 2.0 Trial Version-->MsiExec.exe /I{9658BE78-A6AB-430A-9FE0-973E8E7F96AE}
Top Set 2.00-->"C:\Program Files\TopSet\unins000.exe"
Topfield Tools-->"C:\Program Files\Topfield\Uninstall.exe" "C:\Program Files\Topfield\install.log"
Topfield Windows Applications-->C:\Program Files\Topfield Windows Applications\uninst.exe
Topo Great Britain-->"C:\Garmin\Topo Great Britain\unins000.exe"
Total Recorder 3.4-->"C:\Program Files\HighCriteria\TotalRecorder\setup.exe" U
TSUNAMI-MPEG DVD Author PRO-->MsiExec.exe /I{DCAD9BFC-47A4-414F-95BC-F9B8D68D036A}
TSUNAMI-MPEG DVD Author Trial-->MsiExec.exe /I{60E68101-EE87-47E2-A0DA-4B22AF8496D2}
TUGZip 3.5-->"C:\Program Files\TUGZip\unins000.exe"
TV Guide-->MsiExec.exe /I{4F761F25-AC82-42BF-965C-E684FAF64508}
TV-Browser 2.6.2-->C:\Program Files\TV-Browser\Uninstall.exe
Ultra Defragmenter-->"C:\WINDOWS\UltraDefrag\uninstall.exe"
UltraEdit-32-->"C:\Program Files\UltraEdit\Uninstall.exe" "C:\Program Files\UltraEdit\ueinstall.log"
UMVPLStandalone-->MsiExec.exe /X{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VideoEgg Publisher-->C:\Program Files\VideoEgg\Uninstall.exe
VideoReDo TVSuite Version 3.1.5.568-->"C:\Program Files\VideoReDoTVSuite\unins000.exe"
VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
VST Bridge 1.1-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\Plug-Ins\VST Bridge\unins000.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinMerge 2.8.4.0-->"C:\Program Files\WinMerge\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
xImage-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31492759-0E89-46B5-9770-F6E5808E3017}\Setup.exe" -l0x9
XMLTV EPG Viewer.NET-->MsiExec.exe /I{9C6FAF7D-2FFF-4BC7-8FB7-0C07AA3531B9}
XMLTV GUI 3.07.00W-->C:\Program Files\XMLTV GUI\uninst.exe
XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe
XviD MPEG4 Video Codec (remove only)-->"C:\WINDOWS\system32\xvid-uninstall.exe"
Zoom Player (remove only)-->"C:\Program Files\Zoom Player\uninstall.exe"

=====HijackThis Backups=====

O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\ProjectX\jre\bin\ssv.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\ProjectX\jre\bin\jp2ssv.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ssqRJdeb.dll
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ssqRJdeb.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ssqRJdeb.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ssqRJdeb.dll (file missing)

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: DESKTOP
Event Code: 7035
Message: The Application Management service was successfully sent a start control.

Record Number: 56572
Source Name: Service Control Manager
Time Written: 20090103103701.000000+000
Event Type: information
User: DESKTOP\Hinson

Computer Name: DESKTOP
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 56571
Source Name: Service Control Manager
Time Written: 20090103103701.000000+000
Event Type: error
User:

Computer Name: DESKTOP
Event Code: 7036
Message: The Application Management service entered the stopped state.

Record Number: 56570
Source Name: Service Control Manager
Time Written: 20090103103701.000000+000
Event Type: information
User:

Computer Name: DESKTOP
Event Code: 7035
Message: The Application Management service was successfully sent a start control.

Record Number: 56569
Source Name: Service Control Manager
Time Written: 20090103103701.000000+000
Event Type: information
User: DESKTOP\Hinson

Computer Name: DESKTOP
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 56568
Source Name: Service Control Manager
Time Written: 20090103103701.000000+000
Event Type: error
User:

Application event log

Computer Name: DESKTOP
Event Code: 0
Message:
Record Number: 7096
Source Name: iPod Service
Time Written: 20080611161151.000000+060
Event Type: information
User:

Computer Name: DESKTOP
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 7095
Source Name: SecurityCenter
Time Written: 20080611161128.000000+060
Event Type: information
User:

Computer Name: DESKTOP
Event Code: 0
Message:
Record Number: 7094
Source Name: KService
Time Written: 20080611161120.000000+060
Event Type: information
User:

Computer Name: DESKTOP
Event Code: 105
Message: The service was started.

