Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

popups like crazy


  • This topic is locked This topic is locked
36 replies to this topic

#1 RunningMan

RunningMan

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 22 March 2009 - 04:04 PM

So, I've run spybot search and destroy, says i have some trojans and they keep reoccuring, deleting them doesn't seem to do the trick cuz they come right back. I ran ewido malware remover, and it found four items, and i tried deleteing some stuff on hijack this but they still keep coming back, or i cant remove them. Usually I can fix most of the minor stuff myself but I think i hit some malware, and its kinda scary cuz now i just started using online banking and buying stuff online, but havent since i found the problem a couple days ago... I'm not sure what site caused this. if kezobusa.dll and kefufaji.dll sound bad to you, then thats what I have lol, along with some other crap
logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:00:18 PM, on 3/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6523630f-9054-4d68-92bd-a23354b4c07f} - C:\WINDOWS\system32\ginameye.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [kewoderuva] Rundll32.exe "C:\WINDOWS\system32\zipetepi.dll",s
O4 - HKLM\..\Run: [CPM675060e1] Rundll32.exe "c:\windows\system32\kezobusa.dll",a
O4 - HKLM\..\Run: [6463537d] rundll32.exe "C:\WINDOWS\system32\meyeyihi.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [EPSON Stylus CX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE /FU "C:\WINDOWS\TEMP\E_S110.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [kewoderuva] Rundll32.exe "C:\WINDOWS\system32\zipetepi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122928953671
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\kezobusa.dll,C:\WINDOWS\system32\kefufaji.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kezobusa.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kezobusa.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12383 bytes

BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:41 PM

Posted 30 March 2009 - 12:16 PM

Hi RunningMan,

My name is Syler and I will be helping to clean your computer, please give me some time
to look over your logs and I will get back to your as soon as possible.

Thanks

unite.jpg


#3 RunningMan

RunningMan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 31 March 2009 - 12:28 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:26 PM, on 3/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [EPSON Stylus CX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE /FU "C:\WINDOWS\TEMP\E_S110.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [kewoderuva] Rundll32.exe "C:\WINDOWS\system32\zipetepi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [kewoderuva] Rundll32.exe "C:\WINDOWS\system32\zipetepi.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122928953671
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ,
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11877 bytes



theres my new log, while you guys were busy i took the time to google some things and found a program called malwarebytes' it found 83 infected files and trashed em, sorry for taking action without your permission tho hope i didnt make anything more complicated. But i really needed a quick fix cuz the adds were just horrible

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:41 PM

Posted 31 March 2009 - 11:41 AM

Hi RunningMan,

Well MBAM seems to have got most of it, update and run it once more and lets get a log with some more info, Please do not make
anymore changes from this point unless directed to thanks.

Before you do any of the next step you need to temporarily disable the TeaTimer protection in spybot, as it may
stop the tools we use from doing their job.

To disable Teatimer, open Spybot and click on the Mode tab and select Advanced mode.
It will ask you if your sure you want to go into advanced mode, select yes.
Now go to tools and click on the resident tab.
Uncheck the box that says "Resident "TeaTimer" (Protection of over-all system settings) active".
Then close Spybot and reboot your computer.

Next

Please download Malwarebytes' Anti-Malware from Here
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.
  • Then post back with DDS.txt.
  • Also please attach, Attach.txt in your next reply.
Please post back here with:
  • MBAM report
  • DDS.txt
  • Attach.txt
Thanks

Edited by syler, 31 March 2009 - 11:43 AM.

unite.jpg


#5 RunningMan

RunningMan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 02 April 2009 - 02:39 AM

Malwarebytes' Anti-Malware 1.35
Database version: 1927
Windows 5.1.2600 Service Pack 2

4/1/2009 9:13:22 PM
mbam-log-2009-04-01 (21-13-22).txt

Scan type: Full Scan (C:\|)
Objects scanned: 221908
Time elapsed: 7 hour(s), 3 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{5826FEC5-1E84-4C3C-8E14-B201E1872FCB}\RP981\A0278061.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5826FEC5-1E84-4C3C-8E14-B201E1872FCB}\RP981\A0278075.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5826FEC5-1E84-4C3C-8E14-B201E1872FCB}\RP981\A0278076.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5826FEC5-1E84-4C3C-8E14-B201E1872FCB}\RP981\A0278077.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5826FEC5-1E84-4C3C-8E14-B201E1872FCB}\RP981\A0278078.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5826FEC5-1E84-4C3C-8E14-B201E1872FCB}\RP981\A0278079.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5826FEC5-1E84-4C3C-8E14-B201E1872FCB}\RP981\A0278080.exe (Trojan.Vundo) -> Quarantined and deleted successfully.




DDS (Ver_09-03-16.01) - NTFSx86
Run by Kevin Yamamoto at 0:28:34.70 on Thu 04/02/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1346 [GMT -7:00]

AV: Norton AntiVirus 2005 *On-access scanning disabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*
FW: ZoneAlarm Firewall *enabled*
FW: NVIDIA Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kevin Yamamoto\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [EPSON Stylus CX4400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticaa.exe /fu "c:\windows\temp\E_S110.tmp" /EF "HKCU"
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [<NO NAME>]
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [EPSON Stylus Photo R200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Diamondback] c:\program files\razer\diamondback 3g\razerhid.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\keviny~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\keviny~1\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122928953671
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: ,
SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido anti-malware\shellhook.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\keviny~1\applic~1\mozilla\firefox\profiles\urasoru8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-12-26 127768]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\SAVRTPEL.SYS [2004-7-23 50312]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-6-11 394952]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-8-13 198304]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-8-13 181920]
R2 ewido security suite control;ewido security suite control;c:\program files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton antivirus\NAVAPSVC.EXE [2004-8-30 177264]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2005-8-1 819352]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20060803.048\NAVENG.Sys [2006-8-4 79240]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20060803.048\NavEx15.Sys [2006-8-4 828872]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [2008-12-19 13225]
R3 SAVRT;SAVRT;c:\program files\norton antivirus\SAVRT.SYS [2004-7-23 338056]
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\c:\program files\vmlaunch\buddyvm.sys --> c:\program files\vmlaunch\BuddyVM.sys [?]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2004-8-30 67184]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-8-13 79520]
S3 FUTUREX;FUTUREX;c:\documents and settings\kevin yamamoto\desktop\ada32\aida32.sys [2008-12-12 3907]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SAVScan;SAVScan;c:\program files\norton antivirus\SAVSCAN.EXE [2004-7-23 198368]
S3 XDva011;XDva011;\??\c:\windows\system32\xdva011.sys --> c:\windows\system32\XDva011.sys [?]
S3 XDva037;XDva037;\??\c:\windows\system32\xdva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva119;XDva119;\??\c:\windows\system32\xdva119.sys --> c:\windows\system32\XDva119.sys [?]
S3 XDva121;XDva121;\??\c:\windows\system32\xdva121.sys --> c:\windows\system32\XDva121.sys [?]
S3 XDva134;XDva134;\??\c:\windows\system32\xdva134.sys --> c:\windows\system32\XDva134.sys [?]
S3 XDva158;XDva158;\??\c:\windows\system32\xdva158.sys --> c:\windows\system32\XDva158.sys [?]
S3 XDva164;XDva164;\??\c:\windows\system32\xdva164.sys --> c:\windows\system32\XDva164.sys [?]
S3 XDva167;XDva167;\??\c:\windows\system32\xdva167.sys --> c:\windows\system32\XDva167.sys [?]
S3 XDva177;XDva177;\??\c:\windows\system32\xdva177.sys --> c:\windows\system32\XDva177.sys [?]
S3 XDva190;XDva190;\??\c:\windows\system32\xdva190.sys --> c:\windows\system32\XDva190.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\xdva219.sys --> c:\windows\system32\XDva219.sys [?]
S3 XDva224;XDva224;\??\c:\windows\system32\xdva224.sys --> c:\windows\system32\XDva224.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-23 24652]
S4 WinDefend;Windows Defender Service;c:\program files\windows defender\MsMpEng.exe [2006-4-3 14032]

=============== Created Last 30 ================

2009-03-28 22:31 <DIR> --d----- c:\docume~1\keviny~1\applic~1\Malwarebytes
2009-03-28 22:30 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-28 22:30 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-28 22:30 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-28 22:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-25 22:46 128,512 a--sh--- c:\windows\system32\exkeiq.dll
2009-03-25 04:08 129,024 a--sh--- c:\windows\system32\hlbfiw.dll
2009-03-25 01:06 <DIR> --d----- C:\CFLog
2009-03-25 01:05 2,849,844 a------- c:\windows\system32\GameMon.des
2009-03-25 00:56 <DIR> --d----- c:\program files\Subagames
2009-03-25 00:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PMB Files
2009-03-25 00:46 <DIR> --d----- c:\program files\Pando Networks
2009-03-24 16:07 129,024 a--sh--- c:\windows\system32\epvezs.dll
2009-03-23 16:07 129,024 a--sh--- c:\windows\system32\kbtnbc.dll
2009-03-23 04:07 128,000 a--sh--- c:\windows\system32\ycthkj.dll
2009-03-22 16:07 127,488 a--sh--- c:\windows\system32\luoqoa.dll
2009-03-22 13:59 <DIR> --d----- c:\program files\Trend Micro
2009-03-22 13:22 2,855 a------- c:\windows\system32\mem.PIF
2009-03-22 13:22 <DIR> --d-h--- c:\windows\PIF
2009-03-22 04:06 128,512 a--sh--- c:\windows\system32\aqypii.dll
2009-03-21 16:06 129,536 a--sh--- c:\windows\system32\nowwno.dll
2009-03-21 14:30 267 a------- c:\windows\wininit.ini
2009-03-21 04:06 128,000 a--sh--- c:\windows\system32\rxvppk.dll

