Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mshta.exe running multiple times in processed


  • This topic is locked This topic is locked
4 replies to this topic

#1 Grim1984

Grim1984

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 17 November 2010 - 08:57 PM

I have started by doing the Prep Guide and I have the information you need from them. Note: The program DDS did not work for me and I was instructed to use RSIT.exe by Bleepin' Janitor and to post here.


Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-11-17 19:48:04
Microsoft Windows XP Professional Service Pack 2
System drive C: has 121 GB (40%) free of 305 GB
Total RAM: 2045 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:48:23 PM, on 11/17/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\csrss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS1\Explorer.EXE
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS1\RTHDCPL.EXE
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS1\system32\nvsvc32.exe
C:\WINDOWS1\system32\PnkBstrA.exe
C:\WINDOWS1\system32\PnkBstrB.exe
C:\WINDOWS1\system32\svchost.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\WINDOWS1\System32\alg.exe
C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\WINDOWS1\System32\mshta.exe
C:\WINDOWS1\System32\mshta.exe
C:\WINDOWS1\System32\mshta.exe
C:\WINDOWS1\System32\mshta.exe
C:\WINDOWS1\System32\mshta.exe
C:\WINDOWS1\System32\mshta.exe
C:\WINDOWS1\System32\mshta.exe
C:\WINDOWS1\System32\mshta.exe
C:\WINDOWS1\System32\mshta.exe
C:\WINDOWS1\System32\mshta.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator.HOME-E49B02E65C\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator.HOME-E49B02E65C\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator.HOME-E49B02E65C\My Documents\Downloads\RSIT.exe
C:\WINDOWS1\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA} - (no file)
O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O3 - Toolbar: Search Toolbar - {0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS1\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS1\system32\igfxpers.exe
O4 - HKLM\..\Run: [TBPanel] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS1\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [yeeejtjp] C:\WINDOWS1\TEMP\ypsofpvdq\geoovdbtsbl.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [yeeejtjp] C:\WINDOWS1\TEMP\ypsofpvdq\geoovdbtsbl.exe (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS1\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS1\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS1\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows1\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows1\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows1\system32\iavlsp.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Elf%20Bowling%20Holiday%20Pack/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Elf%20Bowling%20Holiday%20Pack/Images/armhelper.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS1\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS1\system32\browseui.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS1\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS1\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS1\system32\PnkBstrB.exe
O23 - Service: vseamps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
O23 - Service: vsedsps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
O23 - Service: vseqrts - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS1\system32\ZoneLabs\vsmon.exe

--
End of file - 9817 bytes

======Scheduled tasks folder======

C:\WINDOWS1\tasks\Advanced System Optimizer Scheduler.job
C:\WINDOWS1\tasks\AppleSoftwareUpdate.job
C:\WINDOWS1\tasks\ASOService.job
C:\WINDOWS1\tasks\At1.job
C:\WINDOWS1\tasks\At10.job
C:\WINDOWS1\tasks\At11.job
C:\WINDOWS1\tasks\At12.job
C:\WINDOWS1\tasks\At13.job
C:\WINDOWS1\tasks\At14.job
C:\WINDOWS1\tasks\At15.job
C:\WINDOWS1\tasks\At16.job
C:\WINDOWS1\tasks\At17.job
C:\WINDOWS1\tasks\At18.job
C:\WINDOWS1\tasks\At19.job
C:\WINDOWS1\tasks\At2.job
C:\WINDOWS1\tasks\At20.job
C:\WINDOWS1\tasks\At21.job
C:\WINDOWS1\tasks\At22.job
C:\WINDOWS1\tasks\At23.job
C:\WINDOWS1\tasks\At24.job
C:\WINDOWS1\tasks\At3.job
C:\WINDOWS1\tasks\At4.job
C:\WINDOWS1\tasks\At5.job
C:\WINDOWS1\tasks\At6.job
C:\WINDOWS1\tasks\At7.job
C:\WINDOWS1\tasks\At8.job
C:\WINDOWS1\tasks\At9.job
C:\WINDOWS1\tasks\COMODO System Cleaner Update.job
C:\WINDOWS1\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS1\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS1\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-492894223-725345543-500Core.job
C:\WINDOWS1\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-492894223-725345543-500UA.job
C:\WINDOWS1\tasks\ParetoLogic Registration3.job
C:\WINDOWS1\tasks\ParetoLogic Update Version3.job
C:\WINDOWS1\tasks\PC Health Advisor Defrag.job
C:\WINDOWS1\tasks\PCConfidential.job
C:\WINDOWS1\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-492894223-725345543-500.job
C:\WINDOWS1\tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-492894223-725345543-500.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-09-02 591352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
ZoneAlarm Security Toolbar - C:\Program Files\ZoneAlarm_Security\tbZone.dll [2010-06-13 2734688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-8398-26FADCF27386}]
Verizon Broadband Toolbar - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL [2008-05-30 1991680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
TBSB05974 Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-8398-26FADCF27386} - Verizon Broadband Toolbar - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL [2008-05-30 1991680]
{0C8413C1-FAD1-446C-8584-BE50576F863E} -
{91da5e8a-3318-4f8c-b67e-5964de3ab546} - ZoneAlarm Security Toolbar - C:\Program Files\ZoneAlarm_Security\tbZone.dll [2010-06-13 2734688]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-09-02 591352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS1\system32\igfxtray.exe [2007-07-11 142104]
"Persistence"=C:\WINDOWS1\system32\igfxpers.exe [2007-07-11 138008]
"TBPanel"=C:\Program Files\VDOTool\TBPanel.exe [2008-01-09 2169384]
"RTHDCPL"=C:\WINDOWS1\RTHDCPL.EXE [2009-02-17 17508864]
"Alcmtr"=ALCMTR.EXE []
"NvCplDaemon"=C:\WINDOWS1\system32\NvCpl.dll [2008-01-09 13508608]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-09-02 1043968]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2010-09-02 738808]
"IObit Security 360"=C:\Program Files\IObit\IObit Security 360\IS360tray.exe [2010-06-11 1280344]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SMRequiresRestart"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-09-28 2407632]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-08-20 1164584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Administrator.HOME-E49B02E65C\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-17 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\Download Manager\DLM.exe [2009-05-14 1103216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2008-07-07 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator.HOME-E49B02E65C^Start Menu^Programs^Startup^Shortcut to ts3server_win32.lnk]
C:\DOCUME~1\ADMINI~1.HOM\Desktop\MISC~1.STU\TEAMSP~1\TS3SER~1.EXE [2010-04-13 2604744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS1\system32\igfxdev.dll [2007-07-11 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS1\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS1\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"LegalNoticeText"=
"LegalNoticeCaption"=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"DisallowRun"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS1\system32\PnkBstrA.exe"="C:\WINDOWS1\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS1\system32\PnkBstrB.exe"="C:\WINDOWS1\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\All Users.WINDOWS1\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users.WINDOWS1\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Program Files\CoD RconTool\Profiles\Standard\Chat\pbucon.exe"="C:\Program Files\CoD RconTool\Profiles\Standard\Chat\pbucon.exe:*:Enabled:pbucon"
"C:\Program Files\CoD RconTool\Profiles\Grim\Chat\pbucon.exe"="C:\Program Files\CoD RconTool\Profiles\Grim\Chat\pbucon.exe:*:Enabled:pbucon"
"C:\Program Files\Sierra\SWAT 4\Content\System\Swat4.exe"="C:\Program Files\Sierra\SWAT 4\Content\System\Swat4.exe:*:Enabled:SWAT 4"
"C:\Documents and Settings\Administrator.HOME-E49B02E65C\Local Settings\Application Data\Dyyno Receiver\DPPM.exe"="C:\Documents and Settings\Administrator.HOME-E49B02E65C\Local Settings\Application Data\Dyyno Receiver\DPPM.exe:*:Enabled:dppmmain Application"
"C:\Program Files\CoD RconTool\CoD RconTool.exe"="C:\Program Files\CoD RconTool\CoD RconTool.exe:*:Enabled:CoD RconTool"
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\occ.exe"="C:\occ.exe:*:Enabled:OneCC Module"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe"="C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2"
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe"="C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2 Update"
"C:\Program Files\Atari\ArmA\arma.exe"="C:\Program Files\Atari\ArmA\arma.exe:*:Enabled:ArmA"
"C:\Program Files\Silkroad\sro_client.exe"="C:\Program Files\Silkroad\sro_client.exe:*:Enabled:sro_client"
"C:\Program Files\cSilkroad\sro_client.exe"="C:\Program Files\cSilkroad\sro_client.exe:*:Enabled:sro_client"
"C:\Program Files\ECSRO\SilkErrSender.exe"="C:\Program Files\ECSRO\SilkErrSender.exe:*:Enabled:FTPSender MFC ?? ????"
"C:\Documents and Settings\Administrator.HOME-E49B02E65C\Desktop\SRO JUNK\Sro Emu\Sremuv81.exe"="C:\Documents and Settings\Administrator.HOME-E49B02E65C\Desktop\SRO JUNK\Sro Emu\Sremuv81.exe:*:Enabled:Sremuv81"
"C:\Program Files\Atari\ArmA\beta\arma.exe"="C:\Program Files\Atari\ArmA\beta\arma.exe:*:Enabled:ArmA"
"C:\Program Files\Atari\ArmA\beta\arma_server.exe"="C:\Program Files\Atari\ArmA\beta\arma_server.exe:*:Enabled:ArmA"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Winmx\WinMX.exe"="C:\Program Files\Winmx\WinMX.exe:*:Enabled:WinMX Application"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Atari1\ArmA\beta\arma.exe"="C:\Program Files\Atari1\ArmA\beta\arma.exe:*:Disabled:ArmA"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War™ "
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War™ "
"C:\Program Files\Atari1\ArmA\arma.exe"="C:\Program Files\Atari1\ArmA\arma.exe:*:Enabled:ArmA"
"C:\Documents and Settings\Administrator.HOME-E49B02E65C\Desktop\SRO JUNK\Silkroad Emulator Pack\Sro Emu\Sremuv81.exe"="C:\Documents and Settings\Administrator.HOME-E49B02E65C\Desktop\SRO JUNK\Silkroad Emulator Pack\Sro Emu\Sremuv81.exe:*:Enabled:Sremuv81"
"C:\Documents and Settings\Administrator.HOME-E49B02E65C\Desktop\SRO JUNK\emu\Sro Emu\Sremuv81.exe"="C:\Documents and Settings\Administrator.HOME-E49B02E65C\Desktop\SRO JUNK\emu\Sro Emu\Sremuv81.exe:*:Enabled:Sremuv81"
"C:\Program Files\USArmy\America's Army 2\System\ArmyOps.exe"="C:\Program Files\USArmy\America's Army 2\System\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Teamspeak2_RC2-2\server_windows.exe"="C:\Program Files\Teamspeak2_RC2-2\server_windows.exe:*:Enabled:Server"
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2"
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe"="C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe"="C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company™ 2"
"C:\Program Files\CoD RconTool10\Profiles\trcv\Chat\pbucon.exe"="C:\Program Files\CoD RconTool10\Profiles\trcv\Chat\pbucon.exe:*:Enabled:pbucon"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "
"C:\Program Files\CoD RconTool10\CoD RconTool.exe"="C:\Program Files\CoD RconTool10\CoD RconTool.exe:*:Enabled:CoD RconTool"
"C:\Program Files\BYOND\bin\byond.exe"="C:\Program Files\BYOND\bin\byond.exe:*:Enabled:byond"
"C:\Program Files\BYOND\bin\dreamseeker.exe"="C:\Program Files\BYOND\bin\dreamseeker.exe:*:Enabled:Dream Seeker"
"C:\Program Files\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe"="C:\Program Files\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe:*:Enabled:America's Army 3"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\BYOND\bin\dreamdaemon.exe"="C:\Program Files\BYOND\bin\dreamdaemon.exe:*:Enabled:dreamdaemon"
"C:\Program Files\xchat\xchat.exe"="C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client"
"C:\Program Files\Bohemia Interactive\ArmA 2 Operation Arrowhead\arma2OA.exe"="C:\Program Files\Bohemia Interactive\ArmA 2 Operation Arrowhead\arma2OA.exe:*:Enabled:ArmA 2 Operation Arrowhead"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Administrator.HOME-E49B02E65C\Desktop\zazc\ZSZCPotter.exe"="C:\Documents and Settings\Administrator.HOME-E49B02E65C\Desktop\zazc\ZSZCPotter.exe:*:Enabled:ZSZC Servers"
"C:\WINDOWS1\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS1\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon"
"C:\Program Files\iolo\System Mechanic Professional\SysMech.exe"="C:\Program Files\iolo\System Mechanic Professional\SysMech.exe:*:Enabled:iolo System Shield®"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