Record Number: 7093
Source Name: ATI Smart
Time Written: 20080611161101.000000+060
Event Type: information
User:

Computer Name: DESKTOP
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.

Record Number: 7092
Source Name: Adobe Active File Monitor 4.0
Time Written: 20080611161100.000000+060
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"DEVMGR_SHOW_NONPRESENT_DEVICES"=1
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%GTK_BASEPATH%\bin;C:\Program Files\PHP\;C:\Perl\bin\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\UltraEdit;C:\Program Files\QuickTime Alternative\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0207
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"PHPRC"=C:\Program Files\PHP\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"GTK_BASEPATH"=C:\GTK
"INCLUDE"=C:\GTK\INCLUDE;C:\GTK\INCLUDE\GTK-2.0;C:\GTK\INCLUDE\GLIB-2.0;C:\GTK\INCLUDE\PANGO-1.0;C:\GTK\INCLUDE\CAIRO;C:\GTK\INCLUDE\ATK-1.0;C:\GTK\INCLUDE\GTKGLEXT-1.0;C:\GTK\LIB\GTK-2.0\INCLUDE;C:\GTK\LIB\GLIB-2.0\INCLUDE;C:\GTK\LIB\GTKGLEXT-1.0\INCLUDE;C:\GTK\INCLUDE\LIBGLADE-2.0;C:\GTK\INCLUDE\LIBXML2;
"LIB"=C:\GTK\LIB;

-----------------EOF-----------------

#5 tortoise

tortoise
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 13 January 2009 - 07:32 AM

The attached GMER.log file is very small, have I made a mistake somewhere?

Thanks again if you get this far :-)

Tortoise.

Attached Files

  • Attached File  GMER.log   383bytes   2 downloads


#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 13 January 2009 - 07:33 AM

IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Lavasoft Ad-Aware
2. Spybot - Search & Destroy
3. Viewpoint (all of them..)




Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O4 - HKUS\S-1-5-20\..\Run: [zakesasori] Rundll32.exe "C:\WINDOWS\system32\jusirodo.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: avgrsstx.dll rzbvjj.dll
O20 - Winlogon Notify: ssqRJdeb - ssqRJdeb.dll (file missing)


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    C:\WINDOWS\system32\jusirodo.dll
    C:\WINDOWS\tasks\tpptcbpc.job
    C:\WINDOWS\system32\REN*.tmp
    C:\WINDOWS\system32\yesileya.dll
    C:\WINDOWS\system32\ledahofo.dll
    
    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{464883b3-3998-11db-9fd1-0007e9ee0a1e}]
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..



Post these logs in your next reply

1. OTMoveIt3
2. ComboFix

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 tortoise

tortoise
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 13 January 2009 - 08:59 AM

Hi, thanks for a quick reply today, this is great help & I am learning about these tools too which is interesting.

I noticed what I did wrong with GMER so I will also attach the new GMER log for you once it has finished scanning.