==================== Find3M ====================

2009-04-02 00:28 18,008,096 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-04-01 21:14 211,748 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-03-28 02:08 95,232 a--sh--- c:\windows\system32\jarugede.dll
2009-03-27 14:07 96,256 a--sh--- c:\windows\system32\latadeti.dll
2009-03-27 02:07 61,440 a--sh--- c:\windows\system32\bopomija.exe
2009-03-25 22:46 128,512 a--sh--- c:\windows\system32\reyahezi.dll
2009-03-25 04:08 89,600 a--sh--- c:\windows\system32\muwiropu.dll
2009-03-25 04:08 129,024 a--sh--- c:\windows\system32\rakevaka.dll
2009-03-24 16:07 129,024 a--sh--- c:\windows\system32\sajifamu.dll
2009-03-24 16:07 95,744 a--sh--- c:\windows\system32\rerujito.dll
2009-03-24 04:07 94,208 a--sh--- c:\windows\system32\jivulozu.dll
2009-03-23 16:07 129,024 a--sh--- c:\windows\system32\liwiwopa.dll
2009-03-23 16:07 94,720 a--sh--- c:\windows\system32\vetoyiwu.dll
2009-03-23 04:07 128,000 a--sh--- c:\windows\system32\lamofuku.dll
2009-03-22 16:07 96,256 a--sh--- c:\windows\system32\tibufenu.dll
2009-03-22 14:40 77,935 a------- c:\windows\War3Unin.dat
2009-03-21 16:06 129,536 a--sh--- c:\windows\system32\rutirawi.dll
2009-03-18 20:14 82,268 a---h--- c:\windows\system32\mlfcache.dat
2009-02-21 23:24 256 a------- c:\documents and settings\kevin yamamoto\pool.bin
2009-01-07 12:28 453,152 a------- c:\windows\system32\NVUNINST.EXE
2007-12-13 20:00 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat

============= FINISH: 0:29:38.75 ===============

Attached Files



#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:41 PM

Posted 05 April 2009 - 07:48 AM

Hi RunningMan

I see that you have Norton Anti-Virus installed but it is extremley outdated therefore it's is completley ineffective, you need to get an
up to date AV installed before we can cotinue with trying to clean your machine
  • Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Two good antivirus programs free for non-commercial home use are Avast! and Antivir
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case BitComet 0.60, BitLord 1.1 and LimeWire 4.18.3). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.

Viewpoint Warning
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now.

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please double click the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":
  • J2SE Runtime Environment 5.0 Update 3
  • J2SE Runtime Environment 5.0 Update 6
  • Java™ 6 Update 3
  • Need2Find Bar
  • Norton AntiVirus 2005
  • Viewpoint Manager (Remove Only)
  • Viewpoint Media Player
Additional instructions can be found here if needed

Next

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please post back with C:\ComboFix.txt in your next reply.

Thanks

unite.jpg


#7 RunningMan

RunningMan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 07 April 2009 - 01:55 AM

edit: i could not remove the need to find bar because it was a problem that occured in the past and while working with castlecops they cleared it so... the file is already gone, but somehow you guys picked it up.


ComboFix 09-04-04.01 - Kevin Yamamoto 2009-04-06 23:48:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1457 [GMT -7:00]
Running from: c:\documents and settings\Kevin Yamamoto\Desktop\ComboFix.exe
FW: NVIDIA Firewall *disabled*
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kevin Yamamoto\Application Data\MCROSO~1
c:\documents and settings\Kevin Yamamoto\Application Data\SSEMBL~1
c:\documents and settings\Kevin Yamamoto\Application Data\STEM~1
C:\Documents
c:\program files\ecurit~1
c:\program files\icroso~1.net
c:\windows\system32\aqypii.dll
c:\windows\system32\cache329
c:\windows\system32\cache329\B_329_0_0_106800.htm
c:\windows\system32\cache329\B_329_0_0_107400.htm
c:\windows\system32\cache329\B_329_1_0_449200.htm
c:\windows\system32\cache329\B_329_1_0_449600.htm
c:\windows\system32\cache329\B_329_1_0_454300.htm
c:\windows\system32\cache329\B_329_2_0_105300.htm
c:\windows\system32\cache329\B_329_2_0_106800.htm
c:\windows\system32\cache329\B_329_2_0_107400.htm
c:\windows\system32\cache329\B_329_3_0_105300.htm
c:\windows\system32\cache329\B_329_3_0_106800.htm
c:\windows\system32\cache329\B_329_3_0_107400.htm
c:\windows\system32\cache329\B_329_4_0_111600.htm
c:\windows\system32\cache329\B_329_4_0_152400.htm
c:\windows\system32\cache329\B_329_4_0_155300.htm
c:\windows\system32\cache329\B_329_4_0_164100.htm
c:\windows\system32\cache329\t_B_329_0_0_106800.htm
c:\windows\system32\cache329\t_B_329_0_0_107400.htm
c:\windows\system32\cache329\t_B_329_1_0_449200.htm
c:\windows\system32\cache329\t_B_329_1_0_449600.htm
c:\windows\system32\cache329\t_B_329_1_0_454300.htm
c:\windows\system32\cache329\t_B_329_2_0_105300.htm
c:\windows\system32\cache329\t_B_329_2_0_106800.htm
c:\windows\system32\cache329\t_B_329_2_0_107400.htm
c:\windows\system32\cache329\t_B_329_3_0_105300.htm
c:\windows\system32\cache329\t_B_329_3_0_106800.htm
c:\windows\system32\cache329\t_B_329_3_0_107400.htm
c:\windows\system32\cache329\t_B_329_4_0_111600.htm
c:\windows\system32\cache329\t_B_329_4_0_152400.htm
c:\windows\system32\cache329\t_B_329_4_0_155300.htm
c:\windows\system32\cache329\t_B_329_4_0_164100.htm
c:\windows\system32\epvezs.dll
c:\windows\system32\exkeiq.dll
c:\windows\system32\hlbfiw.dll
c:\windows\system32\jarugede.dll
c:\windows\system32\jivulozu.dll
c:\windows\system32\kbtnbc.dll
c:\windows\system32\lamofuku.dll
c:\windows\system32\latadeti.dll
c:\windows\system32\liwiwopa.dll
c:\windows\system32\luoqoa.dll
c:\windows\system32\muwiropu.dll
c:\windows\system32\nowwno.dll
c:\windows\system32\Process.exe
c:\windows\system32\rakevaka.dll
c:\windows\system32\rerujito.dll
c:\windows\system32\reyahezi.dll
c:\windows\system32\rutirawi.dll
c:\windows\system32\rxvppk.dll
c:\windows\system32\sajifamu.dll
c:\windows\system32\sembly~1
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tibufenu.dll
c:\windows\system32\vetoyiwu.dll
c:\windows\system32\ycthkj.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-07 to 2009-04-07 )))))))))))))))))))))))))))))))
.

2009-03-28 22:31 . 2009-03-28 22:31 <DIR> d-------- c:\documents and settings\Kevin Yamamoto\Application Data\Malwarebytes
2009-03-28 22:30 . 2009-04-01 03:39 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-28 22:30 . 2009-03-28 22:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-28 22:30 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-28 22:30 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-25 01:06 . 2009-03-25 01:06 <DIR> d-------- C:\CFLog
2009-03-25 01:05 . 2009-03-16 12:37 2,849,844 --a------ c:\windows\system32\GameMon.des
2009-03-25 00:56 . 2009-03-25 00:56 <DIR> d-------- c:\program files\Subagames
2009-03-25 00:47 . 2009-03-25 00:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\PMB Files
2009-03-25 00:46 . 2009-03-25 00:46 <DIR> d-------- c:\program files\Pando Networks
2009-03-22 13:59 . 2009-03-22 13:59 <DIR> d-------- c:\program files\Trend Micro
2009-03-22 13:22 . 2009-03-22 13:22 <DIR> d--h----- c:\windows\PIF
2009-03-22 13:22 . 2009-03-22 13:22 2,855 --a------ c:\windows\system32\mem.PIF
2009-03-21 14:30 . 2009-03-21 19:37 267 --a------ c:\windows\wininit.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-07 06:50 18,366,496 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-07 06:40 --------- d-----w c:\program files\Viewpoint
2009-04-07 06:40 --------- d-----w c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint
2009-04-07 06:40 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-07 06:39 --------- d-----w c:\program files\Norton AntiVirus
2009-04-07 06:39 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-07 06:38 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-07 06:35 --------- d-----w c:\program files\Java
2009-04-07 06:26 --------- d-----w c:\program files\Steam
2009-04-03 18:41 214,916 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-30 11:32 --------- d-----w c:\documents and settings\Kevin Yamamoto\Application Data\OpenOffice.org2
2009-03-29 23:26 19,430,242 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-28 13:43 --------- d-----w c:\program files\Warcraft III
2009-03-27 09:07 61,440 --sha-w c:\windows\system32\bopomija.exe
2009-03-23 11:38 --------- d-----w c:\documents and settings\Kevin Yamamoto\Application Data\U3
2009-03-22 02:28 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-21 11:12 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-20 04:51 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-20 04:36 --------- d-----w c:\documents and settings\Kevin Yamamoto\Application Data\mIRC
2009-03-15 23:29 --------- d-----w c:\program files\mIRC
2009-03-01 10:42 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-01 10:41 --------- d-----w c:\program files\Yahoo!
2009-03-01 10:40 --------- d-----w c:\documents and settings\Kevin Yamamoto\Application Data\Yahoo!
2009-02-23 00:50 --------- d-----w c:\program files\Garena
2009-02-22 06:24 256 ----a-w c:\documents and settings\Kevin Yamamoto\pool.bin
2009-02-21 08:54 --------- d-----w c:\program files\Illusion
2009-02-21 06:31 --------- d-----w c:\program files\FDN
2009-02-18 06:39 --------- d-----w c:\program files\Winamp
2009-02-18 06:19 --------- d-----w c:\program files\Winamp Remote
2009-02-18 06:19 --------- d-----w c:\documents and settings\All Users\Application Data\OrbNetworks
2009-01-07 19:28 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2007-12-14 03:00 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-10-03 09:43 2,402,550 ----a-w c:\windows\inf\SET6E.tmp
2006-08-11 03:00 2,402,370 ----a-w c:\windows\inf\SET7A.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"EPSON Stylus CX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE" [2007-01-25 179200]
"Steam"="c:\program files\Steam\Steam.exe" [2008-10-09 1410296]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-03-31 507904]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-08-04 100056]
"EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 266240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-07 267064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-08 180269]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-19 615696]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-08-26 236016]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\Kevin Yamamoto\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-02-04 229376]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= ,

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.XFR1"= xfcodec.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Spyware Doctor\\swdoctor.exe"=
"c:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:RSP
"6112:TCP"= 6112:TCP:WarCraft III Battle.net
"6112:UDP"= 6112:UDP:StarCraft Battle.net UDP
"7764:TCP"= 7764:TCP:Gnutilla
"7764:UDP"= 7764:UDP:gnutilla2
"58943:TCP"= 58943:TCP:Pando Media Booster
"58943:UDP"= 58943:UDP:Pando Media Booster