======File associations======

.js - open - NOTEPAD.EXE %1
.reg - open - NOTEPAD.EXE %1
.scr - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2010-11-17 19:48:04 ----D---- C:\rsit
2010-11-17 19:48:04 ----D---- C:\Program Files\trend micro
2010-11-17 19:42:47 ----D---- C:\WINDOWS1\system32\xmldm
2010-11-17 10:21:05 ----A---- C:\WINDOWS1\system32\smrgdf.txt
2010-11-16 22:45:31 ----A---- C:\WINDOWS1\system32\iolo.ini
2010-11-16 21:22:17 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\Malwarebytes
2010-11-16 21:22:02 ----A---- C:\WINDOWS1\system32\drivers\mbamswissarmy.sys
2010-11-16 21:22:00 ----D---- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Malwarebytes
2010-11-16 21:21:59 ----A---- C:\WINDOWS1\system32\drivers\mbam.sys
2010-11-16 21:21:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-16 09:22:34 ----HDC---- C:\WINDOWS1\$NtUninstallKB932823-v3$
2010-11-16 08:20:32 ----D---- C:\Program Files\ESET
2010-11-14 17:03:27 ----D---- C:\Documents and Settings\All Users.WINDOWS1\Application Data\IObit
2010-11-13 17:02:34 ----D---- C:\Program Files\Common Files\Akamai
2010-11-13 15:46:06 ----A---- C:\EventLOG.txt
2010-11-13 12:13:05 ----A---- C:\WINDOWS1\system32\iolo.ini.txt
2010-11-13 12:09:23 ----A---- C:\WINDOWS1\system32\Incinerator.dll
2010-11-13 12:09:23 ----A---- C:\WINDOWS1\system32\IncContxMenu.dll
2010-11-13 12:09:22 ----A---- C:\WINDOWS1\system32\drivers\filedisk.sys
2010-11-13 12:09:19 ----A---- C:\WINDOWS1\system32\smrgdf.exe
2010-11-13 12:09:19 ----A---- C:\WINDOWS1\system32\iolobtdfg.exe
2010-11-13 12:09:17 ----D---- C:\Program Files\iolo
2010-11-12 20:50:13 ----A---- C:\WINDOWS1\system32\XAudio2_7.dll
2010-11-12 20:50:13 ----A---- C:\WINDOWS1\system32\XAPOFX1_5.dll
2010-11-12 20:50:13 ----A---- C:\WINDOWS1\system32\xactengine3_7.dll
2010-11-12 20:50:12 ----A---- C:\WINDOWS1\system32\d3dx11_43.dll
2010-11-12 20:50:12 ----A---- C:\WINDOWS1\system32\d3dx10_43.dll
2010-11-12 20:50:12 ----A---- C:\WINDOWS1\system32\d3dcsx_43.dll
2010-11-12 20:50:12 ----A---- C:\WINDOWS1\system32\D3DCompiler_43.dll
2010-11-12 20:50:11 ----A---- C:\WINDOWS1\system32\D3DX9_43.dll
2010-11-12 20:37:42 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\CheckPoint
2010-11-12 20:37:12 ----D---- C:\Program Files\ZoneAlarm_Security
2010-11-12 20:36:56 ----D---- C:\Program Files\CheckPoint
2010-11-12 20:36:53 ----A---- C:\WINDOWS1\system32\vsregexp.dll
2010-11-12 20:36:52 ----A---- C:\WINDOWS1\system32\zlcommdb.dll
2010-11-12 20:36:52 ----A---- C:\WINDOWS1\system32\zlcomm.dll
2010-11-12 20:36:45 ----A---- C:\WINDOWS1\system32\vswmi.dll
2010-11-12 20:36:43 ----D---- C:\WINDOWS1\system32\ZoneLabs
2010-11-12 20:36:43 ----A---- C:\WINDOWS1\system32\zpeng25.dll
2010-11-12 20:36:43 ----A---- C:\WINDOWS1\system32\vsxml.dll
2010-11-12 20:36:43 ----A---- C:\WINDOWS1\system32\vspubapi.dll
2010-11-12 20:36:43 ----A---- C:\WINDOWS1\system32\vsmonapi.dll
2010-11-12 20:36:42 ----A---- C:\WINDOWS1\system32\vsdatant.sys
2010-11-12 20:36:09 ----A---- C:\WINDOWS1\system32\vsutil.dll
2010-11-12 20:36:09 ----A---- C:\WINDOWS1\system32\vsinit.dll
2010-11-12 20:36:09 ----A---- C:\WINDOWS1\system32\vsdata.dll
2010-11-12 20:31:42 ----HDC---- C:\WINDOWS1\$NtUninstallKB943232$
2010-11-12 20:30:02 ----D---- C:\a7fbe5fcf22cc73a53527059f847500a
2010-11-12 20:30:01 ----D---- C:\Program Files\Zone Labs
2010-11-12 20:29:50 ----D---- C:\WINDOWS1\Internet Logs
2010-11-12 19:36:57 ----A---- C:\WINDOWS1\is-D0F8S.exe
2010-11-12 19:31:33 ----D---- C:\Program Files\Common Files\Authentium
2010-11-12 19:31:28 ----A---- C:\WINDOWS1\system32\iavlsp.dll
2010-11-11 23:32:16 ----D---- C:\iolo
2010-11-11 22:27:46 ----A---- C:\WINDOWS1\system32\mfc45.dll
2010-11-11 22:27:45 ----D---- C:\Documents and Settings\All Users.WINDOWS1\Application Data\iolo
2010-11-11 22:27:45 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\iolo
2010-11-11 21:57:53 ----D---- C:\WINDOWS1\system32\CatRoot_bak
2010-11-11 21:57:40 ----D---- C:\Program Files\Common Files\Skype
2010-11-11 21:23:10 ----A---- C:\WINDOWS1\ntbtlog.txt
2010-11-11 21:19:37 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-11-11 21:19:37 ----D---- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Spybot - Search & Destroy
2010-11-11 21:10:37 ----D---- C:\fc7ff18dfe20c4d5d37e000928
2010-11-11 20:17:07 ----RD---- C:\Program Files\Skype
2010-11-11 10:12:15 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\ComodoGroup
2010-11-11 09:49:16 ----N---- C:\WINDOWS1\system32\drivers\NVXBAR.SYS
2010-11-11 01:07:35 ----A---- C:\WINDOWS1\HideWin.exe
2010-11-10 22:57:23 ----N---- C:\WINDOWS1\system32\drivers\NVCAP.SYS
2010-11-10 22:53:03 ----D---- C:\WINDOWS1\nview
2010-11-10 22:17:43 ----D---- C:\WINDOWS1\Prefetch
2010-11-10 22:11:08 ----RAH---- C:\WINDOWS1\system32\logonui.exe.manifest
2010-11-10 22:02:44 ----A---- C:\WINDOWS1\pnplog.txt
2010-11-10 21:54:24 ----A---- C:\WINDOWS1\system32\spxcoins.dll
2010-11-10 21:54:24 ----A---- C:\WINDOWS1\system32\irclass.dll
2010-11-10 21:54:08 ----RA---- C:\WINDOWS1\SETD2.tmp
2010-11-10 21:54:05 ----RA---- C:\WINDOWS1\SETC6.tmp
2010-11-10 21:54:03 ----RA---- C:\WINDOWS1\SETC3.tmp
2010-11-10 21:52:29 ----A---- C:\WINDOWS1\setuplog.txt
2010-11-10 16:14:01 ----A---- C:\WINDOWS1\system32\234.js
2010-11-10 15:44:33 ----ASH---- C:\pagefile.sys
2010-11-09 22:18:18 ----A---- C:\loader.ini
2010-10-25 21:43:25 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\vlc
2010-10-25 21:37:01 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\MozillaControl
2010-10-25 21:36:38 ----D---- C:\Program Files\Mozilla ActiveX Control v1.7.12
2010-10-25 21:35:16 ----D---- C:\Program Files\Graboid
2010-10-25 21:31:00 ----A---- C:\WINDOWS1\cdplayer.ini
2010-10-25 21:30:23 ----A---- C:\WINDOWS1\system32\rmoc3260.dll
2010-10-25 21:30:19 ----A---- C:\WINDOWS1\system32\pndx5032.dll
2010-10-25 21:30:19 ----A---- C:\WINDOWS1\system32\pndx5016.dll
2010-10-25 21:30:14 ----D---- C:\Program Files\Common Files\xing shared
2010-10-25 21:30:01 ----D---- C:\Program Files\Real
2010-10-25 21:30:01 ----A---- C:\WINDOWS1\system32\pncrt.dll
2010-10-25 21:30:00 ----D---- C:\Program Files\Common Files\Real
2010-10-25 21:30:00 ----D---- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Real
2010-10-25 21:29:59 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\Real
2010-10-25 18:16:19 ----D---- C:\WINDOWS1\pss
2010-10-24 13:37:57 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\HandBrake
2010-10-24 13:37:51 ----D---- C:\Program Files\Handbrake
2010-10-24 13:24:40 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\InfraRecorder