Thanks,

### OTMoveIT
####################################################################

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
File/Folder C:\WINDOWS\system32\jusirodo.dll not found.
C:\WINDOWS\tasks\tpptcbpc.job moved successfully.
C:\WINDOWS\system32\REN3A.tmp moved successfully.
C:\WINDOWS\system32\REN3B.tmp moved successfully.
C:\WINDOWS\system32\REN3C.tmp moved successfully.
C:\WINDOWS\system32\REN3D.tmp moved successfully.
C:\WINDOWS\system32\REN3E.tmp moved successfully.
C:\WINDOWS\system32\REN3F.tmp moved successfully.
C:\WINDOWS\system32\REN42.tmp moved successfully.
C:\WINDOWS\system32\REN43.tmp moved successfully.
C:\WINDOWS\system32\REN44.tmp moved successfully.
C:\WINDOWS\system32\REN4A.tmp moved successfully.
C:\WINDOWS\system32\REN4B.tmp moved successfully.
C:\WINDOWS\system32\REN4C.tmp moved successfully.
C:\WINDOWS\system32\REN4D.tmp moved successfully.
C:\WINDOWS\system32\REN4E.tmp moved successfully.
C:\WINDOWS\system32\REN4F.tmp moved successfully.
C:\WINDOWS\system32\REN50.tmp moved successfully.
C:\WINDOWS\system32\REN51.tmp moved successfully.
C:\WINDOWS\system32\REN52.tmp moved successfully.
C:\WINDOWS\system32\REN53.tmp moved successfully.
C:\WINDOWS\system32\REN54.tmp moved successfully.
C:\WINDOWS\system32\REN55.tmp moved successfully.
C:\WINDOWS\system32\REN59.tmp moved successfully.
C:\WINDOWS\system32\REN5A.tmp moved successfully.
C:\WINDOWS\system32\REN5B.tmp moved successfully.
C:\WINDOWS\system32\REN5E.tmp moved successfully.
C:\WINDOWS\system32\REN5F.tmp moved successfully.
C:\WINDOWS\system32\REN60.tmp moved successfully.
C:\WINDOWS\system32\REN61.tmp moved successfully.
C:\WINDOWS\system32\REN62.tmp moved successfully.
C:\WINDOWS\system32\REN63.tmp moved successfully.
C:\WINDOWS\system32\REN66.tmp moved successfully.
C:\WINDOWS\system32\REN67.tmp moved successfully.
C:\WINDOWS\system32\REN68.tmp moved successfully.
C:\WINDOWS\system32\REN69.tmp moved successfully.
C:\WINDOWS\system32\REN6A.tmp moved successfully.
C:\WINDOWS\system32\REN6B.tmp moved successfully.
C:\WINDOWS\system32\REN71.tmp moved successfully.
C:\WINDOWS\system32\REN72.tmp moved successfully.
C:\WINDOWS\system32\REN73.tmp moved successfully.
C:\WINDOWS\system32\REN75.tmp moved successfully.
C:\WINDOWS\system32\REN76.tmp moved successfully.
C:\WINDOWS\system32\REN77.tmp moved successfully.
C:\WINDOWS\system32\REN79.tmp moved successfully.
C:\WINDOWS\system32\REN7A.tmp moved successfully.
C:\WINDOWS\system32\REN7B.tmp moved successfully.
C:\WINDOWS\system32\REN81.tmp moved successfully.
C:\WINDOWS\system32\REN82.tmp moved successfully.
C:\WINDOWS\system32\REN83.tmp moved successfully.
C:\WINDOWS\system32\REN8C.tmp moved successfully.
C:\WINDOWS\system32\REN8D.tmp moved successfully.
C:\WINDOWS\system32\REN8E.tmp moved successfully.
C:\WINDOWS\system32\REN9D.tmp moved successfully.
C:\WINDOWS\system32\REN9E.tmp moved successfully.
C:\WINDOWS\system32\REN9F.tmp moved successfully.
C:\WINDOWS\system32\RENBB.tmp moved successfully.
C:\WINDOWS\system32\RENBC.tmp moved successfully.
C:\WINDOWS\system32\RENBD.tmp moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\yesileya.dll
C:\WINDOWS\system32\yesileya.dll NOT unregistered.
C:\WINDOWS\system32\yesileya.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ledahofo.dll
C:\WINDOWS\system32\ledahofo.dll NOT unregistered.
C:\WINDOWS\system32\ledahofo.dll moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{464883b3-3998-11db-9fd1-0007e9ee0a1e}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Hinson\LOCALS~1\Temp\~DF1BAE.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Hinson\LOCALS~1\Temp\~DF1BB9.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Hinson\LOCALS~1\Temp\~DFC307.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01132009_130537

Files moved on Reboot...
File C:\DOCUME~1\Hinson\LOCALS~1\Temp\~DF1BAE.tmp not found!
File C:\DOCUME~1\Hinson\LOCALS~1\Temp\~DF1BB9.tmp not found!
C:\DOCUME~1\Hinson\LOCALS~1\Temp\~DFC307.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

#8 tortoise

tortoise
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 13 January 2009 - 09:01 AM

ComboFix 09-01-11.04 - Hinson 2009-01-13 13:27:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.443 [GMT 0:00]
Running from: c:\documents and settings\Hinson\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\Memman.vxd
c:\windows\system32\skinboxer43.dll

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FILEMON
-------\Service_FILEMON
-------\Service_seneka


((((((((((((((((((((((((( Files Created from 2008-12-13 to 2009-01-13 )))))))))))))))))))))))))))))))
.