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [2008-12-19 13225]
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\c:\program files\VMLaunch\BuddyVM.sys --> c:\program files\VMLaunch\BuddyVM.sys [?]
S3 FUTUREX;FUTUREX;c:\documents and settings\Kevin Yamamoto\Desktop\ada32\aida32.sys [2008-12-12 3907]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva011;XDva011;\??\c:\windows\system32\XDva011.sys --> c:\windows\system32\XDva011.sys [?]
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva119;XDva119;\??\c:\windows\system32\XDva119.sys --> c:\windows\system32\XDva119.sys [?]
S3 XDva121;XDva121;\??\c:\windows\system32\XDva121.sys --> c:\windows\system32\XDva121.sys [?]
S3 XDva134;XDva134;\??\c:\windows\system32\XDva134.sys --> c:\windows\system32\XDva134.sys [?]
S3 XDva158;XDva158;\??\c:\windows\system32\XDva158.sys --> c:\windows\system32\XDva158.sys [?]
S3 XDva164;XDva164;\??\c:\windows\system32\XDva164.sys --> c:\windows\system32\XDva164.sys [?]
S3 XDva167;XDva167;\??\c:\windows\system32\XDva167.sys --> c:\windows\system32\XDva167.sys [?]
S3 XDva177;XDva177;\??\c:\windows\system32\XDva177.sys --> c:\windows\system32\XDva177.sys [?]
S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\XDva219.sys --> c:\windows\system32\XDva219.sys [?]
S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-07-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-07-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [2006-04-03 14032]

--- Other Services/Drivers In Memory ---

*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - SAVRT
*Deregistered* - SAVRTPEL
*Deregistered* - SPBBCDrv
*Deregistered* - symlcbrd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acce4d5a-ba09-11dd-b5cc-0015f29cdc9d}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2009-04-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 18:12]
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\Kevin Yamamoto\Application Data\Mozilla\Firefox\Profiles\urasoru8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-06 23:50:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-117609710-287218729-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d5,06,6e,ee,b6,a7,0a,83,68,bf,9a,43,23,46,d9,90,8c,65,18,d8,89,68,5b,
8c,4f,f9,7a,4b,f6,d7,f6,2c,19,39,ef,4b,78,c9,b4,14,95,20,d0,61,02,d0,e4,93,\
"??"=hex:5d,19,9c,5d,eb,bb,10,35,0a,ad,90,f0,65,3c,48,de
.
Completion time: 2009-04-06 23:53:30
ComboFix-quarantined-files.txt 2009-04-07 06:52:54

Pre-Run: 1,517,473,792 bytes free
Post-Run: 1,523,494,912 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

291 --- E O F --- 2009-02-07 08:03:51

Edited by RunningMan, 07 April 2009 - 01:56 AM.


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:41 PM

Posted 07 April 2009 - 09:26 AM

I don't see any signs of an Anti-Virus in your ComboFix log, did you install one as instructed in my last post? It is
very important that you have an up to date AV on your computer, so if you haven't already done so please install
one now. Once you have done this post back here with a fresh HijackThis log.

Cheers

unite.jpg


#9 RunningMan

RunningMan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 07 April 2009 - 07:12 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:10:27 PM, on 4/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kevin Yamamoto\Application Data\Research In Motion\BlackBerry\Updates\4A7527CD-8014-4ea9-AEF7-DB52C736D0C7\BBDesktopInstaller.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [EPSON Stylus CX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE /FU "C:\WINDOWS\TEMP\E_S110.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122928953671
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ,
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10300 bytes


thanks

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:41 PM

Posted 09 April 2009 - 12:04 PM

Hi

Download the Norton removal tool and save it to your desktop. Double click on
Norton_Removal_Tool.exe and follow the on screen instructions to remove any
Norton leftovers from your machine.

Note: Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.

Next

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\bopomija.exe

Folder::
c:\program files\Viewpoint
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint
c:\documents and settings\All Users\Application Data\Viewpoint

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

unite.jpg


#11 RunningMan

RunningMan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 11 April 2009 - 02:21 AM

ComboFix 09-04-04.01 - Kevin Yamamoto 2009-04-11 0:09:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1463 [GMT -7:00]
Running from: c:\documents and settings\Kevin Yamamoto\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kevin Yamamoto\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090410-0] *On-access scanning disabled* (Updated)
FW: NVIDIA Firewall *disabled*
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point

FILE ::
c:\windows\system32\bopomija.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\HostRegistry.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1047652577.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-106421441.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1135556971.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-11379918.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1145560604.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1153560128.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1157302298.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1165530491.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-117435009.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1184449253.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1201143308.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1272816250.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1295580143.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1300081045.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-135358204.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1374397337.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1378440004.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-137988978.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1426337133.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1436533606.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1449933354.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1462558529.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1475145469.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1516337578.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1542025285.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1559706508.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1597847224.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1626128143.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1641093216.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1644168162.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1648829976.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1694793858.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1708481821.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1750761970.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1769552329.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1840828752.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1848696681.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1914851284.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1921829085.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1934799205.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1969651792.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-2048650561.mzv
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-226278802.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-293581247.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-301903088.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-31966105.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-443063735.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-451823942.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-460214365.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-534327804.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-590762202.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-622297995.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-650661157.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-683220543.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-685847111.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-699817616.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-723950926.mzv
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-751751732.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-757019672.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-768915405.mzv
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-811683999.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-979900898.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-980193549.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-996537853.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-999768523.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\106896837.mzv
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1092938770.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1118461733.mzv
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\111909904.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1121012354.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\118665358.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\125735352.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\125870462.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1371307337.mzv
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1378411665.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1383469248.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1441272437.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1446289950.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1500679047.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\15154944.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1675603536.MTZ
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1677758953.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\168724196.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1708754955.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1748523446.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1779747327.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1787107917.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1813163498.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1823553467.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1835029528.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1898052958.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1909664952.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1938745176.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\2002242333.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\2016498779.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\2035244762.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\2042934952.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\2048061835.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\2051882696.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\2116519570.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\2121743558.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\2140193654.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\222428136.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\240475163.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\253621806.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\311300948.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\317964110.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\353335032.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\375260751.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\396963827.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\428599186.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\443528259.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\532335498.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\568566581.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\628440004.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\67230950.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\705726423.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\798494130.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\799050167.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\829738692.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\880205301.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\883187879.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\939741200.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\985100209.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\989826169.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1009436675.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1056531412.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1063537912.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1064602286.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1141136244.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1205557044.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1270184280.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1310468734.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-135358193.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1384100913.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1436935974.mzv
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-147541507.mzv
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1485551191.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1554671213.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1603917985.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1644168169.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1649594780.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1661680140.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1695133557.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-173216404.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1769552322.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1825800290.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1861382283.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1920084811.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1923062664.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1928734162.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1953731908.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1965803721.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-2002272860.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-2008368682.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-2040969542.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-2060888632.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-2107370987.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-2130299108.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-2135381211.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-220121683.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-235623344.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-239926725.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-291690746.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-310101725.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-352095802.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-418549231.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-425908310.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-445524603.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-456726256.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-473870751.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-489740049.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-50429641.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-508003916.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-522415596.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-610092470.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-662997164.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-705735742.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-720138135.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-734324497.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-754162018.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-837147267.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-853224713.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-860330733.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-900907336.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-961172162.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-963025051.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-969721649.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\107421402.mtj&p2=0&p3=02022530072903512054050824912091&p4=0
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1147295202.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1178238435.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1241279040.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1265326256.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\126966004.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1297720906.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1302535532.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1434897116.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1435347541.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1439616145.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1444260146.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1446289937.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1487484346.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1506704802.mzv
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1581793880.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1600844264.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1618519102.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1650352007.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1831637814.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1835030497.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1845488152.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1885716032.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1892956096.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1939605770.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1970057507.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1972415093.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\2033877483.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\2041300473.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\2060173587.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\2062719245.mzv
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\2091941651.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\2145052283.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\279073389.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\304291528.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\349171502.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\353335039.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\410405448.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\43184370.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\490027841.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\504423258.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\511526679.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\648123724.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\664954290.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\741839249.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\801059246.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\874533698.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\895157779.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\906448157.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\909217776.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\93767561.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\939132219.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\954472199.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\965953611.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\9676803.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1029747936.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-103092585.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1047608846.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1103069256.MTZ
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1136483186.mzv
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-114913394.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1164976220.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1177138469.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1190278724.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1210733340.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1295986444.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1299311936.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1304203737.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1338178479.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1375213082.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1384100924.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1402595456.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1402706028.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1429180282.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-157354182.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-168278360.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1720767391.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1724926566.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1728044958.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1819012595.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1843848840.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1847112151.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1875093480.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1875350343.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1959953216.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1983310756.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-2053815139.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-2054581543.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-2067018138.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-253949623.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-287108391.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-346872928.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-356781977.mzv
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-3847432.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-417622574.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-428626455.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-446581749.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-458550375.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-468863072.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-513822985.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-522224852.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-565200322.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-570851192.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-596543426.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-629933319.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-664601570.mzv
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-68712822.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-690237076.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-768599715.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-785205366.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-837147292.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-842504739.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-858849659.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-926487843.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-929889287.MTZ
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-936068742.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-942604390.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\102910793.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\108434004.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1122404751.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\119058258.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1216718129.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1222968857.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\127665464.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1278518679.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1316197598.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1333740445.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1408483205.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1489306926.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1492189461.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1505274541.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1506499243.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1511566050.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1519480151.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\154057610.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1566397766.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1581833997.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1586113656.mzv
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\160189405.mzv
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1639506970.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1657737888.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1684840874.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1717549009.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1769081669.mzv
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1793940285.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1810117067.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1813480044.mtj&p2=0&p3=02022530072903512054050824912091&p4=0
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1845487073.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\2045409813.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\2054701240.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\2068573900.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\2078399616.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\2096146652.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\2110855987.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\235481591.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\257492326.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\274935933.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\281493209.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\307331414.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\336536927.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\407034558.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\4145612.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\479083432.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\501804423.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\51630939.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\589291352.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\635398506.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\692911355.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\706363410.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\81381979.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\835694555.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\848383240.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\849720269.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\876354133.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\889676067.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\895181639.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\906185079.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\934090300.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\939737883.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\94061010.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\950254802.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\99655304.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1014976144.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1029747925.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1083187125.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1100651534.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1174741503.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1202953292.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1299311921.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1387901300.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1404653773.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1422837648.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1436354981.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1510534710.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1575301855.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1602588147.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1629999084.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1721519275.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1737370.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1762298891.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1809350139.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1811709498.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-186091809.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1867829355.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1890015939.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1918652891.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1919398850.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1943471865.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1958474955.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-2051242133.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-2054581722.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-2059754657.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-2093588549.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-2125840024.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-2142171799.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-226278811.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-239255367.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-248733668.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-251332002.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-264463341.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-310034907.mzv
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-310058909.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-418005019.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-423457263.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-47238298.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-474211254.mzv
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-531644746.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-53993486.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-565032874.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-578682717.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-685847162.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-686872277.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-69231673.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-757019663.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-763214426.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-768327976.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-803283894.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-81680165.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-847671522.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-882707288.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-947579419.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-954183954.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-970755555.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1055073477.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1059684277.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1083074844.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1085487388.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1150014186.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1216718136.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1223076806.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1225353150.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1241060943.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1252483478.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1267814445.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1308204651.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1367955459.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1392431664.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\14608618.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1477322753.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1569306504.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1575878256.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1591040817.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1610937068.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1618528935.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1628515306.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\165583528.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1668040723.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1670288958.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1730334158.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1735799578.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1786638470.mzv
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1799365366.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1816870818.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1845816791.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1926666667.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1974158621.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\2051894873.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\2052244190.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\2066296623.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\294601963.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\333728335.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\365532241.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\42983420.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\474601222.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\486932585.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\635398499.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\637043202.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\638174917.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\661897257.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\697102121.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\703455960.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\709044717.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\755001240.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\797831847.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\8017737.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\83947612.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\843637260.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\874214630.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\890012634.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\922728436.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\934227222.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\992266171.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\UpdateVersionList_v2.mtx
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1011530577.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1018872981.swf
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1105755590.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1338444420.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1449933354.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1679511311.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-2010318056.swf
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-26751412.mtz
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-699817616.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-968633773.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-981351932.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\134806379.mtz
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1550331427.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1779747327.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1847856982.swf
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\2042934952.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\2044643616.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\416055122.swf
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\801853952.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\URLCache.ini
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1310468734.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1384100913.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1860458717.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-463895457.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-956918789.mtz
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1054459834.swf
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1149907424.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1487484346.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1524063781.swf
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1743403442.swf
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1779173642.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1991437604.swf
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\2103067883.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\255328915.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\256243373.swf
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\285238706.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\357349773.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\410405448.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\909217776.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\URLCache.ini
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1190278724.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1384100924.mtz
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1429180282.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1913180485.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1935272161.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-2082573446.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-2089314694.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-33400662.swf
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-381418295.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-423223483.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-468863072.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-68712822.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-768599715.mtz
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-915452461.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-956918798.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1291776214.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1364815165.swf
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1529731430.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1613120715.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1617834919.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\2019617978.swf
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\2046273275.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\407034558.ini
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\48336960.mtz
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\82960231.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\URLCache.ini
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1014976144.swf
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1161970089.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1202953292.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1850579979.swf
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-186091809.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1931313109.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-900984403.mzv
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\136654671.swf
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\136692080.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1652789341.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1672998446.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1735799578.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1777574429.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\190585854.swf
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\2066296623.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\2089844584.swf
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\48336969.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\661165716.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\703455960.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\756197600.mtz
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\890012634.mts
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\959144674.mzv
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\URLCache.ini
c:\documents and settings\Kevin Yamamoto\Application Data\Viewpoint\Viewpoint Media Player\Resources\UpdateVersionList_v2.mtx
c:\program files\Viewpoint
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream_0302021C.dll
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream_0302021C_.dll
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll
c:\program files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr_0305000D.dll
c:\program files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMgr.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
c:\program files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
c:\windows\system32\bopomija.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.