======List of files/folders modified in the last 1 months======

2010-11-17 19:48:04 ----RD---- C:\Program Files
2010-11-17 19:44:25 ----A---- C:\WINDOWS1\DFC.INI
2010-11-17 19:42:58 ----D---- C:\WINDOWS1\system32\CatRoot2
2010-11-17 19:42:47 ----D---- C:\WINDOWS1\system32
2010-11-17 16:28:47 ----D---- C:\WINDOWS1\system32\config
2010-11-17 10:25:48 ----D---- C:\WINDOWS1\Minidump
2010-11-17 10:25:48 ----D---- C:\WINDOWS1
2010-11-17 10:21:00 ----D---- C:\WINDOWS1\Temp
2010-11-17 09:45:50 ----D---- C:\WINDOWS1\system32\ias
2010-11-17 09:45:35 ----A---- C:\WINDOWS1\ModemLog_Communications cable between two computers.txt
2010-11-17 09:43:09 ----D---- C:\WINDOWS1\system32\drivers
2010-11-17 09:43:09 ----D---- C:\WINDOWS1\Microsoft.NET
2010-11-16 22:43:57 ----HD---- C:\WINDOWS1\$NtUninstallKB932168$
2010-11-16 22:43:14 ----A---- C:\WINDOWS1\SchedLgU.Txt
2010-11-16 20:59:13 ----D---- C:\Program Files\Steam
2010-11-16 09:27:55 ----RSHDC---- C:\WINDOWS1\system32\dllcache
2010-11-16 09:23:12 ----HD---- C:\WINDOWS1\inf
2010-11-16 09:23:04 ----D---- C:\WINDOWS1\system32\CatRoot
2010-11-16 09:22:03 ----HD---- C:\WINDOWS1\$hf_mig$
2010-11-16 01:35:35 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\uTorrent
2010-11-16 01:35:29 ----D---- C:\Program Files\Mozilla Firefox
2010-11-16 01:35:28 ----D---- C:\Program Files\Xfire
2010-11-16 01:35:28 ----D---- C:\Program Files\WinRAR
2010-11-16 01:35:27 ----SHD---- C:\WINDOWS1\Installer
2010-11-16 01:35:27 ----D---- C:\WINDOWS1\Logs
2010-11-16 01:35:27 ----D---- C:\WINDOWS1\Debug
2010-11-16 01:35:27 ----D---- C:\TempEI4
2010-11-16 01:35:26 ----D---- C:\WINDOWS1\system32\NtmsData
2010-11-14 17:04:11 ----SD---- C:\WINDOWS1\Tasks
2010-11-14 17:03:28 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\IObit
2010-11-14 17:03:24 ----D---- C:\Program Files\IObit
2010-11-14 16:46:24 ----SD---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\Microsoft
2010-11-14 16:46:23 ----SHD---- C:\Config.Msi
2010-11-14 16:44:48 ----D---- C:\Program Files\Common Files
2010-11-14 16:43:31 ----D---- C:\Program Files\xchat
2010-11-13 18:58:16 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\Skype
2010-11-13 16:43:29 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\skypePM
2010-11-12 20:50:14 ----D---- C:\WINDOWS1\system32\DirectX
2010-11-12 20:49:44 ----RSD---- C:\WINDOWS1\assembly
2010-11-12 20:48:56 ----D---- C:\WINDOWS1\WinSxS
2010-11-11 23:48:16 ----A---- C:\WINDOWS1\system32\PnkBstrB.exe
2010-11-11 22:35:28 ----RD---- C:\WINDOWS1\Offline Web Pages
2010-11-11 22:33:39 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-11-11 22:20:55 ----D---- C:\WINDOWS1\system32\drivers\etc
2010-11-11 22:16:59 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\Mozilla
2010-11-11 21:57:38 ----D---- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Skype
2010-11-11 21:57:37 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-11 21:57:35 ----D---- C:\WINDOWS1\repair
2010-11-11 21:57:35 ----D---- C:\Program Files\Silkroademu
2010-11-11 21:57:32 ----D---- C:\WINDOWS1\system32\ReinstallBackups
2010-11-11 21:57:27 ----D---- C:\Program Files\Realtek
2010-11-11 21:57:23 ----D---- C:\Documents and Settings
2010-11-11 21:57:22 ----D---- C:\Program Files\VDOTool
2010-11-11 10:48:24 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\TeamViewer
2010-11-11 10:48:22 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\X-Chat 2
2010-11-11 10:48:20 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\LimeWire
2010-11-11 10:09:20 ----ASH---- C:\boot.ini
2010-11-11 03:17:18 ----SHD---- C:\System Volume Information
2010-11-11 01:55:03 ----D---- C:\WINDOWS1\Registration
2010-11-11 01:16:37 ----D---- C:\WINDOWS1\system32\RTCOM
2010-11-10 22:57:48 ----D---- C:\WINDOWS1\security
2010-11-10 22:53:34 ----D---- C:\WINDOWS1\Help
2010-11-10 22:22:22 ----D---- C:\WINDOWS1\system32\Restore
2010-11-10 22:20:21 ----A---- C:\WINDOWS1\system32\PerfStringBackup.INI
2010-11-10 22:16:52 ----D---- C:\WINDOWS1\system32\inetsrv
2010-11-10 22:16:52 ----D---- C:\Program Files\NVIDIA Corporation
2010-11-10 22:12:10 ----AC---- C:\WINDOWS1\OEWABLog.txt
2010-11-10 22:12:04 ----AC---- C:\WINDOWS1\ODBCINST.INI
2010-11-10 22:11:38 ----ASH---- C:\WINDOWS1\fonts\desktop.ini
2010-11-10 22:11:10 ----RD---- C:\WINDOWS1\Web
2010-11-10 22:11:03 ----RAHC---- C:\WINDOWS1\system32\cdplayer.exe.manifest
2010-11-10 22:10:52 ----A---- C:\WINDOWS1\win.ini
2010-11-10 22:10:48 ----D---- C:\WINDOWS1\system32\oobe
2010-11-10 22:10:46 ----D---- C:\WINDOWS1\srchasst
2010-11-10 22:10:43 ----D---- C:\Program Files\Windows Media Player
2010-11-10 22:10:36 ----D---- C:\Program Files\Movie Maker
2010-11-10 22:10:26 ----D---- C:\Program Files\NetMeeting
2010-11-10 22:10:22 ----D---- C:\Program Files\Outlook Express
2010-11-10 22:10:22 ----D---- C:\Program Files\Common Files\System
2010-11-10 22:10:08 ----D---- C:\Program Files\Internet Explorer
2010-11-10 22:09:28 ----D---- C:\WINDOWS1\system32\Com
2010-11-10 22:09:03 ----D---- C:\WINDOWS1\system32\wbem
2010-11-10 22:09:00 ----D---- C:\Program Files\Windows NT
2010-11-10 22:00:19 ----D---- C:\Documents and Settings\All Users.WINDOWS1\Application Data\NVIDIA Corporation
2010-11-10 21:59:31 ----HDC---- C:\WINDOWS1\$MSI31Uninstall_KB893803v2$
2010-11-10 21:54:29 ----A---- C:\WINDOWS1\system.ini
2010-11-10 21:54:23 ----D---- C:\WINDOWS1\system
2010-11-10 21:54:14 ----ASH---- C:\Documents and Settings\All Users.WINDOWS1\Application Data\desktop.ini
2010-11-10 15:50:32 ----D---- C:\WINDOWS1\system32\Setup
2010-11-10 15:50:24 ----D---- C:\WINDOWS1\system32\usmt
2010-11-10 15:50:16 ----D---- C:\WINDOWS1\AppPatch
2010-11-10 15:50:09 ----D---- C:\WINDOWS1\mui
2010-11-10 15:50:09 ----D---- C:\WINDOWS1\ehome
2010-11-10 15:50:08 ----D---- C:\WINDOWS1\ime
2010-11-10 15:50:07 ----RSD---- C:\WINDOWS1\Fonts
2010-11-10 15:50:06 ----D---- C:\WINDOWS1\Media
2010-11-10 15:49:56 ----D---- C:\WINDOWS1\PeerNet
2010-11-10 15:49:43 ----D---- C:\WINDOWS1\system32\npp
2010-11-10 15:49:36 ----D---- C:\WINDOWS1\msagent
2010-11-10 15:46:46 ----D---- C:\WINDOWS1\twain_32
2010-11-10 15:46:06 ----D---- C:\WINDOWS1\system32\icsxml
2010-11-10 15:45:30 ----D---- C:\WINDOWS1\system32\1033
2010-11-10 15:44:33 ----D---- C:\WINDOWS1\Driver Cache
2010-11-09 22:05:41 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\Xfire