2009-01-13 13:05 . 2009-01-13 13:05 <DIR> d-------- C:\_OTMoveIt
2009-01-13 13:03 . 2009-01-13 13:04 348,160 --a------ c:\temp\OTMoveIt3.exe
2009-01-13 12:27 . 2008-04-17 21:13 811,008 --a------ c:\temp\gmer.exe
2009-01-13 12:27 . 2009-01-13 12:28 250 --a------ c:\windows\gmer.ini
2009-01-13 12:20 . 2009-01-13 12:20 747,873 --a------ c:\temp\gmer.zip
2009-01-13 12:17 . 2009-01-13 12:17 <DIR> d-------- C:\rsit
2009-01-13 12:17 . 2009-01-13 12:17 781,851 --a------ c:\temp\RSIT.exe
2009-01-13 09:39 . 2009-01-13 09:39 <DIR> d-------- c:\documents and settings\Hinson\Application Data\Malwarebytes
2009-01-13 09:39 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-13 09:38 . 2009-01-13 09:39 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-13 09:38 . 2009-01-13 09:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-13 09:38 . 2009-01-13 09:38 2,697,168 --a------ c:\temp\mbam-setup.exe
2009-01-13 09:38 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-11 20:53 . 2009-01-11 20:53 718,000 --a------ c:\temp\dfsetup105.exe
2009-01-11 17:31 . 2009-01-11 17:31 11,455 --a------ c:\temp\wrapradio.zip
2009-01-11 12:21 . 2009-01-11 12:21 368,922 --a------ c:\temp\dds.scr
2009-01-09 17:00 . 2009-01-09 17:00 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2009-01-08 22:06 . 2009-01-08 22:06 <DIR> d-------- c:\program files\Microsoft Works
2009-01-05 23:33 . 2009-01-06 19:25 <DIR> d-------- c:\program files\VideoReDoTVSuite
2009-01-05 23:33 . 2009-01-06 20:12 <DIR> d-------- c:\documents and settings\Hinson\Application Data\VideoReDo-TVSuite
2009-01-05 23:31 . 2009-01-05 23:31 13,791,400 --a------ c:\temp\VideoReDoTVS-3-1-5-564.exe
2009-01-05 18:28 . 2009-01-05 18:28 82,387 --a------ c:\temp\LightExplorer_1_6_dll.zip
2009-01-05 18:28 . 2009-01-05 18:28 82,371 --a------ c:\temp\SearchInFiles_1_12_dll.zip
2009-01-05 18:27 . 2009-01-05 18:27 106,647 --a------ c:\temp\HexEditor_0_9_2_dll.zip
2009-01-05 18:23 . 2009-01-05 18:23 101,349 --a------ c:\temp\Explorer_1_8_1_dll.zip
2009-01-05 18:17 . 2009-01-05 18:24 <DIR> d-------- c:\program files\Notepad++
2009-01-05 18:15 . 2009-01-05 18:15 2,434,782 --a------ c:\temp\npp.5.1.3.Installer.exe
2009-01-05 00:10 . 2009-01-05 00:11 209,816 --a------ c:\temp\jre-6u11-windows-i586-p-iftw-k.exe
2009-01-05 00:09 . 2009-01-05 00:09 16,168,344 --a------ c:\temp\jre-6u11-windows-i586-p.exe
2009-01-04 23:49 . 2009-01-05 00:10 <DIR> d-------- c:\program files\Java
2009-01-04 23:49 . 2009-01-04 23:49 16,319,896 --a------ c:\temp\jre-6u11-windows-i586-p-s.exe
2009-01-04 22:14 . 2009-01-04 22:14 15,951,256 --a------ c:\temp\jre-6u6-windows-i586-p-s.exe
2009-01-04 14:24 . 2009-01-04 14:24 <DIR> d-------- c:\documents and settings\Hinson\Application Data\HandBrake
2009-01-04 14:12 . 2009-01-04 14:18 6,529,156 --a------ c:\temp\HandBrake-0.9.3-Win_GUI.exe
2009-01-03 12:56 . 2009-01-03 12:56 <DIR> d-------- c:\program files\Sun
2009-01-03 10:09 . 2009-01-03 10:09 2,515 --a------ C:\FRAGLIST.LUAR
2009-01-03 00:03 . 2009-01-03 00:03 <DIR> d-------- c:\program files\Trend Micro
2009-01-03 00:03 . 2009-01-03 00:03 812,344 --a------ c:\temp\HJTInstall.exe
2009-01-02 23:35 . 2009-01-02 23:36 <DIR> d-------- c:\temp\StoryTV_data
2008-12-30 14:19 . 2008-12-30 14:35 <DIR> d-------- c:\temp\SubTitle_Testing
2008-12-30 14:16 . 2008-12-30 14:18 <DIR> d-------- c:\program files\ProjectX_Subtitle_Mod
2008-12-30 14:06 . 2008-12-30 14:06 19,692,042 --a------ c:\temp\Sit2_Count42_20081223a.zip
2008-12-19 15:01 . 2008-12-19 15:01 <DIR> d-------- c:\program files\Windows Live
2008-12-19 15:01 . 2008-12-19 15:01 <DIR> d-------- c:\program files\Messenger Plus! Live
2008-12-19 14:59 . 2008-12-19 15:00 4,887,376 --a------ c:\temp\MsgPlusLive-470.exe
2008-12-19 14:53 . 2008-12-19 14:53 1,935,345 --a------ c:\temp\installer-32-messenger-plus-live-uk.exe