2009-04-10 23:45 . 2009-04-10 23:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-06 23:59 . 2009-04-06 23:59 <DIR> d-------- c:\program files\Alwil Software
2009-03-28 22:31 . 2009-03-28 22:31 <DIR> d-------- c:\documents and settings\Kevin Yamamoto\Application Data\Malwarebytes
2009-03-28 22:30 . 2009-04-01 03:39 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-28 22:30 . 2009-03-28 22:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-28 22:30 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-28 22:30 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-25 01:06 . 2009-03-25 01:06 <DIR> d-------- C:\CFLog
2009-03-25 01:05 . 2009-03-16 12:37 2,849,844 --a------ c:\windows\system32\GameMon.des
2009-03-25 00:56 . 2009-03-25 00:56 <DIR> d-------- c:\program files\Subagames
2009-03-25 00:47 . 2009-03-25 00:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\PMB Files
2009-03-25 00:46 . 2009-03-25 00:46 <DIR> d-------- c:\program files\Pando Networks
2009-03-22 13:59 . 2009-03-22 13:59 <DIR> d-------- c:\program files\Trend Micro
2009-03-22 13:22 . 2009-03-22 13:22 <DIR> d--h----- c:\windows\PIF
2009-03-22 13:22 . 2009-03-22 13:22 2,855 --a------ c:\windows\system32\mem.PIF
2009-03-21 14:30 . 2009-03-21 19:37 267 --a------ c:\windows\wininit.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 07:15 19,189,792 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-11 06:58 --------- d-----w c:\program files\Steam
2009-04-11 06:56 --------- d-----w c:\program files\Microsoft Silverlight
2009-04-11 06:55 225,236 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-11 06:54 --------- d-----w c:\documents and settings\Kevin Yamamoto\Application Data\mIRC
2009-04-11 06:48 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-11 06:29 --------- d-----w c:\program files\mIRC
2009-04-09 08:02 --------- d-----w c:\program files\Warcraft III
2009-04-08 00:10 --------- d-----w c:\program files\Common Files\Research In Motion
2009-04-07 06:35 --------- d-----w c:\program files\Java
2009-03-30 11:32 --------- d-----w c:\documents and settings\Kevin Yamamoto\Application Data\OpenOffice.org2
2009-03-29 23:26 19,430,242 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-23 11:38 --------- d-----w c:\documents and settings\Kevin Yamamoto\Application Data\U3
2009-03-22 02:28 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-21 11:12 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-20 04:51 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-01 10:42 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-01 10:41 --------- d-----w c:\program files\Yahoo!
2009-03-01 10:40 --------- d-----w c:\documents and settings\Kevin Yamamoto\Application Data\Yahoo!
2009-02-23 00:50 --------- d-----w c:\program files\Garena
2009-02-22 06:24 256 ----a-w c:\documents and settings\Kevin Yamamoto\pool.bin
2009-02-21 08:54 --------- d-----w c:\program files\Illusion
2009-02-21 06:31 --------- d-----w c:\program files\FDN
2009-02-18 06:39 --------- d-----w c:\program files\Winamp
2009-02-18 06:19 --------- d-----w c:\program files\Winamp Remote
2009-02-18 06:19 --------- d-----w c:\documents and settings\All Users\Application Data\OrbNetworks
2007-12-14 03:00 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-10-03 09:43 2,402,550 ----a-w c:\windows\inf\SET6E.tmp
2006-08-11 03:00 2,402,370 ----a-w c:\windows\inf\SET7A.tmp
.

((((((((((((((((((((((((((((( SnapShot@2009-04-06_23.51.21.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-09-11 12:40:36 484,272 ----a-w c:\windows\Downloaded Program Files\isusweb.dll
+ 2007-08-30 17:50:50 475,816 ----a-w c:\windows\Downloaded Program Files\isusweb.dll
+ 2009-02-05 20:11:35 1,256,296 ----a-w c:\windows\system32\aswBoot.exe
+ 2009-02-05 20:04:45 97,480 ----a-w c:\windows\system32\AvastSS.scr
+ 2009-02-05 20:05:11 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
+ 2009-02-05 20:07:12 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
+ 2009-02-05 20:08:19 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys
+ 2009-02-05 20:08:10 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys
+ 2009-02-05 20:06:10 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
+ 2009-02-05 20:07:23 114,768 ----a-w c:\windows\system32\drivers\aswSP.sys
+ 2009-02-05 20:06:20 51,376 ----a-w c:\windows\system32\drivers\aswTdi.sys
+ 2009-04-11 06:56:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_774.dat
- 2006-12-02 06:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 05:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
- 2006-12-02 06:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-02 05:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
- 2006-12-02 06:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 05:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
- 2006-12-02 06:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 05:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
- 2006-12-02 08:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 07:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
- 2006-12-02 08:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 07:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
- 2006-12-02 08:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 07:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
- 2006-12-02 08:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 07:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
- 2006-12-02 08:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 07:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
- 2006-12-02 08:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 07:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
- 2006-12-02 08:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 07:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
- 2006-12-02 08:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 07:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
- 2006-12-02 08:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 07:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
- 2006-12-02 08:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 07:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
- 2006-12-02 08:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 07:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
- 2006-12-02 08:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 07:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
- 2006-12-02 08:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 07:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"EPSON Stylus CX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE" [2007-01-25 179200]
"Steam"="c:\program files\Steam\Steam.exe" [2008-10-09 1410296]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-03-31 507904]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 266240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-07 267064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-08 180269]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-08-26 236016]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-19 615696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\Kevin Yamamoto\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-02-04 229376]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.XFR1"= xfcodec.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Spyware Doctor\\swdoctor.exe"=
"c:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:RSP
"6112:TCP"= 6112:TCP:WarCraft III Battle.net
"6112:UDP"= 6112:UDP:StarCraft Battle.net UDP
"7764:TCP"= 7764:TCP:Gnutilla
"7764:UDP"= 7764:UDP:gnutilla2
"58943:TCP"= 58943:TCP:Pando Media Booster
"58943:UDP"= 58943:UDP:Pando Media Booster