2010-11-09 17:48:12 ----D---- C:\Program Files\TeamSpeak 3 Client
2010-11-05 21:48:16 ----D---- C:\Program Files\Silkroad
2010-10-28 10:46:00 ----A---- C:\WINDOWS1\RtlExUpd.dll
2010-10-26 16:42:17 ----D---- C:\Program Files\Microsoft Silverlight
2010-10-25 21:30:01 ----A---- C:\WINDOWS1\system32\msvcr71.dll
2010-10-25 21:30:01 ----A---- C:\WINDOWS1\system32\msvcp71.dll
2010-10-25 18:32:12 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\TS3Client
2010-10-24 13:31:29 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS1\System32\Drivers\PxHelp20.sys [2010-08-11 45648]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS1\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 FileDisk;FileDisk; C:\WINDOWS1\system32\drivers\FileDisk.sys [2010-06-29 9341]
R1 intelppm;Intel Processor Driver; C:\WINDOWS1\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS1\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 SCDEmu;SCDEmu; C:\WINDOWS1\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R1 vsdatant;vsdatant; C:\WINDOWS1\System32\vsdatant.sys [2010-05-13 532224]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS1\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AMP;AMP; C:\WINDOWS1\system32\DRIVERS\amp.sys [2010-01-19 127016]
R2 AMPSE;AMPSE; C:\WINDOWS1\system32\DRIVERS\ampse.sys [2010-01-19 1118248]
R2 cpuz132;cpuz132; \??\C:\WINDOWS1\system32\drivers\cpuz132_x32.sys []
R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []
R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS1\system32\DRIVERS\nvcap.sys [2008-01-09 141246]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS1\system32\DRIVERS\NVxbar.sys [2008-01-09 16176]
R2 TBPanel;TBPanel; C:\WINDOWS1\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS1\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS1\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS1\system32\drivers\RtkHDAud.sys [2009-02-17 5026816]
R3 mouhid;Mouse HID Driver; C:\WINDOWS1\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 nv;nv; C:\WINDOWS1\system32\DRIVERS\nv4_mini.sys [2008-01-09 7077344]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS1\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS1\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS1\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS1\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S0 CFRMD;CFRMD; C:\WINDOWS1\System32\drivers\CFRMD.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS1\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 Cardex;Cardex; \??\C:\WINDOWS1\system32\drivers\TBPANEL.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS1\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cimo;cimo; \??\C:\WINDOWS1\system32\drivers\cimo.ahc []
S3 cpuz129;cpuz129; \??\C:\Program Files\PC Wizard 2008\pcwiz32.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS1\system32\drivers\EagleNT.sys []
S3 ialm;ialm; C:\WINDOWS1\system32\DRIVERS\igxpmp32.sys [2007-07-11 5761728]
S3 Monfilt;Monfilt; C:\WINDOWS1\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS1\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS1\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS1\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 SaiMini;SaiMini; C:\WINDOWS1\system32\DRIVERS\SaiMini.sys [2007-10-05 14080]
S3 SaiNtBus;SaiNtBus; C:\WINDOWS1\system32\drivers\SaiBus.sys [2007-10-05 35200]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS1\system32\drivers\ScreamingBAudio.sys [2009-12-01 34384]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS1\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS1\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS1\system32\DRIVERS\TVICHW32.SYS []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS1\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS1\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS1\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 WpdUsb;WpdUsb; C:\WINDOWS1\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS1\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS1\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\WINDOWS1\System32\svchost.exe [2004-08-04 14336]
R2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [2010-10-12 724152]
R2 ioloSystemService;iolo System Service; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [2010-10-12 724152]
R2 IS360service;IS360service; C:\Program Files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
R2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2010-09-02 493048]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS1\system32\nvsvc32.exe [2008-01-09 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS1\system32\PnkBstrA.exe [2010-06-19 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS1\system32\PnkBstrB.exe [2010-11-11 215152]
R2 vseamps;vseamps; C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [2010-01-19 121384]
R2 vsedsps;vsedsps; C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2010-01-19 117288]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS1\system32\ZoneLabs\vsmon.exe [2010-09-02 2435592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS1\system32\svchost.exe [2004-08-04 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS1\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS1\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS1\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS1\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS1\system32\wdfmgr.exe [2005-01-28 38912]
S3 vseqrts;vseqrts; C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2010-01-19 158248]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS1\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS1\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS1\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Grim1984

Grim1984
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 20 November 2010 - 06:05 PM

I believe I have rid myself of this malware .... I am sorry that I could not wait for you to help me! I would like that this thread be closed unless you see something in the lower log that looks like I still have some type of malware/virus/trojan/spyware.. Thanks for taking the time to look and again I am sorry I could not wait!




Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-11-20 16:56:58
Microsoft Windows XP Professional Service Pack 2
System drive C: has 121 GB (40%) free of 305 GB
Total RAM: 2045 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:57:07 PM, on 11/20/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\WINDOWS1\system32\nvsvc32.exe
C:\WINDOWS1\system32\PnkBstrA.exe
C:\WINDOWS1\system32\PnkBstrB.exe
C:\WINDOWS1\system32\svchost.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS1\RTHDCPL.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\WINDOWS1\explorer.exe
C:\Documents and Settings\Administrator.HOME-E49B02E65C\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator.HOME-E49B02E65C\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator.HOME-E49B02E65C\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS1\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS1\system32\igfxpers.exe
O4 - HKLM\..\Run: [TBPanel] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS1\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS1\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS1\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS1\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows1\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows1\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows1\system32\iavlsp.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Elf%20Bowling%20Holiday%20Pack/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Elf%20Bowling%20Holiday%20Pack/Images/armhelper.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS1\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS1\system32\browseui.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS1\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS1\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS1\system32\PnkBstrB.exe
O23 - Service: vseamps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
O23 - Service: vsedsps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
O23 - Service: vseqrts - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS1\system32\ZoneLabs\vsmon.exe

--
End of file - 8582 bytes

======Scheduled tasks folder======

C:\WINDOWS1\tasks\AppleSoftwareUpdate.job
C:\WINDOWS1\tasks\COMODO System Cleaner Update.job
C:\WINDOWS1\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS1\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS1\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-492894223-725345543-500Core.job
C:\WINDOWS1\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-492894223-725345543-500UA.job
C:\WINDOWS1\tasks\ParetoLogic Registration3.job
C:\WINDOWS1\tasks\ParetoLogic Update Version3.job
C:\WINDOWS1\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-492894223-725345543-500.job
C:\WINDOWS1\tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-492894223-725345543-500.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-09-02 591352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
ZoneAlarm Security Toolbar - C:\Program Files\ZoneAlarm_Security\tbZone.dll [2010-06-13 2734688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-8398-26FADCF27386}]
Verizon Broadband Toolbar - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL [2008-05-30 1991680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
TBSB05974 Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-8398-26FADCF27386} - Verizon Broadband Toolbar - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL [2008-05-30 1991680]
{91da5e8a-3318-4f8c-b67e-5964de3ab546} - ZoneAlarm Security Toolbar - C:\Program Files\ZoneAlarm_Security\tbZone.dll [2010-06-13 2734688]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-09-02 591352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS1\system32\igfxtray.exe [2007-07-11 142104]
"Persistence"=C:\WINDOWS1\system32\igfxpers.exe [2007-07-11 138008]
"TBPanel"=C:\Program Files\VDOTool\TBPanel.exe [2008-01-09 2169384]
"RTHDCPL"=C:\WINDOWS1\RTHDCPL.EXE [2009-02-17 17508864]
"NvCplDaemon"=C:\WINDOWS1\system32\NvCpl.dll [2008-01-09 13508608]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-09-02 1043968]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2010-09-02 738808]
"IObit Security 360"=C:\Program Files\IObit\IObit Security 360\IS360tray.exe [2010-06-11 1280344]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SMRequiresRestart"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-09-28 2407632]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-10-25 2424560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-08-20 1164584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Administrator.HOME-E49B02E65C\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-17 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\Download Manager\DLM.exe [2009-05-14 1103216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2008-07-07 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator.HOME-E49B02E65C^Start Menu^Programs^Startup^Shortcut to ts3server_win32.lnk]
C:\DOCUME~1\ADMINI~1.HOM\Desktop\MISC~1.STU\TEAMSP~1\TS3SER~1.EXE [2010-04-13 2604744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS1\system32\igfxdev.dll [2007-07-11 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS1\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS1\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"LegalNoticeText"=
"LegalNoticeCaption"=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS1\system32\PnkBstrA.exe"="C:\WINDOWS1\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS1\system32\PnkBstrB.exe"="C:\WINDOWS1\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\All Users.WINDOWS1\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users.WINDOWS1\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Program Files\CoD RconTool\Profiles\Standard\Chat\pbucon.exe"="C:\Program Files\CoD RconTool\Profiles\Standard\Chat\pbucon.exe:*:Enabled:pbucon"
"C:\Program Files\CoD RconTool\Profiles\Grim\Chat\pbucon.exe"="C:\Program Files\CoD RconTool\Profiles\Grim\Chat\pbucon.exe:*:Enabled:pbucon"
"C:\Program Files\Sierra\SWAT 4\Content\System\Swat4.exe"="C:\Program Files\Sierra\SWAT 4\Content\System\Swat4.exe:*:Enabled:SWAT 4"
"C:\Documents and Settings\Administrator.HOME-E49B02E65C\Local Settings\Application Data\Dyyno Receiver\DPPM.exe"="C:\Documents and Settings\Administrator.HOME-E49B02E65C\Local Settings\Application Data\Dyyno Receiver\DPPM.exe:*:Enabled:dppmmain Application"
"C:\Program Files\CoD RconTool\CoD RconTool.exe"="C:\Program Files\CoD RconTool\CoD RconTool.exe:*:Enabled:CoD RconTool"
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\occ.exe"="C:\occ.exe:*:Enabled:OneCC Module"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe"="C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2"
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe"="C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2 Update"
"C:\Program Files\Atari\ArmA\arma.exe"="C:\Program Files\Atari\ArmA\arma.exe:*:Enabled:ArmA"
"C:\Program Files\Silkroad\sro_client.exe"="C:\Program Files\Silkroad\sro_client.exe:*:Enabled:sro_client"
"C:\Program Files\cSilkroad\sro_client.exe"="C:\Program Files\cSilkroad\sro_client.exe:*:Enabled:sro_client"
"C:\Program Files\ECSRO\SilkErrSender.exe"="C:\Program Files\ECSRO\SilkErrSender.exe:*:Enabled:FTPSender MFC ?? ????"
"C:\Documents and Settings\Administrator.HOME-E49B02E65C\Desktop\SRO JUNK\Sro Emu\Sremuv81.exe"="C:\Documents and Settings\Administrator.HOME-E49B02E65C\Desktop\SRO JUNK\Sro Emu\Sremuv81.exe:*:Enabled:Sremuv81"
"C:\Program Files\Atari\ArmA\beta\arma.exe"="C:\Program Files\Atari\ArmA\beta\arma.exe:*:Enabled:ArmA"
"C:\Program Files\Atari\ArmA\beta\arma_server.exe"="C:\Program Files\Atari\ArmA\beta\arma_server.exe:*:Enabled:ArmA"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Winmx\WinMX.exe"="C:\Program Files\Winmx\WinMX.exe:*:Enabled:WinMX Application"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Atari1\ArmA\beta\arma.exe"="C:\Program Files\Atari1\ArmA\beta\arma.exe:*:Disabled:ArmA"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War™ "
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War™ "
"C:\Program Files\Atari1\ArmA\arma.exe"="C:\Program Files\Atari1\ArmA\arma.exe:*:Enabled:ArmA"
"C:\Documents and Settings\Administrator.HOME-E49B02E65C\Desktop\SRO JUNK\Silkroad Emulator Pack\Sro Emu\Sremuv81.exe"="C:\Documents and Settings\Administrator.HOME-E49B02E65C\Desktop\SRO JUNK\Silkroad Emulator Pack\Sro Emu\Sremuv81.exe:*:Enabled:Sremuv81"
"C:\Documents and Settings\Administrator.HOME-E49B02E65C\Desktop\SRO JUNK\emu\Sro Emu\Sremuv81.exe"="C:\Documents and Settings\Administrator.HOME-E49B02E65C\Desktop\SRO JUNK\emu\Sro Emu\Sremuv81.exe:*:Enabled:Sremuv81"
"C:\Program Files\USArmy\America's Army 2\System\ArmyOps.exe"="C:\Program Files\USArmy\America's Army 2\System\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Teamspeak2_RC2-2\server_windows.exe"="C:\Program Files\Teamspeak2_RC2-2\server_windows.exe:*:Enabled:Server"
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2"
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe"="C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe"="C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company™ 2"
"C:\Program Files\CoD RconTool10\Profiles\trcv\Chat\pbucon.exe"="C:\Program Files\CoD RconTool10\Profiles\trcv\Chat\pbucon.exe:*:Enabled:pbucon"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "
"C:\Program Files\CoD RconTool10\CoD RconTool.exe"="C:\Program Files\CoD RconTool10\CoD RconTool.exe:*:Enabled:CoD RconTool"
"C:\Program Files\BYOND\bin\byond.exe"="C:\Program Files\BYOND\bin\byond.exe:*:Enabled:byond"
"C:\Program Files\BYOND\bin\dreamseeker.exe"="C:\Program Files\BYOND\bin\dreamseeker.exe:*:Enabled:Dream Seeker"
"C:\Program Files\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe"="C:\Program Files\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe:*:Enabled:America's Army 3"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\BYOND\bin\dreamdaemon.exe"="C:\Program Files\BYOND\bin\dreamdaemon.exe:*:Enabled:dreamdaemon"
"C:\Program Files\Bohemia Interactive\ArmA 2 Operation Arrowhead\arma2OA.exe"="C:\Program Files\Bohemia Interactive\ArmA 2 Operation Arrowhead\arma2OA.exe:*:Enabled:ArmA 2 Operation Arrowhead"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Administrator.HOME-E49B02E65C\Desktop\zazc\ZSZCPotter.exe"="C:\Documents and Settings\Administrator.HOME-E49B02E65C\Desktop\zazc\ZSZCPotter.exe:*:Enabled:ZSZC Servers"
"C:\WINDOWS1\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS1\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon"
"C:\Program Files\iolo\System Mechanic Professional\SysMech.exe"="C:\Program Files\iolo\System Mechanic Professional\SysMech.exe:*:Enabled:iolo System Shield®"
"C:\Program Files\Steam\steamapps\common\call of duty black ops\BlackOpsMP.exe"="C:\Program Files\Steam\steamapps\common\call of duty black ops\BlackOpsMP.exe:*:Enabled:Call of Duty: Black Ops - Multiplayer"
"C:\Program Files\Steam\steamapps\common\call of duty black ops\BlackOps.exe"="C:\Program Files\Steam\steamapps\common\call of duty black ops\BlackOps.exe:*:Enabled:Call of Duty: Black Ops"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