2008-12-15 23:18 . 2004-09-19 11:58 94,208 --a------ c:\windows\system32\rawread.dll
2008-12-15 23:18 . 2002-07-17 17:51 20,480 --a------ c:\windows\system32\RAWIO32.dll
2008-12-15 23:18 . 2002-10-08 20:27 12,992 --a------ c:\windows\system32\RAWIO16.DLL
2008-12-15 23:17 . 2008-12-15 23:17 2,615,922 --a------ c:\temp\ProjectX-Complete_090400b27_with_JRE.zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 13:30 --------- d-----w c:\program files\lg_fwupdate
2009-01-13 13:29 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-01-09 17:19 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-07 10:45 41,656 ----a-w c:\documents and settings\Hinson\Application Data\GDIPFONTCACHEV1.DAT
2009-01-06 19:26 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-05 20:28 --------- d-----w c:\program files\rec2dvd
2009-01-04 14:19 --------- d-----w c:\program files\Handbrake
2009-01-02 23:44 --------- d-----w c:\program files\Yahoo!
2009-01-02 23:43 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 23:43 --------- d-----w c:\program files\TomTom HOME
2009-01-02 23:41 --------- d-----w c:\program files\NCH Swift Sound
2009-01-02 23:33 --------- d-----w c:\program files\Skype
2009-01-02 23:33 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-01-02 23:32 --------- d-----w c:\program files\SimSig
2009-01-02 23:26 --------- d-----w c:\program files\CyberLink DVD Solution
2008-12-30 14:18 --------- d-----w c:\program files\ProjectX
2008-12-19 15:01 --------- d-----w c:\program files\MSN Messenger
2008-11-19 21:42 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-11-19 21:39 --------- d-----w c:\program files\DVD Shrink
2008-11-16 20:11 --------- d-----w c:\program files\Rec2Any
2008-11-16 00:18 --------- d-----w c:\program files\rec2mpg
2008-11-15 19:15 --------- d-----w c:\program files\ProjectX_new
2007-02-18 15:41 52 ----a-w c:\documents and settings\Hinson\tt.bat
2004-10-01 15:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-09-21 09:37 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092120080922\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-12-29 548864]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2007-12-11 286720]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"CTHelper"="CTHELPER.EXE" [2005-12-08 c:\windows\CTHELPER.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.ffds"= ffdshow.ax
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\ftp4t\\ftp4t.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Documents and Settings\\Hinson\\My Documents\\BB Testing\\MS4PC_0.0.71.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\EXCEL.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\FileZilla Server\\FileZilla server.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\FileZilla Server\\FileZilla Server Interface.exe"=
"c:\\Program Files\\FileZilla\\FileZilla.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-05-20 97928]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-20 231704]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-12-02 28672]
S3 PentaxUsb;PENTAX Optio 60 on USB;c:\windows\system32\drivers\CoachUsb.sys [2004-11-24 50976]
S3 tablet;Serial Tablet Driver;c:\windows\system32\DRIVERS\tablet.sys --> c:\windows\system32\DRIVERS\tablet.sys [?]
S3 tbfilter;Tablet Filter Driver;c:\windows\system32\DRIVERS\tbfilter.sys --> c:\windows\system32\DRIVERS\tbfilter.sys [?]
S3 TFBULK;Topfield USB client driver;c:\windows\system32\drivers\TfBulk.SYS [2007-05-31 13312]
S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [2008-03-09 23040]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69946537-ed09-11dc-9c56-0007e9ee0a1e}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\ProjectX\jre\bin\jusched.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: www.adobe.com
Trusted Zone: www.creative.com
Trusted Zone: www.openstreetmap.org
Trusted Zone: geo.topf.org