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-04-07 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-04-07 20560]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [2008-12-19 13225]
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\c:\program files\VMLaunch\BuddyVM.sys --> c:\program files\VMLaunch\BuddyVM.sys [?]
S3 FUTUREX;FUTUREX;c:\documents and settings\Kevin Yamamoto\Desktop\ada32\aida32.sys [2008-12-12 3907]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva011;XDva011;\??\c:\windows\system32\XDva011.sys --> c:\windows\system32\XDva011.sys [?]
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva119;XDva119;\??\c:\windows\system32\XDva119.sys --> c:\windows\system32\XDva119.sys [?]
S3 XDva121;XDva121;\??\c:\windows\system32\XDva121.sys --> c:\windows\system32\XDva121.sys [?]
S3 XDva134;XDva134;\??\c:\windows\system32\XDva134.sys --> c:\windows\system32\XDva134.sys [?]
S3 XDva158;XDva158;\??\c:\windows\system32\XDva158.sys --> c:\windows\system32\XDva158.sys [?]
S3 XDva164;XDva164;\??\c:\windows\system32\XDva164.sys --> c:\windows\system32\XDva164.sys [?]
S3 XDva167;XDva167;\??\c:\windows\system32\XDva167.sys --> c:\windows\system32\XDva167.sys [?]
S3 XDva177;XDva177;\??\c:\windows\system32\XDva177.sys --> c:\windows\system32\XDva177.sys [?]
S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\XDva219.sys --> c:\windows\system32\XDva219.sys [?]
S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-07-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-07-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [2006-04-03 14032]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acce4d5a-ba09-11dd-b5cc-0015f29cdc9d}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2009-04-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 18:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\Kevin Yamamoto\Application Data\Mozilla\Firefox\Profiles\urasoru8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-11 00:15:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-117609710-287218729-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d5,06,6e,ee,b6,a7,0a,83,68,bf,9a,43,23,46,d9,90,8c,65,18,d8,89,68,5b,
8c,4f,f9,7a,4b,f6,d7,f6,2c,19,39,ef,4b,78,c9,b4,14,95,20,d0,61,02,d0,e4,93,\
"??"=hex:5d,19,9c,5d,eb,bb,10,35,0a,ad,90,f0,65,3c,48,de
.
Completion time: 2009-04-11 0:17:56
ComboFix-quarantined-files.txt 2009-04-11 07:17:31
ComboFix2.txt 2009-04-07 06:53:31

Pre-Run: 3,868,282,880 bytes free
Post-Run: 4,002,144,256 bytes free

885 --- E O F --- 2009-02-07 08:03:51

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:41 PM

Posted 12 April 2009 - 06:33 AM

Hi RunningMan,

You don't have the latest service pack for windows, The service packs patch security vulnerabilities found in windows. You should
keep these upto date to keep you protected against malware, that can take advantage of these security vulnerabilities to attack
your system.The latest service pack is SP3, Click on Start >> All programs >> Windows update then download and install SP3.
Note: If it prompts you to install an ActiveX control allow it to install it.

Next

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 13...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 3


Additional instructions can be found here if needed

Next

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<info.txt (<
Please post back here with:
  • Kaspersky report
  • Both Rsit logs
Thanks

unite.jpg


#13 RunningMan

RunningMan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 15 April 2009 - 06:07 AM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Kevin Yamamoto at 2009-04-15 03:59:54
Microsoft Windows XP Professional Service Pack 2
System drive C: has 1 GB (1%) free of 131 GB
Total RAM: 2047 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:00:08 AM, on 4/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Kevin Yamamoto\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Kevin Yamamoto.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [EPSON Stylus CX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE /FU "C:\WINDOWS\TEMP\E_S110.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122928953671
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11237 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-13 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-13 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-08-13 352256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-12-20 131072]
"EPSON Stylus Photo R200 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE [2003-07-08 99840]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2005-11-08 128920]
"nTrayFw"=C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [2005-04-29 266240]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-09-07 267064]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-08-08 180269]
"Diamondback"=C:\Program Files\Razer\Diamondback 3G\razerhid.exe [2007-08-01 147456]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-08-26 236016]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-01-15 86016]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-03 36352]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2008-09-19 615696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-13 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-31 50480]
"EPSON Stylus CX4400 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE [2007-01-25 179200]
"Steam"=C:\Program Files\Steam\Steam.exe [2008-10-09 1410296]
"Veoh"=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-08-28 3660848]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2005-10-24 307200]
"Orb"=C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-03-31 507904]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-02-20 4363504]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\Kevin Yamamoto\Start Menu\Programs\Startup
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"=C:\Program Files\ewido anti-malware\shellhook.dll [2004-09-30 39488]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-04-03 81616]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=
"AllowUnhashedWebView"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Spyware Doctor\swdoctor.exe"="C:\Program Files\Spyware Doctor\swdoctor.exe:*:Enabled:swdoctor"
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe:*:Enabled:zlclient"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acce4d5a-ba09-11dd-b5cc-0015f29cdc9d}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-04-15 03:59:54 ----D---- C:\rsit
2009-04-13 00:48:14 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-13 00:48:14 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-13 00:48:14 ----A---- C:\WINDOWS\system32\java.exe
2009-04-13 00:48:14 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-04-12 11:06:39 ----D---- C:\WINDOWS\Prefetch
2009-04-12 10:48:43 ----N---- C:\WINDOWS\system32\xpsp2res.dll
2009-04-12 10:48:43 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-04-12 10:48:00 ----A---- C:\WINDOWS\system32\autoconv.exe
2009-04-12 10:48:00 ----A---- C:\WINDOWS\system32\autochk.exe
2009-04-12 10:48:00 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-04-12 10:47:59 ----A---- C:\WINDOWS\system32\ftp.exe
2009-04-12 10:47:59 ----A---- C:\WINDOWS\system32\format.com
2009-04-12 10:47:59 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-04-12 10:47:59 ----A---- C:\WINDOWS\system32\csrsrv.dll
2009-04-12 10:47:59 ----A---- C:\WINDOWS\system32\comdlg32.dll
2009-04-12 10:47:59 ----A---- C:\WINDOWS\system32\comctl32.dll
2009-04-12 10:47:59 ----A---- C:\WINDOWS\system32\cmd.exe
2009-04-12 10:47:59 ----A---- C:\WINDOWS\system32\cacls.exe
2009-04-12 10:47:58 ----A---- C:\WINDOWS\system32\olecnv32.dll
2009-04-12 10:47:58 ----A---- C:\WINDOWS\system32\oleaut32.dll
2009-04-12 10:47:58 ----A---- C:\WINDOWS\system32\nwprovau.dll
2009-04-12 10:47:58 ----A---- C:\WINDOWS\system32\ntvdm.exe
2009-04-12 10:47:58 ----A---- C:\WINDOWS\system32\ntprint.dll
2009-04-12 10:47:58 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2009-04-12 10:47:58 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-04-12 10:47:58 ----A---- C:\WINDOWS\system32\nslookup.exe
2009-04-12 10:47:58 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-04-12 10:47:58 ----A---- C:\WINDOWS\system32\msgsvc.dll
2009-04-12 10:47:58 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2009-04-12 10:47:58 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-04-12 10:47:58 ----A---- C:\WINDOWS\system32\locator.exe
2009-04-12 10:47:58 ----A---- C:\WINDOWS\system32\localspl.dll
2009-04-12 10:47:58 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2009-04-12 10:47:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-04-12 10:47:58 ----A---- C:\WINDOWS\system32\imagehlp.dll
2009-04-12 10:47:57 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-04-12 10:47:57 ----A---- C:\WINDOWS\system32\win32spl.dll
2009-04-12 10:47:57 ----A---- C:\WINDOWS\system32\userinit.exe
2009-04-12 10:47:57 ----A---- C:\WINDOWS\system32\untfs.dll
2009-04-12 10:47:57 ----A---- C:\WINDOWS\system32\ulib.dll
2009-04-12 10:47:57 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2009-04-12 10:47:57 ----A---- C:\WINDOWS\system32\syssetup.dll
2009-04-12 10:47:57 ----A---- C:\WINDOWS\system32\srvsvc.dll
2009-04-12 10:47:57 ----A---- C:\WINDOWS\system32\smss.exe
2009-04-12 10:47:57 ----A---- C:\WINDOWS\system32\setupapi.dll
2009-04-12 10:47:57 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-04-12 10:47:57 ----A---- C:\WINDOWS\system32\services.exe
2009-04-12 10:47:57 ----A---- C:\WINDOWS\system32\schannel.dll
2009-04-12 10:47:57 ----A---- C:\WINDOWS\system32\scardsvr.exe
2009-04-12 10:47:57 ----A---- C:\WINDOWS\system32\savedump.exe
2009-04-12 10:47:57 ----A---- C:\WINDOWS\system32\samsrv.dll
2009-04-12 10:47:57 ----A---- C:\WINDOWS\system32\samlib.dll
2009-04-12 10:47:57 ----A---- C:\WINDOWS\system32\rshx32.dll
2009-04-12 10:47:57 ----A---- C:\WINDOWS\system32\rastapi.dll
2009-04-12 10:47:57 ----A---- C:\WINDOWS\system32\rasman.dll
2009-04-12 10:47:57 ----A---- C:\WINDOWS\system32\rasdlg.dll
2009-04-12 10:47:57 ----A---- C:\WINDOWS\system32\rasauto.dll
2009-04-12 10:47:57 ----A---- C:\WINDOWS\system32\rasapi32.dll
2009-04-12 10:47:57 ----A---- C:\WINDOWS\system32\printui.dll
2009-04-12 10:47:57 ----A---- C:\WINDOWS\system32\perfctrs.dll
2009-04-12 10:47:53 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-04-12 10:47:53 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-04-12 10:47:53 ----A---- C:\WINDOWS\system32\hal.dll
2009-04-12 10:22:53 ----D---- C:\WINDOWS\system32\scripting
2009-04-12 10:22:52 ----D---- C:\WINDOWS\system32\en
2009-04-12 10:22:52 ----D---- C:\WINDOWS\system32\bits
2009-04-12 10:22:52 ----D---- C:\WINDOWS\l2schemas
2009-04-12 10:17:29 ----A---- C:\WINDOWS\imsins.BAK
2009-04-12 10:16:22 ----N---- C:\WINDOWS\system32\_004276_.tmp.dll
2009-04-12 10:15:39 ----N---- C:\WINDOWS\system32\_004274_.tmp.dll
2009-04-12 10:15:39 ----N---- C:\WINDOWS\system32\_004269_.tmp.dll
2009-04-12 10:15:39 ----N---- C:\WINDOWS\system32\_004268_.tmp.dll
2009-04-12 10:15:39 ----N---- C:\WINDOWS\system32\_004267_.tmp.dll
2009-04-12 10:15:39 ----N---- C:\WINDOWS\system32\_004266_.tmp.dll
2009-04-12 10:15:39 ----N---- C:\WINDOWS\system32\_004265_.tmp.dll
2009-04-12 10:15:39 ----N---- C:\WINDOWS\system32\_004262_.tmp.dll
2009-04-12 10:15:39 ----N---- C:\WINDOWS\system32\_004261_.tmp.dll
2009-04-12 10:15:39 ----N---- C:\WINDOWS\system32\_004260_.tmp.dll
2009-04-12 10:15:39 ----N---- C:\WINDOWS\system32\_004259_.tmp.dll
2009-04-12 10:15:38 ----N---- C:\WINDOWS\system32\_004257_.tmp.dll
2009-04-12 10:15:38 ----N---- C:\WINDOWS\system32\_004254_.tmp.dll
2009-04-12 10:15:38 ----N---- C:\WINDOWS\system32\_004252_.tmp.dll
2009-04-12 10:15:38 ----N---- C:\WINDOWS\system32\_004251_.tmp.dll
2009-04-12 10:15:37 ----N---- C:\WINDOWS\system32\_004247_.tmp.dll
2009-04-12 10:15:37 ----N---- C:\WINDOWS\system32\_004246_.tmp.dll
2009-04-12 10:15:37 ----N---- C:\WINDOWS\system32\_004245_.tmp.dll
2009-04-12 10:15:37 ----N---- C:\WINDOWS\system32\_004243_.tmp.dll
2009-04-12 10:15:37 ----N---- C:\WINDOWS\system32\_004241_.tmp.dll
2009-04-12 10:15:37 ----N---- C:\WINDOWS\system32\_004240_.tmp.dll
2009-04-12 10:15:37 ----N---- C:\WINDOWS\system32\_004239_.tmp.dll
2009-04-12 10:15:37 ----N---- C:\WINDOWS\system32\_004237_.tmp.dll
2009-04-12 10:15:37 ----N---- C:\WINDOWS\system32\_004236_.tmp.dll
2009-04-12 10:15:37 ----N---- C:\WINDOWS\system32\_004233_.tmp.dll
2009-04-12 10:15:37 ----N---- C:\WINDOWS\system32\_004232_.tmp.dll
2009-04-12 10:15:37 ----N---- C:\WINDOWS\system32\_004230_.tmp.dll
2009-04-12 10:15:37 ----N---- C:\WINDOWS\system32\_004229_.tmp.dll
2009-04-12 10:15:36 ----N---- C:\WINDOWS\system32\_004228_.tmp.dll
2009-04-12 10:15:36 ----N---- C:\WINDOWS\system32\_004221_.tmp.dll
2009-04-12 10:15:36 ----N---- C:\WINDOWS\system32\_004220_.tmp.dll
2009-04-12 10:15:36 ----N---- C:\WINDOWS\system32\_004219_.tmp.dll
2009-04-12 10:15:36 ----N---- C:\WINDOWS\system32\_004218_.tmp.dll
2009-04-11 18:43:53 ----SHD---- C:\RECYCLER
2009-04-11 00:17:59 ----A---- C:\ComboFix.txt
2009-04-10 23:45:33 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-04-07 00:00:00 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-04-06 23:59:52 ----D---- C:\Program Files\Alwil Software
2009-04-06 23:45:44 ----A---- C:\Boot.bak
2009-04-06 23:45:36 ----RASHD---- C:\cmdcons
2009-04-06 23:43:02 ----A---- C:\WINDOWS\zip.exe
2009-04-06 23:43:02 ----A---- C:\WINDOWS\VFIND.exe
2009-04-06 23:43:02 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-04-06 23:43:02 ----A---- C:\WINDOWS\SWSC.exe
2009-04-06 23:43:02 ----A---- C:\WINDOWS\SWREG.exe
2009-04-06 23:43:02 ----A---- C:\WINDOWS\sed.exe
2009-04-06 23:43:02 ----A---- C:\WINDOWS\NIRCMD.exe
2009-04-06 23:43:02 ----A---- C:\WINDOWS\grep.exe
2009-04-06 23:43:02 ----A---- C:\WINDOWS\fdsv.exe
2009-04-06 23:41:38 ----D---- C:\WINDOWS\ERDNT
2009-04-06 23:41:35 ----D---- C:\Qoobox
2009-03-28 22:31:00 ----D---- C:\Documents and Settings\Kevin Yamamoto\Application Data\Malwarebytes
2009-03-28 22:30:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-28 22:30:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-25 01:06:21 ----D---- C:\CFLog
2009-03-25 00:56:22 ----D---- C:\Program Files\Subagames
2009-03-25 00:47:03 ----D---- C:\Documents and Settings\All Users\Application Data\PMB Files
2009-03-25 00:46:35 ----D---- C:\Program Files\Pando Networks
2009-03-22 13:59:57 ----D---- C:\Program Files\Trend Micro
2009-03-22 13:22:14 ----HD---- C:\WINDOWS\PIF
2009-03-21 14:30:13 ----A---- C:\WINDOWS\wininit.ini