======File associations======

.js - open - NOTEPAD.EXE %1
.reg - open - NOTEPAD.EXE %1
.scr - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2010-11-20 13:30:28 ----A---- C:\WINDOWS1\system32\smrgdf.txt
2010-11-20 13:30:10 ----SHD---- C:\RECYCLER
2010-11-20 12:27:09 ----A---- C:\ComboFix.txt
2010-11-20 10:52:35 ----A---- C:\WINDOWS1\system32\iolo.ini
2010-11-20 10:39:46 ----RASHD---- C:\cmdcons
2010-11-20 10:37:39 ----A---- C:\WINDOWS1\NIRCMD.exe
2010-11-20 10:37:39 ----A---- C:\WINDOWS1\MBR.exe
2010-11-20 10:37:37 ----A---- C:\WINDOWS1\zip.exe
2010-11-20 10:37:37 ----A---- C:\WINDOWS1\SWXCACLS.exe
2010-11-20 10:37:37 ----A---- C:\WINDOWS1\SWSC.exe
2010-11-20 10:37:37 ----A---- C:\WINDOWS1\SWREG.exe
2010-11-20 10:37:37 ----A---- C:\WINDOWS1\sed.exe
2010-11-20 10:37:37 ----A---- C:\WINDOWS1\PEV.exe
2010-11-20 10:37:37 ----A---- C:\WINDOWS1\grep.exe
2010-11-20 10:37:25 ----D---- C:\WINDOWS1\ERDNT
2010-11-20 10:35:52 ----D---- C:\Qoobox
2010-11-19 23:26:34 ----D---- C:\Documents and Settings\All Users.WINDOWS1\Application Data\SUPERAntiSpyware.com
2010-11-19 23:26:34 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\SUPERAntiSpyware.com
2010-11-19 23:26:15 ----D---- C:\Program Files\SUPERAntiSpyware
2010-11-17 19:48:04 ----D---- C:\rsit
2010-11-17 19:48:04 ----D---- C:\Program Files\trend micro
2010-11-16 21:22:17 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\Malwarebytes
2010-11-16 21:22:02 ----A---- C:\WINDOWS1\system32\drivers\mbamswissarmy.sys
2010-11-16 21:22:00 ----D---- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Malwarebytes
2010-11-16 21:21:59 ----A---- C:\WINDOWS1\system32\drivers\mbam.sys
2010-11-16 21:21:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-16 09:22:34 ----HDC---- C:\WINDOWS1\$NtUninstallKB932823-v3$
2010-11-16 08:20:32 ----D---- C:\Program Files\ESET
2010-11-14 17:03:27 ----D---- C:\Documents and Settings\All Users.WINDOWS1\Application Data\IObit
2010-11-13 17:02:34 ----D---- C:\Program Files\Common Files\Akamai
2010-11-13 15:46:06 ----A---- C:\EventLOG.txt
2010-11-13 12:13:05 ----A---- C:\WINDOWS1\system32\iolo.ini.txt
2010-11-13 12:09:23 ----A---- C:\WINDOWS1\system32\Incinerator.dll
2010-11-13 12:09:23 ----A---- C:\WINDOWS1\system32\IncContxMenu.dll
2010-11-13 12:09:22 ----A---- C:\WINDOWS1\system32\drivers\filedisk.sys
2010-11-13 12:09:19 ----A---- C:\WINDOWS1\system32\smrgdf.exe
2010-11-13 12:09:19 ----A---- C:\WINDOWS1\system32\iolobtdfg.exe
2010-11-13 12:09:17 ----D---- C:\Program Files\iolo
2010-11-12 20:50:13 ----A---- C:\WINDOWS1\system32\XAudio2_7.dll
2010-11-12 20:50:13 ----A---- C:\WINDOWS1\system32\XAPOFX1_5.dll
2010-11-12 20:50:13 ----A---- C:\WINDOWS1\system32\xactengine3_7.dll
2010-11-12 20:50:12 ----A---- C:\WINDOWS1\system32\d3dx11_43.dll
2010-11-12 20:50:12 ----A---- C:\WINDOWS1\system32\d3dx10_43.dll
2010-11-12 20:50:12 ----A---- C:\WINDOWS1\system32\d3dcsx_43.dll
2010-11-12 20:50:12 ----A---- C:\WINDOWS1\system32\D3DCompiler_43.dll
2010-11-12 20:50:11 ----A---- C:\WINDOWS1\system32\D3DX9_43.dll
2010-11-12 20:37:42 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\CheckPoint
2010-11-12 20:37:12 ----D---- C:\Program Files\ZoneAlarm_Security
2010-11-12 20:36:56 ----D---- C:\Program Files\CheckPoint
2010-11-12 20:36:53 ----A---- C:\WINDOWS1\system32\vsregexp.dll
2010-11-12 20:36:52 ----A---- C:\WINDOWS1\system32\zlcommdb.dll
2010-11-12 20:36:52 ----A---- C:\WINDOWS1\system32\zlcomm.dll
2010-11-12 20:36:45 ----A---- C:\WINDOWS1\system32\vswmi.dll
2010-11-12 20:36:43 ----D---- C:\WINDOWS1\system32\ZoneLabs
2010-11-12 20:36:43 ----A---- C:\WINDOWS1\system32\zpeng25.dll
2010-11-12 20:36:43 ----A---- C:\WINDOWS1\system32\vsxml.dll
2010-11-12 20:36:43 ----A---- C:\WINDOWS1\system32\vspubapi.dll
2010-11-12 20:36:43 ----A---- C:\WINDOWS1\system32\vsmonapi.dll
2010-11-12 20:36:42 ----A---- C:\WINDOWS1\system32\vsdatant.sys
2010-11-12 20:36:09 ----A---- C:\WINDOWS1\system32\vsutil.dll
2010-11-12 20:36:09 ----A---- C:\WINDOWS1\system32\vsinit.dll
2010-11-12 20:36:09 ----A---- C:\WINDOWS1\system32\vsdata.dll
2010-11-12 20:31:42 ----HDC---- C:\WINDOWS1\$NtUninstallKB943232$
2010-11-12 20:30:02 ----D---- C:\a7fbe5fcf22cc73a53527059f847500a
2010-11-12 20:30:01 ----D---- C:\Program Files\Zone Labs
2010-11-12 20:29:50 ----D---- C:\WINDOWS1\Internet Logs
2010-11-12 19:36:57 ----A---- C:\WINDOWS1\is-D0F8S.exe
2010-11-12 19:31:33 ----D---- C:\Program Files\Common Files\Authentium
2010-11-12 19:31:28 ----A---- C:\WINDOWS1\system32\iavlsp.dll
2010-11-11 23:32:16 ----D---- C:\iolo
2010-11-11 22:27:46 ----A---- C:\WINDOWS1\system32\mfc45.dll
2010-11-11 22:27:45 ----D---- C:\Documents and Settings\All Users.WINDOWS1\Application Data\iolo
2010-11-11 22:27:45 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\iolo
2010-11-11 21:57:53 ----D---- C:\WINDOWS1\system32\CatRoot_bak
2010-11-11 21:57:40 ----D---- C:\Program Files\Common Files\Skype
2010-11-11 21:23:10 ----A---- C:\WINDOWS1\ntbtlog.txt
2010-11-11 21:19:37 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-11-11 21:19:37 ----D---- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Spybot - Search & Destroy
2010-11-11 21:10:37 ----D---- C:\fc7ff18dfe20c4d5d37e000928
2010-11-11 20:17:07 ----RD---- C:\Program Files\Skype
2010-11-11 10:12:15 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\ComodoGroup
2010-11-11 09:49:16 ----N---- C:\WINDOWS1\system32\drivers\NVXBAR.SYS
2010-11-11 01:07:35 ----A---- C:\WINDOWS1\HideWin.exe
2010-11-10 22:57:23 ----N---- C:\WINDOWS1\system32\drivers\NVCAP.SYS
2010-11-10 22:53:03 ----D---- C:\WINDOWS1\nview
2010-11-10 22:17:43 ----D---- C:\WINDOWS1\Prefetch
2010-11-10 22:11:08 ----RAH---- C:\WINDOWS1\system32\logonui.exe.manifest
2010-11-10 22:02:44 ----A---- C:\WINDOWS1\pnplog.txt
2010-11-10 21:54:24 ----A---- C:\WINDOWS1\system32\spxcoins.dll
2010-11-10 21:54:24 ----A---- C:\WINDOWS1\system32\irclass.dll
2010-11-10 21:54:08 ----RA---- C:\WINDOWS1\SETD2.tmp
2010-11-10 21:54:05 ----RA---- C:\WINDOWS1\SETC6.tmp
2010-11-10 21:54:03 ----RA---- C:\WINDOWS1\SETC3.tmp
2010-11-10 21:52:29 ----A---- C:\WINDOWS1\setuplog.txt
2010-11-10 16:14:01 ----A---- C:\WINDOWS1\system32\234.js
2010-11-10 15:44:33 ----ASH---- C:\pagefile.sys
2010-11-09 22:18:18 ----A---- C:\loader.ini
2010-10-25 21:43:25 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\vlc
2010-10-25 21:37:01 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\MozillaControl
2010-10-25 21:36:38 ----D---- C:\Program Files\Mozilla ActiveX Control v1.7.12
2010-10-25 21:35:16 ----D---- C:\Program Files\Graboid
2010-10-25 21:31:00 ----A---- C:\WINDOWS1\cdplayer.ini
2010-10-25 21:30:23 ----A---- C:\WINDOWS1\system32\rmoc3260.dll
2010-10-25 21:30:19 ----A---- C:\WINDOWS1\system32\pndx5032.dll
2010-10-25 21:30:19 ----A---- C:\WINDOWS1\system32\pndx5016.dll
2010-10-25 21:30:14 ----D---- C:\Program Files\Common Files\xing shared
2010-10-25 21:30:01 ----D---- C:\Program Files\Real
2010-10-25 21:30:01 ----A---- C:\WINDOWS1\system32\pncrt.dll
2010-10-25 21:30:00 ----D---- C:\Program Files\Common Files\Real
2010-10-25 21:30:00 ----D---- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Real
2010-10-25 21:29:59 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\Real
2010-10-25 18:16:19 ----D---- C:\WINDOWS1\pss
2010-10-24 13:37:57 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\HandBrake
2010-10-24 13:37:51 ----D---- C:\Program Files\Handbrake
2010-10-24 13:24:40 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\InfraRecorder