c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\CONFLICT.1\ImageUploader3.ocx
O16 -: {DBFECB3F-B78F-442E-AE46-4952E6F17545}
hxxp://webalbum.bonusprint.com/UK/downloads//ImageUploader3.cab
c:\windows\Downloaded Program Files\CONFLICT.1\ImageUploader3.inf

c:\windows\Downloaded Program Files\CtORWebClient.ocx - O16 -: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC}
hxxp://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab
c:\windows\Downloaded Program Files\CtORWebClient.inf

c:\windows\Downloaded Program Files\GoPetsWeb.ocx - O16 -: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8}
hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
c:\windows\Downloaded Program Files\GoPetsWeb.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-13 13:30:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1757981266-1004336348-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-13 13:36:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-13 13:35:58

Pre-Run: 15,694,938,112 bytes free
Post-Run: 15,603,392,512 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

233 --- E O F --- 2008-12-18 23:58:49

#9 tortoise

tortoise
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 13 January 2009 - 09:02 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:50:03, on 13/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\ProjectX\jre\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\ProjectX\jre\bin\jp2ssv.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://www.creative.com
O15 - Trusted Zone: http://www.openstreetmap.org
O15 - Trusted Zone: http://geo.topf.org
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DBFECB3F-B78F-442E-AE46-4952E6F17545} (Bonusprint Image Uploader Version 3.5) - http://webalbum.bonusprint.com/UK/download...geUploader3.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe

--
End of file - 7726 bytes

#10 tortoise

tortoise
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 13 January 2009 - 09:24 AM

This is the GMER log you requested (I messed it up the first time I attached it above)..

Thanks,
Tortoise

Attached Files


Edited by tortoise, 13 January 2009 - 09:25 AM.


#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 13 January 2009 - 09:55 AM

Looks good here.. How is the computer now?.. Lets do an online scan to see what might left.. :thumbsup:


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 tortoise

tortoise
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 13 January 2009 - 11:52 AM

Hi,
I have not seen anything odd happen (popups etc) for a while & the PC seems to work ok still which is a bonus.

I have just started the virus scan off that you kindly recomended however I expect it to take several hours so I will report back when it finishes. I may not get a chance to get back to you very promptly tommrow because I am tied up till the evening but I will ask another family member to respond to you if anything urgent is needed.

Thanks again for all your help, my special subjects are the Topfield PVR 5800 & CIsco networking, so if you happen to have any PVR or Cisco questions I should be able to sort you out.

Thanks

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 13 January 2009 - 01:35 PM

Will be waiting for you

my special subjects are the Topfield PVR 5800 & CIsco networking


Great!.. I now studying Cisco networking.. Lots of fun stuff to learn :thumbsup: :)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 tortoise

tortoise
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 13 January 2009 - 03:28 PM

Hi,
it is looking good...
Just 4 copies of a very old bit of junk found & deleted

Glad you are enjoying Cisco, it is a satisfying thing to study.

Thanks,
Tortoise



# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3762 (20090113)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=83f47d5a1ecac74c906a4afe2449077c
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-13 08:11:27
# local_time=2009-01-13 08:11:27 (+0000, GMT Standard Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 3
# scanned=1450244
# found=4
# scan_time=12580
C:\Documents and Settings\Hinson\My Documents\tidy\Piratos(10010-p-1-0-#3) (1).zip a variant of Win32/Dialer.Gnet application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Hinson\My Documents\tidy\Piratos(10010-p-1-0-#3).zip a variant of Win32/Dialer.Gnet application (unable to clean - deleted) 00000000000000000000000000000000
C:\Mike\Temp_but_perhaps_not\Piratos(10010-p-1-0-#3).zip a variant of Win32/Dialer.Gnet application (unable to clean - deleted) 00000000000000000000000000000000
D:\Mike\Temp_but_perhaps_not\Piratos(10010-p-1-0-#3).zip a variant of Win32/Dialer.Gnet application (unable to clean - deleted) 00000000000000000000000000000000

#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 13 January 2009 - 09:41 PM

Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users