======List of files/folders modified in the last 1 months======

2009-04-15 03:58:26 ----D---- C:\WINDOWS\Internet Logs
2009-04-15 03:15:46 ----D---- C:\Program Files\Mozilla Firefox
2009-04-15 02:47:49 ----AD---- C:\WINDOWS\Temp
2009-04-15 01:58:28 ----D---- C:\Program Files\Warcraft III
2009-04-14 02:08:05 ----D---- C:\Documents and Settings\Kevin Yamamoto\Application Data\mIRC
2009-04-13 23:43:38 ----D---- C:\Program Files\mIRC
2009-04-13 19:11:03 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-13 18:36:58 ----D---- C:\Program Files\Steam
2009-04-13 08:50:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-13 00:48:21 ----SHD---- C:\WINDOWS\Installer
2009-04-13 00:48:20 ----SHD---- C:\Config.Msi
2009-04-13 00:48:14 ----D---- C:\WINDOWS\system32
2009-04-13 00:47:45 ----D---- C:\Program Files\Java
2009-04-12 11:06:39 ----D---- C:\WINDOWS
2009-04-12 11:05:58 ----D---- C:\WINDOWS\system32\wbem
2009-04-12 11:05:58 ----D---- C:\WINDOWS\system32\Setup
2009-04-12 11:05:58 ----D---- C:\WINDOWS\AppPatch
2009-04-12 11:05:54 ----RSD---- C:\WINDOWS\Fonts
2009-04-12 11:05:26 ----D---- C:\WINDOWS\security
2009-04-12 11:03:36 ----D---- C:\WINDOWS\ServicePackFiles
2009-04-12 11:03:19 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-12 10:59:58 ----D---- C:\WINDOWS\WinSxS
2009-04-12 10:59:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-12 10:59:18 ----D---- C:\Program Files\Messenger
2009-04-12 10:59:16 ----D---- C:\WINDOWS\system32\usmt
2009-04-12 10:59:16 ----D---- C:\WINDOWS\system32\Restore
2009-04-12 10:59:16 ----D---- C:\WINDOWS\system32\oobe
2009-04-12 10:59:16 ----D---- C:\WINDOWS\system32\npp
2009-04-12 10:59:15 ----D---- C:\WINDOWS\system32\inetsrv
2009-04-12 10:59:15 ----D---- C:\WINDOWS\system32\drivers
2009-04-12 10:59:00 ----D---- C:\WINDOWS\system32\Com
2009-04-12 10:58:30 ----D---- C:\WINDOWS\system
2009-04-12 10:58:29 ----D---- C:\WINDOWS\srchasst
2009-04-12 10:57:39 ----D---- C:\WINDOWS\peernet
2009-04-12 10:57:38 ----HD---- C:\WINDOWS\inf
2009-04-12 10:57:38 ----D---- C:\WINDOWS\network diagnostic
2009-04-12 10:57:38 ----D---- C:\WINDOWS\msagent
2009-04-12 10:57:33 ----D---- C:\WINDOWS\ime
2009-04-12 10:57:33 ----D---- C:\WINDOWS\Help
2009-04-12 10:57:29 ----D---- C:\Program Files\Windows NT
2009-04-12 10:57:29 ----D---- C:\Program Files\Windows Media Player
2009-04-12 10:57:29 ----D---- C:\Program Files\Outlook Express
2009-04-12 10:57:29 ----D---- C:\Program Files\NetMeeting
2009-04-12 10:57:29 ----D---- C:\Program Files\Movie Maker
2009-04-12 10:57:27 ----D---- C:\Program Files\Internet Explorer
2009-04-12 10:57:26 ----D---- C:\Program Files\Common Files\System
2009-04-12 10:57:13 ----D---- C:\WINDOWS\system32\en-US
2009-04-12 10:56:52 ----SD---- C:\WINDOWS\Tasks
2009-04-12 10:55:27 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-04-12 10:49:43 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-12 10:47:42 ----D---- C:\WINDOWS\EHome
2009-04-11 00:15:25 ----A---- C:\WINDOWS\system.ini
2009-04-11 00:14:20 ----D---- C:\Program Files\Common Files
2009-04-11 00:13:11 ----AD---- C:\Program Files
2009-04-10 23:56:09 ----D---- C:\WINDOWS\system32\config
2009-04-10 23:56:01 ----D---- C:\Program Files\Microsoft Silverlight
2009-04-10 23:48:52 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-04-07 17:10:17 ----D---- C:\Program Files\Common Files\Research In Motion
2009-04-07 14:52:18 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-06 23:45:44 ----RASH---- C:\boot.ini
2009-03-30 22:21:35 ----D---- C:\hijackthis
2009-03-30 04:32:14 ----D---- C:\Documents and Settings\Kevin Yamamoto\Application Data\OpenOffice.org2
2009-03-23 04:38:10 ----D---- C:\Documents and Settings\Kevin Yamamoto\Application Data\U3
2009-03-21 19:28:39 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-21 19:26:15 ----D---- C:\WINDOWS\Minidump
2009-03-21 19:26:15 ----D---- C:\WINDOWS\Debug
2009-03-21 04:12:36 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-03-19 21:51:35 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-19 21:43:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2001-08-23 12160]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2006-08-16 225664]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-04-10 8413]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2005-12-02 223128]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2007-06-27 28276]
R3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
R3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-15 6301248]
R3 nvax;Service for NVIDIA® nForce™ Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2005-04-13 53376]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 nvnforce;Service for NVIDIA® nForce™ Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2005-04-13 414464]
R3 Razerlow;Diamondback 3G USB Filter Driver; C:\WINDOWS\System32\Drivers\DB3G.sys [2005-04-24 13225]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-03 12416]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM; \??\C:\Program Files\VMLaunch\BuddyVM.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 FUTUREX;FUTUREX; \??\C:\Documents and Settings\Kevin Yamamoto\Desktop\ada32\aida32.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-08-05 25280]
S3 PRISM_A02;802.11a/g USB Driver; C:\WINDOWS\system32\DRIVERS\WUSB20XP.sys [2003-09-09 337184]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 TIEHDUSB;TIEHDUSB; C:\WINDOWS\system32\drivers\tiehdusb.sys [2004-02-04 49536]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 XDva004;XDva004; \??\C:\WINDOWS\system32\XDva004.sys []
S3 XDva011;XDva011; \??\C:\WINDOWS\system32\XDva011.sys []
S3 XDva037;XDva037; \??\C:\WINDOWS\system32\XDva037.sys []
S3 XDva119;XDva119; \??\C:\WINDOWS\system32\XDva119.sys []
S3 XDva121;XDva121; \??\C:\WINDOWS\system32\XDva121.sys []
S3 XDva134;XDva134; \??\C:\WINDOWS\system32\XDva134.sys []
S3 XDva158;XDva158; \??\C:\WINDOWS\system32\XDva158.sys []
S3 XDva164;XDva164; \??\C:\WINDOWS\system32\XDva164.sys []
S3 XDva167;XDva167; \??\C:\WINDOWS\system32\XDva167.sys []
S3 XDva177;XDva177; \??\C:\WINDOWS\system32\XDva177.sys []
S3 XDva190;XDva190; \??\C:\WINDOWS\system32\XDva190.sys []
S3 XDva219;XDva219; \??\C:\WINDOWS\system32\XDva219.sys []
S3 XDva224;XDva224; \??\C:\WINDOWS\system32\XDva224.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 ewido security suite control;ewido security suite control; C:\Program Files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2005-04-29 139264]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-11-30 20543]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-13 152984]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-10 40999448]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2005-04-29 131136]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2005-04-29 57412]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-15 163908]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-09-07 503608]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-07 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-08-26 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-08-26 170480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-03-16 2849844]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-07 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-08-26 1108464]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]
S4 WinDefend;Windows Defender Service; C:\Program Files\Windows Defender\MsMpEng.exe [2006-04-03 14032]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-04-15 04:00:13