======List of files/folders modified in the last 1 months======

2010-11-20 16:56:08 ----A---- C:\WINDOWS1\DFC.INI
2010-11-20 16:52:25 ----D---- C:\WINDOWS1\Temp
2010-11-20 13:33:16 ----D---- C:\WINDOWS1\Minidump
2010-11-20 13:33:06 ----D---- C:\WINDOWS1\system32\config
2010-11-20 13:30:28 ----D---- C:\WINDOWS1\system32
2010-11-20 12:38:47 ----D---- C:\WINDOWS1\system32\drivers\etc
2010-11-20 12:27:12 ----D---- C:\WINDOWS1\system32\drivers
2010-11-20 12:26:16 ----SD---- C:\WINDOWS1\Tasks
2010-11-20 12:21:47 ----D---- C:\WINDOWS1
2010-11-20 12:21:46 ----A---- C:\WINDOWS1\system.ini
2010-11-20 11:14:20 ----D---- C:\WINDOWS1\system32\ias
2010-11-20 11:14:19 ----A---- C:\WINDOWS1\ModemLog_Communications cable between two computers.txt
2010-11-20 11:13:41 ----D---- C:\WINDOWS1\system32\CatRoot2
2010-11-20 10:58:59 ----D---- C:\WINDOWS1\AppPatch
2010-11-20 10:58:54 ----D---- C:\Program Files\Common Files
2010-11-20 10:53:08 ----A---- C:\WINDOWS1\SchedLgU.Txt
2010-11-20 10:43:45 ----HD---- C:\WINDOWS1\inf
2010-11-20 10:40:00 ----RASH---- C:\boot.ini
2010-11-20 01:45:08 ----D---- C:\Program Files\cSilkroad
2010-11-19 23:26:15 ----RD---- C:\Program Files
2010-11-19 20:24:03 ----D---- C:\Program Files\ECSRO
2010-11-19 19:25:09 ----D---- C:\Program Files\Steam
2010-11-17 09:43:09 ----D---- C:\WINDOWS1\Microsoft.NET
2010-11-16 22:43:57 ----HD---- C:\WINDOWS1\$NtUninstallKB932168$
2010-11-16 09:27:55 ----RSHDC---- C:\WINDOWS1\system32\dllcache
2010-11-16 09:23:04 ----D---- C:\WINDOWS1\system32\CatRoot
2010-11-16 09:22:03 ----HD---- C:\WINDOWS1\$hf_mig$
2010-11-16 01:35:35 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\uTorrent
2010-11-16 01:35:29 ----D---- C:\Program Files\Mozilla Firefox
2010-11-16 01:35:28 ----D---- C:\Program Files\Xfire
2010-11-16 01:35:28 ----D---- C:\Program Files\WinRAR
2010-11-16 01:35:27 ----SHD---- C:\WINDOWS1\Installer
2010-11-16 01:35:27 ----D---- C:\WINDOWS1\Logs
2010-11-16 01:35:27 ----D---- C:\WINDOWS1\Debug
2010-11-16 01:35:27 ----D---- C:\TempEI4
2010-11-16 01:35:26 ----D---- C:\WINDOWS1\system32\NtmsData
2010-11-14 17:03:28 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\IObit
2010-11-14 17:03:24 ----D---- C:\Program Files\IObit
2010-11-14 16:46:24 ----SD---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\Microsoft
2010-11-14 16:46:23 ----D---- C:\Config.Msi
2010-11-14 16:43:31 ----D---- C:\Program Files\xchat
2010-11-13 18:58:16 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\Skype
2010-11-13 16:43:29 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\skypePM
2010-11-12 20:50:14 ----D---- C:\WINDOWS1\system32\DirectX
2010-11-12 20:49:44 ----RSD---- C:\WINDOWS1\assembly
2010-11-12 20:48:56 ----D---- C:\WINDOWS1\WinSxS
2010-11-11 23:48:16 ----A---- C:\WINDOWS1\system32\PnkBstrB.exe
2010-11-11 22:35:28 ----RD---- C:\WINDOWS1\Offline Web Pages
2010-11-11 22:33:39 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-11-11 22:16:59 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\Mozilla
2010-11-11 21:57:38 ----D---- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Skype
2010-11-11 21:57:37 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-11 21:57:35 ----D---- C:\WINDOWS1\repair
2010-11-11 21:57:35 ----D---- C:\Program Files\Silkroademu
2010-11-11 21:57:32 ----D---- C:\WINDOWS1\system32\ReinstallBackups
2010-11-11 21:57:27 ----D---- C:\Program Files\Realtek
2010-11-11 21:57:23 ----D---- C:\Documents and Settings
2010-11-11 21:57:22 ----D---- C:\Program Files\VDOTool
2010-11-11 10:48:24 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\TeamViewer
2010-11-11 10:48:22 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\X-Chat 2
2010-11-11 10:48:20 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\LimeWire
2010-11-11 03:17:18 ----SHD---- C:\System Volume Information
2010-11-11 01:55:03 ----D---- C:\WINDOWS1\Registration
2010-11-11 01:16:37 ----D---- C:\WINDOWS1\system32\RTCOM
2010-11-10 22:57:48 ----D---- C:\WINDOWS1\security
2010-11-10 22:53:34 ----D---- C:\WINDOWS1\Help
2010-11-10 22:22:22 ----D---- C:\WINDOWS1\system32\Restore
2010-11-10 22:20:21 ----A---- C:\WINDOWS1\system32\PerfStringBackup.INI
2010-11-10 22:16:52 ----D---- C:\WINDOWS1\system32\inetsrv
2010-11-10 22:16:52 ----D---- C:\Program Files\NVIDIA Corporation
2010-11-10 22:12:10 ----AC---- C:\WINDOWS1\OEWABLog.txt
2010-11-10 22:12:04 ----AC---- C:\WINDOWS1\ODBCINST.INI
2010-11-10 22:11:38 ----ASH---- C:\WINDOWS1\fonts\desktop.ini
2010-11-10 22:11:10 ----RD---- C:\WINDOWS1\Web
2010-11-10 22:11:03 ----RAHC---- C:\WINDOWS1\system32\cdplayer.exe.manifest
2010-11-10 22:10:52 ----A---- C:\WINDOWS1\win.ini
2010-11-10 22:10:48 ----D---- C:\WINDOWS1\system32\oobe
2010-11-10 22:10:46 ----D---- C:\WINDOWS1\srchasst
2010-11-10 22:10:43 ----D---- C:\Program Files\Windows Media Player
2010-11-10 22:10:36 ----D---- C:\Program Files\Movie Maker
2010-11-10 22:10:26 ----D---- C:\Program Files\NetMeeting
2010-11-10 22:10:22 ----D---- C:\Program Files\Outlook Express
2010-11-10 22:10:22 ----D---- C:\Program Files\Common Files\System
2010-11-10 22:10:08 ----D---- C:\Program Files\Internet Explorer
2010-11-10 22:09:28 ----D---- C:\WINDOWS1\system32\Com
2010-11-10 22:09:03 ----D---- C:\WINDOWS1\system32\wbem
2010-11-10 22:09:00 ----D---- C:\Program Files\Windows NT
2010-11-10 22:00:19 ----D---- C:\Documents and Settings\All Users.WINDOWS1\Application Data\NVIDIA Corporation
2010-11-10 21:59:31 ----HDC---- C:\WINDOWS1\$MSI31Uninstall_KB893803v2$
2010-11-10 21:54:23 ----D---- C:\WINDOWS1\system
2010-11-10 21:54:14 ----ASH---- C:\Documents and Settings\All Users.WINDOWS1\Application Data\desktop.ini
2010-11-10 15:50:32 ----D---- C:\WINDOWS1\system32\Setup
2010-11-10 15:50:24 ----D---- C:\WINDOWS1\system32\usmt
2010-11-10 15:50:09 ----D---- C:\WINDOWS1\mui
2010-11-10 15:50:09 ----D---- C:\WINDOWS1\ehome
2010-11-10 15:50:08 ----D---- C:\WINDOWS1\ime
2010-11-10 15:50:07 ----RSD---- C:\WINDOWS1\Fonts
2010-11-10 15:50:06 ----D---- C:\WINDOWS1\Media
2010-11-10 15:49:56 ----D---- C:\WINDOWS1\PeerNet
2010-11-10 15:49:43 ----D---- C:\WINDOWS1\system32\npp
2010-11-10 15:49:36 ----D---- C:\WINDOWS1\msagent
2010-11-10 15:46:46 ----D---- C:\WINDOWS1\twain_32
2010-11-10 15:46:06 ----D---- C:\WINDOWS1\system32\icsxml
2010-11-10 15:45:30 ----D---- C:\WINDOWS1\system32\1033
2010-11-10 15:44:33 ----D---- C:\WINDOWS1\Driver Cache
2010-11-09 22:05:41 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\Xfire
2010-11-09 17:48:12 ----D---- C:\Program Files\TeamSpeak 3 Client
2010-11-05 21:48:16 ----D---- C:\Program Files\Silkroad
2010-10-28 10:46:00 ----A---- C:\WINDOWS1\RtlExUpd.dll