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32BC2460-6246-11D3-88BC-0000B43BC585}\setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADEF1025-6D3B-485C-9AC9-1A2D81665B7F}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Toolbar-->"C:\Program Files\AIM Toolbar\uninstall.exe"
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoImpression 6-->C:\Program Files\InstallShield Installation Information\{D03E7B00-CA85-4684-9321-1888873C34BD}\Setup.exe -runfromtemp -l0x0009 -removeonly
ArcSoft Print Creations-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}\Setup.exe" -l0x9
Audiosurf Beta-->"C:\Program Files\Audiosurf\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bejeweled 2 Deluxe 1.0-->C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log"
Bejeweled 2 Deluxe-->"C:\Program Files\MSN Games\Bejeweled 2 Deluxe\Uninstall.exe" "C:\Program Files\MSN Games\Bejeweled 2 Deluxe\install.log"
BitComet 0.60-->C:\Program Files\BitComet\uninst.exe
BitLord 1.1-->C:\Program Files\Bit Lord 1.1\uninst.exe
BlackBerry Desktop Software 4.7-->MsiExec.exe /I{9833D727-8FF5-40AE-A193-525747555FF1}
BlackBerry Desktop Software 4.7-->MsiExec.exe /i{9833D727-8FF5-40AE-A193-525747555FF1}
CABAL Online-->"C:\Program Files\OGPlanet\CABAL Online\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Command & Conquer 3-->MsiExec.exe /I{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
Cross Fire En-->"C:\Program Files\Subagames\CrossFire\unins000.exe"
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
DriverAgent by TouchStone Software-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
EPSON CX4400 Series User's Guide-->C:\Program Files\epson\guide\cx4400_e\uninstall.exe
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus CX4400 Series Scanner Driver Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{471B83B9-29D8-41EC-9974-56BB8A457A8B}\Setup.exe" -l0x9
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
ewido anti-malware-->C:\Program Files\ewido anti-malware\Uninstall.exe
ffdshow [rev 776] [2007-01-14]-->"C:\Program Files\K-Lite Codec Pack\ffdshow\unins000.exe"
Fiddler2 (remove only)-->"C:\Program Files\Fiddler2\uninst.exe"
File Downloader-->MsiExec.exe /I{A5CD6670-1F48-45A3-B3E4-8238FECD1FA5}
Finale NotePad 2008-->C:\Program Files\Finale NotePad 2008\uninstallNP.exe
Garena-->C:\Program Files\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Haali Media Splitter-->"C:\Program Files\Matroska Pack\haali\uninstall.exe"
Half-Life: Counter-Strike-->C:\Sierra\COUNTE~1\UNWISE.EXE C:\Sierra\COUNTE~1\INSTALL.LOG
Hamachi 1.0.2.5-->C:\Program Files\Hamachi\uninstall.exe
Higher Score on the SAT/PSAT-->"C:\Program Files\Kap.SATr\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)-->C:\WINDOWS\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)-->C:\WINDOWS\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)-->C:\WINDOWS\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)-->C:\WINDOWS\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)-->C:\WINDOWS\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)-->C:\WINDOWS\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
ijji Auto Installer-->"C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
iPod for Windows 2005-10-12-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{B8A204BC-7177-470E-BBDD-47256D05B325}
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
K-Lite Codec Pack 2.72 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LimeWire 4.18.3-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft DirectX 9.0 SDK Update (April 2005)-->MsiExec.exe /I{2CF71A78-2272-4233-B148-0D8BAEFC2BFC}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2008 Browser-->MsiExec.exe /X{C688457E-03FD-4941-923B-A27F4D42A7DD}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{4815BD99-96A4-49FE-A885-DCF06E9E4E78}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{F3494AB6-6900-41C6-AF57-823626827ED8}
Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83}
Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{D9D937B0-E842-4130-9588-B948E876904A}
Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{F1DC7648-8623-442F-92B7-E118DF61872E}
Microsoft SQL Server 2008 Setup Support Files (English)-->MsiExec.exe /X{9D6D76A6-4328-49E8-97A7-531A74841DA5}
Microsoft SQL Server 2008-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /x86
Microsoft SQL Server 2008-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /X86
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual C++ 2008 Express Edition with SP1 - ENU\setup.exe
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU-->MsiExec.exe /X{D8087907-E255-3A41-A46D-D0F798709C71}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu-->MsiExec.exe /X{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPlugin-->"C:\Program Files\InstallShield Installation Information\{3163690A-848D-4BEA-A012-AF7D888F3C1B}\setup.exe" -runfromtemp -l0x0009 -removeonly
MSN Messenger 7.0-->MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600816}
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MUSICMATCH® Jukebox-->C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
Need for Speedâ„¢ Carbon-->C:\Program Files\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
Need2Find Bar-->rundll32 C:\PROGRA~1\NEED2F~1\bar\2.bin\Nd2fnBar.dll,O
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
NvMixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
OpenOffice.org 2.0-->MsiExec.exe /I{76BB7B2D-748F-4AE9-89C3-78C051833EA1}
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
Picture Package Music Transfer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x9 /removeonly /cont -removeonly
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Razer Diamondback 3G-->C:\Program Files\InstallShield Installation Information\{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}\Setup.exe -runfromtemp -l0x0009 -removeonly
Real Alternative 1.49-->"C:\Program Files\Real Alternative\unins000.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roger Wilco-->C:\PROGRA~1\ROGERW~1\rwbs\UNWISE.EXE C:\PROGRA~1\ROGERW~1\rwbs\INSTALL.LOG
Roxio Media Manager-->MsiExec.exe /X{AC93F461-132C-4A10-983D-7DAFE2917D67}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Skypeâ„¢ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Softnyx Launcher-->"C:\Program Files\Softnyx\Launcher\unins000.exe"
Sony Picture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spyware Doctor 3.2-->"C:\Program Files\Spyware Doctor\unins000.exe"
SpywareBlaster v3.5.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2-->"C:\Program Files\SpywareGuard\unins000.exe"
Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{C965F01C-76EA-4BD7-973E-46236AE312D7}
SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
StepMania (remove only)-->"C:\Program Files\StepMania\uninstall.exe"
SuperMegaSpoof 2.0-->"C:\Program Files\MegaSpoof\unins000.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TI Connect 1.6-->MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
TI Package Explorer-->C:\PROGRA~1\TIEDUC~1\TIPACK~1\UNWISE.EXE C:\PROGRA~1\TIEDUC~1\TIPACK~1\INSTALL.LOG
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB934391)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb953463)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
V CAST Music with Rhapsody-->C:\PROGRA~1\VCASTM~1\Unwise32.exe /A C:\PROGRA~1\VCASTM~1\install.log
vanBasco's Karaoke Player-->C:\Program Files\vanBasco's Karaoke Player\uninst.exe
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WC3Banlist-->"C:\Program Files\WC3Banlist\unins000.exe"
Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Defender-->MsiExec.exe /I{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}
Windows Driver Package - Razer (Razerlow) HIDClass (03/07/2007 1.0.0.2)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\db3g_17CEA01FB508D63DE2A978D03A05C3D4BC0BA4B7\db3g.inf
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
WinPcap 3.1-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
YSIGet-->C:\Documents and Settings\Kevin Yamamoto\Desktop\Songs\YSIGet\uninstall.exe
ZoneAlarm Spy Blocker-->rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

=====HijackThis Backups=====

O20 - AppInit_DLLs: c:\windows\system32\kezobusa.dll,C:\WINDOWS\system32\kefufaji.dll [2009-03-22]
O4 - HKLM\..\Run: [CPM675060e1] Rundll32.exe "c:\windows\system32\kezobusa.dll",a [2009-03-22]
O4 - HKUS\S-1-5-19\..\Run: [kewoderuva] Rundll32.exe "C:\WINDOWS\system32\zipetepi.dll",s (User 'LOCAL SERVICE') [2009-03-22]
O4 - HKLM\..\Run: [kewoderuva] Rundll32.exe "C:\WINDOWS\system32\zipetepi.dll",s [2009-03-22]
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kezobusa.dll [2009-03-22]
O4 - HKLM\..\Run: [6463537d] rundll32.exe "C:\WINDOWS\system32\meyeyihi.dll",b [2009-03-22]
O2 - BHO: (no name) - {6523630f-9054-4d68-92bd-a23354b4c07f} - C:\WINDOWS\system32\ginameye.dll [2009-03-22]
O4 - HKUS\S-1-5-19\..\Run: [kewoderuva] Rundll32.exe "C:\WINDOWS\system32\zipetepi.dll",s (User 'LOCAL SERVICE') [2009-03-30]
O4 - HKUS\S-1-5-20\..\Run: [kewoderuva] Rundll32.exe "C:\WINDOWS\system32\zipetepi.dll",s (User 'NETWORK SERVICE') [2009-03-30]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-04-07]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-04-07]

======Hosts File======

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090414-0] (disabled)
FW: ZoneAlarm Firewall
FW: NVIDIA Firewall (disabled)

======System event log======

Computer Name: K-LAT1XXA7XE0ZV
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk0\D.

Record Number: 73061
Source Name: Disk
Time Written: 20090328223410.000000-420
Event Type: error
User:

Computer Name: K-LAT1XXA7XE0ZV
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk0\D.

Record Number: 73060
Source Name: Disk
Time Written: 20090328223409.000000-420
Event Type: error
User:

Computer Name: K-LAT1XXA7XE0ZV
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk0\D.

Record Number: 73059
Source Name: Disk
Time Written: 20090328223409.000000-420
Event Type: error
User:

Computer Name: K-LAT1XXA7XE0ZV
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk0\D.

Record Number: 73058
Source Name: Disk
Time Written: 20090328223408.000000-420
Event Type: error
User:

Computer Name: K-LAT1XXA7XE0ZV
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk0\D.

Record Number: 73057
Source Name: Disk
Time Written: 20090328223408.000000-420
Event Type: error
User:

=====Application event log=====

Computer Name: K-LAT1XXA7XE0ZV
Event Code: 1000
Message: Faulting application svchost.exe, version 5.1.2600.2180, faulting module rpcss.dll, version 5.1.2600.2726, fault address 0x0001f4f9.

Record Number: 33559
Source Name: Application Error
Time Written: 20090228030527.000000-480
Event Type: error
User:

Computer Name: K-LAT1XXA7XE0ZV
Event Code: 0
Message:
Record Number: 33480
Source Name: Spybot - Search & Destroy
Time Written: 20090223164155.000000-480
Event Type: error
User:

Computer Name: K-LAT1XXA7XE0ZV
Event Code: 1000
Message: Faulting application garena.exe, version 3.0.0.1673, faulting module garena.exe, version 3.0.0.1673, fault address 0x0015aff1.

Record Number: 33416
Source Name: Application Error
Time Written: 20090221043951.000000-480
Event Type: error
User:

Computer Name: K-LAT1XXA7XE0ZV
Event Code: 1000
Message: Faulting application garena.exe, version 3.0.0.1673, faulting module garena.exe, version 3.0.0.1673, fault address 0x0015aff1.

Record Number: 33415
Source Name: Application Error
Time Written: 20090221043848.000000-480
Event Type: error
User:

Computer Name: K-LAT1XXA7XE0ZV
Event Code: 1000
Message: Faulting application garena.exe, version 3.0.0.1673, faulting module garena.exe, version 3.0.0.1673, fault address 0x0015aff1.

Record Number: 33414
Source Name: Application Error
Time Written: 20090221042216.000000-480
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 10, AuthenticAMD
"PROCESSOR_REVISION"=040a
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"DXSDK_DIR"=C:\Program Files\Microsoft DirectX 9.0 SDK (April 2005)\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"tvdumpflags"=8
"VS90COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\

-----------------EOF-----------------


Wednesday, April 15, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, April 15, 2009 07:27:31
Records in database: 2045964
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
Scan statistics
Files scanned 132289
Threat name 5
Infected objects 40
Suspicious objects 0
Duration of the scan 04:28:00

File name Threat name Threats count
C:\Documents and Settings\Kevin Yamamoto\Incomplete\T-5745425-DJ OZMA - Let me dance.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Kevin Yamamoto\Shared\ballin keak da sneak.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\hijackthis\backups\backup-20090321-040329-891.dll Infected: Packed.Win32.Krap.o 1
C:\hijackthis\backups\backup-20090321-040414-787.dll Infected: Packed.Win32.Krap.o 1
C:\hijackthis\backups\backup-20090321-040422-639.dll Infected: Packed.Win32.Krap.o 1
C:\hijackthis\backups\backup-20090321-040504-408.dll Infected: Packed.Win32.Krap.o 1
C:\hijackthis\backups\backup-20090321-143147-586.dll Infected: Packed.Win32.Krap.o 1
C:\hijackthis\backups\backup-20090321-143431-858.dll Infected: Packed.Win32.Krap.o 1
C:\hijackthis\backups\backup-20090321-192741-593.dll Infected: Packed.Win32.Krap.o 1
C:\hijackthis\backups\backup-20090322-043741-445.dll Infected: Packed.Win32.Krap.o 1
C:\hijackthis\backups\backup-20090322-133622-798.dll Infected: Packed.Win32.Krap.o 1
C:\hijackthis\backups\backup-20090326-010923-821.dll Infected: Packed.Win32.Krap.o 1
C:\hijackthis\backups\backup-20090326-033849-325.dll Infected: Packed.Win32.Krap.o 1
C:\hijackthis\backups\backup-20090328-043853-366.dll Infected: Packed.Win32.Krap.o 1
C:\Program Files\mIRC\backups\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.632 1
C:\Program Files\ProxyHunter\ProxyHunter.exe Infected: not-a-virus:NetTool.Win32.ProxySwitcher.a 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090322-143732-953.dll Infected: Packed.Win32.Krap.o 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\aqypii.dll.vir Infected: Packed.Win32.Krap.o 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\bopomija.exe.vir Infected: Trojan.Win32.AntiAV.aug 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\epvezs.dll.vir Infected: Packed.Win32.Krap.o 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\exkeiq.dll.vir Infected: Packed.Win32.Krap.o 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\hlbfiw.dll.vir Infected: Packed.Win32.Krap.o 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jarugede.dll.vir Infected: Packed.Win32.Krap.o 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jivulozu.dll.vir Infected: Packed.Win32.Krap.o 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kbtnbc.dll.vir Infected: Packed.Win32.Krap.o 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\lamofuku.dll.vir Infected: Packed.Win32.Krap.o 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\latadeti.dll.vir Infected: Packed.Win32.Krap.o 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\liwiwopa.dll.vir Infected: Packed.Win32.Krap.o 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\luoqoa.dll.vir Infected: Packed.Win32.Krap.o 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\muwiropu.dll.vir Infected: Packed.Win32.Krap.o 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\nowwno.dll.vir Infected: Packed.Win32.Krap.o 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\rakevaka.dll.vir Infected: Packed.Win32.Krap.o 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\rerujito.dll.vir Infected: Packed.Win32.Krap.o 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\reyahezi.dll.vir Infected: Packed.Win32.Krap.o 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\rutirawi.dll.vir Infected: Packed.Win32.Krap.o 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\rxvppk.dll.vir Infected: Packed.Win32.Krap.o 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\sajifamu.dll.vir Infected: Packed.Win32.Krap.o 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\tibufenu.dll.vir Infected: Packed.Win32.Krap.o 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\vetoyiwu.dll.vir Infected: Packed.Win32.Krap.o 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ycthkj.dll.vir Infected: Packed.Win32.Krap.o 1
The selected area was scanned.

also i could not install SP3 because there was some sort of error. I tried twice and it still wouldn't let me, so unless its completely necessary I don't really want to fus with it.

Edited by RunningMan, 16 April 2009 - 12:46 AM.


#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:41 PM

Posted 17 April 2009 - 12:00 PM

Hi RunningMan,

also i could not install SP3 because there was some sort of error. I tried twice and it still wouldn't let me, so unless its completely necessary I don't really want to fus with it.



Can you tell me anything that the error message said, that would help, it is definetly necessary to update, without doing so you are more vulnerable
to infection.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Documents and Settings\Kevin Yamamoto\Incomplete\T-5745425-DJ OZMA - Let me dance.mp3
C:\Documents and Settings\Kevin Yamamoto\Shared\ballin keak da sneak.mp3
C:\WINDOWS\system32\_004276_.tmp.dll
C:\WINDOWS\system32\_004274_.tmp.dll
C:\WINDOWS\system32\_004269_.tmp.dll
C:\WINDOWS\system32\_004268_.tmp.dll
C:\WINDOWS\system32\_004267_.tmp.dll
C:\WINDOWS\system32\_004266_.tmp.dll
C:\WINDOWS\system32\_004265_.tmp.dll
C:\WINDOWS\system32\_004262_.tmp.dll
C:\WINDOWS\system32\_004261_.tmp.dll
C:\WINDOWS\system32\_004260_.tmp.dll
C:\WINDOWS\system32\_004259_.tmp.dll
C:\WINDOWS\system32\_004257_.tmp.dll
C:\WINDOWS\system32\_004254_.tmp.dll
C:\WINDOWS\system32\_004252_.tmp.dll
C:\WINDOWS\system32\_004251_.tmp.dll
C:\WINDOWS\system32\_004247_.tmp.dll
C:\WINDOWS\system32\_004246_.tmp.dll
C:\WINDOWS\system32\_004245_.tmp.dll
C:\WINDOWS\system32\_004243_.tmp.dll
C:\WINDOWS\system32\_004241_.tmp.dll
C:\WINDOWS\system32\_004240_.tmp.dll
C:\WINDOWS\system32\_004239_.tmp.dll
C:\WINDOWS\system32\_004237_.tmp.dll
C:\WINDOWS\system32\_004236_.tmp.dll
C:\WINDOWS\system32\_004233_.tmp.dll
C:\WINDOWS\system32\_004232_.tmp.dll
C:\WINDOWS\system32\_004230_.tmp.dll
C:\WINDOWS\system32\_004229_.tmp.dll
C:\WINDOWS\system32\_004228_.tmp.dll
C:\WINDOWS\system32\_004221_.tmp.dll
C:\WINDOWS\system32\_004220_.tmp.dll
C:\WINDOWS\system32\_004219_.tmp.dll
C:\WINDOWS\system32\_004218_.tmp.dll

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next

Please download gmer.zip and save to your desktop.
  • Extract (unzip) the file to its own folder such as C:\Gmer. (Click here for information on how to do this if not sure.)
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Click on Please download gmer.zip and save to your desktop.
    this link to see a list of programs that should be disabled.
  • Double-click on gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • You may be prompted to scan immediately if GMER detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as gmer.log and copy/paste the contents in your next reply.
  • Exit GMER and re-enable all active protection when done.
Please post back with:
  • ComboFix.txt
  • gmer.log
  • Fresh HijackThis log

unite.jpg


#15 RunningMan

RunningMan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 17 April 2009 - 04:52 PM

Umm, I don't know if I was supposed to do this but combofix promted me to update so i did and then it restarted and now ur .txt file doesnt work. It just brings up the command window with a blue screen and sits there. I'll repost after Im done running the other two programs too




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users