2010-10-26 16:42:17 ----D---- C:\Program Files\Microsoft Silverlight
2010-10-25 21:30:01 ----A---- C:\WINDOWS1\system32\msvcr71.dll
2010-10-25 21:30:01 ----A---- C:\WINDOWS1\system32\msvcp71.dll
2010-10-25 18:32:12 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\TS3Client
2010-10-24 13:31:29 ----D---- C:\Documents and Settings\Administrator.HOME-E49B02E65C\Application Data\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS1\System32\Drivers\PxHelp20.sys [2010-08-11 45648]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS1\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 FileDisk;FileDisk; C:\WINDOWS1\system32\drivers\FileDisk.sys [2010-06-29 9341]
R1 intelppm;Intel Processor Driver; C:\WINDOWS1\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS1\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 SCDEmu;SCDEmu; C:\WINDOWS1\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R1 vsdatant;vsdatant; C:\WINDOWS1\System32\vsdatant.sys [2010-05-13 532224]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS1\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AMP;AMP; C:\WINDOWS1\system32\DRIVERS\amp.sys [2010-01-19 127016]
R2 AMPSE;AMPSE; C:\WINDOWS1\system32\DRIVERS\ampse.sys [2010-01-19 1118248]
R2 cpuz132;cpuz132; \??\C:\WINDOWS1\system32\drivers\cpuz132_x32.sys []
R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []
R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS1\system32\DRIVERS\nvcap.sys [2008-01-09 141246]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS1\system32\DRIVERS\NVxbar.sys [2008-01-09 16176]
R2 TBPanel;TBPanel; C:\WINDOWS1\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1.HOM\LOCALS~1\Temp\catchme.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS1\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS1\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS1\system32\drivers\RtkHDAud.sys [2009-02-17 5026816]
R3 mouhid;Mouse HID Driver; C:\WINDOWS1\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 nv;nv; C:\WINDOWS1\system32\DRIVERS\nv4_mini.sys [2008-01-09 7077344]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS1\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS1\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS1\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS1\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S0 CFRMD;CFRMD; C:\WINDOWS1\System32\drivers\CFRMD.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS1\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 Cardex;Cardex; \??\C:\WINDOWS1\system32\drivers\TBPANEL.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS1\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cimo;cimo; \??\C:\WINDOWS1\system32\drivers\cimo.ahc []
S3 cpuz129;cpuz129; \??\C:\Program Files\PC Wizard 2008\pcwiz32.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS1\system32\drivers\EagleNT.sys []
S3 ialm;ialm; C:\WINDOWS1\system32\DRIVERS\igxpmp32.sys [2007-07-11 5761728]
S3 kwtdqfow;kwtdqfow; \??\C:\DOCUME~1\ADMINI~1.HOM\LOCALS~1\Temp\kwtdqfow.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\ADMINI~1.HOM\LOCALS~1\Temp\mbr.sys []
S3 Monfilt;Monfilt; C:\WINDOWS1\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS1\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS1\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS1\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 SaiMini;SaiMini; C:\WINDOWS1\system32\DRIVERS\SaiMini.sys [2007-10-05 14080]
S3 SaiNtBus;SaiNtBus; C:\WINDOWS1\system32\drivers\SaiBus.sys [2007-10-05 35200]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS1\system32\drivers\ScreamingBAudio.sys [2009-12-01 34384]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS1\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS1\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS1\system32\DRIVERS\TVICHW32.SYS []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS1\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS1\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS1\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 WpdUsb;WpdUsb; C:\WINDOWS1\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS1\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS1\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\WINDOWS1\System32\svchost.exe [2004-08-04 14336]
R2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [2010-10-12 724152]
R2 ioloSystemService;iolo System Service; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [2010-10-12 724152]
R2 IS360service;IS360service; C:\Program Files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
R2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2010-09-02 493048]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS1\system32\nvsvc32.exe [2008-01-09 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS1\system32\PnkBstrA.exe [2010-06-19 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS1\system32\PnkBstrB.exe [2010-11-11 215152]
R2 vseamps;vseamps; C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [2010-01-19 121384]
R2 vsedsps;vsedsps; C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2010-01-19 117288]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS1\system32\svchost.exe [2004-08-04 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS1\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS1\system32\ZoneLabs\vsmon.exe [2010-09-02 2435592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS1\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS1\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS1\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS1\system32\wdfmgr.exe [2005-01-28 38912]
S3 vseqrts;vseqrts; C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2010-01-19 158248]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS1\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS1\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS1\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:46 AM

Posted 26 November 2010 - 11:38 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply



Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

In your next post I need the following

1.logs from DDS
2.log from RKUnHooker
3.let me know of any problems you may have had
[/list]
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:46 AM

Posted 29 November 2010 - 11:27 PM

Hello

three day bump

It has been Three days since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:46 AM

Posted 03 December 2010 - 08:47 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users